Thanks to all the people who donated and ensured the continued development of this software! If you want to donate and keep this software alive, please have a look at the About-Tab. Thanks in advance! USEC Radix V1, 0, 0, 9 [2009/08/27] at your service. ---- Check started at 6.4.2010 20:22:21 ---- Running on: Microsoft Windows NT 5.1 Build 2600 Service Pack 3 Number of Processors: 2, Active Processor Mask: 00000003 Processor: Intel Level 15 Revision 6B01 Allocation granularity: 00010000, Page granularity: 00001000 Application space: 00010000-7FFEFFFF [X] Filter common false alarms. 20:22:21 - Performing check: "Hidden files": This check can take some time depending on your harddisk size. You can interrupt it with the ESC key. 20:23:59 - Performing check: "Alternate Data Streams": This check can take some time depending on your harddisk size. You can interrupt it with the ESC key. [*] C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Beispielbilder\Thumbs.db:encryptable:$DATA [-] Opening stream failed: Zugriff verweigert [*] C:\Dokumente und Einstellungen\Besitzer\Desktop\games\Thumbs.db:encryptable:$DATA [-] Opening stream failed: Zugriff verweigert [*] C:\Dokumente und Einstellungen\Besitzer\Desktop\Thumbs.db:encryptable:$DATA [-] Opening stream failed: Zugriff verweigert [-] Error scanning file C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\E-Mail_ : 0x05::0x06: Das System kann die angegebene Datei nicht finden. [*] C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Eigene Bilder\Thumbs.db:encryptable:$DATA [-] Opening stream failed: Zugriff verweigert [*] C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Eigene Musik\Rock\Sportfreunde Stiller\Thumbs.db:encryptable:$DATA [-] Opening stream failed: Zugriff verweigert [*] C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Eigene Musik\Rock\Sportfreunde Stiller II\Thumbs.db:encryptable:$DATA [-] Opening stream failed: Zugriff verweigert [*] C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Eigene Musik\Rock\Static X\Thumbs.db:encryptable:$DATA [-] Opening stream failed: Zugriff verweigert [*] C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Eigene Musik\Rock\Thumbs.db:encryptable:$DATA [-] Opening stream failed: Zugriff verweigert [*] C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Thumbs.db:encryptable:$DATA [-] Opening stream failed: Zugriff verweigert [*] C:\Downloads\Directlinks\High.Tension.German.2003.FULL.UNCUT.DVDRiP.XviD.iNTERNAL-ChIP\Thumbs.db:encryptable:$DATA [-] Opening stream failed: Zugriff verweigert [-] Error scanning file C:\pagefile.sys: 0x05::0x06: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. [*] C:\Programme\ICQ6.5\Packages\kolobok\Emoticons\Kolobok\Thumbs.db:encryptable:$DATA [-] Opening stream failed: Zugriff verweigert 11 streams found. 20:25:19 - Performing check: "Hidden Registry entries": --------------------[HKEY_LOCAL_MACHINE\HARDWARE ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_LOCAL_MACHINE\SAM ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SAM\SAM: Zugriff verweigert DONE. ------------------------------------------------------------------------------- --------------------[HKEY_LOCAL_MACHINE\SECURITY ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SECURITY: Zugriff verweigert DONE. ------------------------------------------------------------------------------- --------------------[HKEY_LOCAL_MACHINE\SOFTWARE ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Remote Desktop\Pending Help Session: Zugriff verweigert DONE. ------------------------------------------------------------------------------- --------------------[HKEY_LOCAL_MACHINE\SYSTEM ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV\EncryptedDirectories: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MRxDAV\EncryptedDirectories: Zugriff verweigert [-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg: Zugriff verweigert DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\.DEFAULT ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-19 ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-19_Classes ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-20 ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-20_Classes ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-21-1177238915-1202660629-682003330-1003]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...[-] Unable to open key: HKEY_USERS\S-1-5-21-1177238915-1202660629-682003330-1003\Software\Microsoft\Protected Storage System Provider\S-1-5-21-1177238915-1202660629-682003330-1003: Zugriff verweigert DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-21-1177238915-1202660629-682003330-1003_Classes]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- --------------------[HKEY_USERS\S-1-5-18 ]------------------- WARNING: Dumping the registry can take quite some time! Be assured that the app doesn't hang while dumping! Dumping...OK. Scanning...DONE. ------------------------------------------------------------------------------- 20:51:6 - Performing check: "Hidden processes": (01) PID: 0 [00000000] (Idle) (53) PID: 4 [89E407F8] (System) (191) PID: 196 [888903C8] (avguard.exe) (175) PID: 260 [89588788] (spoolsv.exe) (175) PID: 368 [89572788] (sched.exe) (191) PID: 384 [898E0B28] (hamachi-2.exe) (191) PID: 544 [89550670] (explorer.exe) (175) PID: 556 [89555788] (svchost.exe) (07) PID: 660 [8929E6E8] (smss.exe) (191) PID: 724 [892986E8] (csrss.exe) (191) PID: 752 [892976E8] (winlogon.exe) (191) PID: 796 [892906E8] (services.exe) (191) PID: 808 [89D5E780] (lsass.exe) (175) PID: 940 [8952B670] (rundll32.exe) (175) PID: 992 [89628788] (ati2evxx.exe) (191) PID: 1012 [89623788] (svchost.exe) (175) PID: 1088 [89614788] (svchost.exe) (191) PID: 1128 [89549670] (avgnt.exe) (191) PID: 1176 [894D6788] (cfp.exe) (191) PID: 1188 [894B6788] (ICQ.exe) (191) PID: 1212 [887E78A8] (firefox.exe) (175) PID: 1304 [88849DA0] (wdfmgr.exe) (191) PID: 1444 [895FB788] (cmdagent.exe) (191) PID: 1468 [895F5788] (svchost.exe) (191) PID: 1560 [895E8788] (svchost.exe) (175) PID: 1812 [88894020] (InCDsrv.exe) (191) PID: 1828 [895BA788] (svchost.exe) (175) PID: 1868 [8888F2C0] (avshadow.exe) (191) PID: 1884 [895B1788] (AAWService.exe) (191) PID: 1936 [895A4788] (ati2evxx.exe) (191) PID: 2400 [885678A8] (Steam.exe) (175) PID: 2928 [88788BC8] (unsecapp.exe) (175) PID: 3040 [8883F898] (wuauclt.exe) (175) PID: 3412 [89D19020] (AAWTray.exe) (191) PID: 3516 [887DB9E0] (alg.exe) (175) PID: 3536 [89D15780] (wscntfy.exe) (171) PID: 3636 [886E1020] (radixgui.exe) (175) PID: 3792 [887972B0] (wmiprvse.exe) 20:51:8 - Performing check: "Selftest": Doing a short selftest... -> Checking IAT PID 3636 - C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\radix_installer1009(2)\radixgui.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) [+] Patching code of LdrGetProcedureAddress at 7C927EA8 7C927EA8: Patching E9 -> 8B 7C927EA9: Patching 63 -> FF 7C927EAA: Patching DD -> 55 7C927EAB: Patching 6F -> 8B 7C927EAC: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of LdrLoadDll at 7C9263C3 7C9263C3: Patching E9 -> 68 7C9263C4: Patching 68 -> 6C 7C9263C5: Patching D0 -> 02 7C9263C6: Patching 6F -> 00 7C9263C7: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of LdrUnloadDll at 7C92738B 7C92738B: Patching E9 -> 68 7C92738C: Patching B0 -> C4 7C92738D: Patching 5B -> 00 7C92738E: Patching 6F -> 00 7C92738F: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtAllocateVirtualMemory at 7C91CF6E 7C91CF6E: Patching E9 -> B8 7C91CF6F: Patching 1D -> 11 7C91CF70: Patching 8D -> 00 7C91CF71: Patching 70 -> 00 7C91CF72: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtClose at 7C91CFEE 7C91CFEE: Patching E9 -> B8 7C91CFEF: Patching 2D -> 19 7C91CFF0: Patching FE -> 00 7C91CFF1: Patching 6F -> 00 7C91CFF2: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtCreateFile at 7C91D0AE 7C91D0AE: Patching E9 -> B8 7C91D0AF: Patching 5D -> 25 7C91D0B0: Patching 8C -> 00 7C91D0B1: Patching 70 -> 00 7C91D0B2: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtCreateProcess at 7C91D14E 7C91D14E: Patching E9 -> B8 7C91D14F: Patching 5D -> 2F 7C91D150: Patching 8C -> 00 7C91D151: Patching 70 -> 00 7C91D152: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtCreateProcessEx at 7C91D15E 7C91D15E: Patching E9 -> B8 7C91D15F: Patching 2D -> 30 7C91D160: Patching 8C -> 00 7C91D161: Patching 70 -> 00 7C91D162: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtDeleteFile at 7C91D23E 7C91D23E: Patching E9 -> B8 7C91D23F: Patching 8D -> 3E 7C91D240: Patching 8A -> 00 7C91D241: Patching 70 -> 00 7C91D242: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtFreeVirtualMemory at 7C91D38E 7C91D38E: Patching E9 -> B8 7C91D38F: Patching 3D -> 53 7C91D390: Patching 88 -> 00 7C91D391: Patching 70 -> 00 7C91D392: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtLoadDriver at 7C91D46E 7C91D46E: Patching E9 -> B8 7C91D46F: Patching FD -> 61 7C91D470: Patching 87 -> 00 7C91D471: Patching 70 -> 00 7C91D472: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtOpenFile at 7C91D59E 7C91D59E: Patching E9 -> B8 7C91D59F: Patching 4D -> 74 7C91D5A0: Patching 87 -> 00 7C91D5A1: Patching 70 -> 00 7C91D5A2: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtProtectVirtualMemory at 7C91D6EE 7C91D6EE: Patching E9 -> B8 7C91D6EF: Patching BD -> 89 7C91D6F0: Patching 85 -> 00 7C91D6F1: Patching 70 -> 00 7C91D6F2: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtSetInformationProcess at 7C91DC9E 7C91DC9E: Patching E9 -> B8 7C91DC9F: Patching 8D -> E4 7C91DCA0: Patching 7F -> 00 7C91DCA1: Patching 70 -> 00 7C91DCA2: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtUnloadDriver at 7C91DEBE 7C91DEBE: Patching E9 -> B8 7C91DEBF: Patching 8D -> 06 7C91DEC0: Patching 7D -> 01 7C91DEC1: Patching 70 -> 00 7C91DEC2: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of NtWriteVirtualMemory at 7C91DFAE 7C91DFAE: Patching E9 -> B8 7C91DFAF: Patching 7D -> 15 7C91DFB0: Patching 7D -> 01 7C91DFB1: Patching 70 -> 00 7C91DFB2: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of RtlAllocateHeap at 7C9200C4 7C9200C4: Patching E9 -> 68 7C9200C5: Patching 27 -> 04 7C9200C6: Patching 5B -> 02 7C9200C7: Patching 70 -> 00 7C9200C8: Patching 93 -> 00 [+] Wrote patch to process memory. kernel32.dll (7C800000 - 7C908000) [+] Patching code of CopyFileA at 7C8286EE 7C8286EE: Patching E9 -> 8B 7C8286EF: Patching DD -> FF 7C8286F0: Patching D3 -> 55 7C8286F1: Patching 7F -> 8B 7C8286F2: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of CopyFileExA at 7C85F39C 7C85F39C: Patching E9 -> 8B 7C85F39D: Patching EF -> FF 7C85F39E: Patching 66 -> 55 7C85F39F: Patching 7C -> 8B 7C85F3A0: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of CopyFileExW at 7C827B32 7C827B32: Patching E9 -> 6A 7C827B33: Patching 39 -> 14 7C827B34: Patching DF -> 68 7C827B35: Relocating 7C827B88 -> 7C827B88 7C827B35: Patching CCCC937F -> 7C827B88 [+] Wrote patch to process memory. [+] Patching code of CopyFileW at 7C82F87B 7C82F87B: Patching E9 -> 8B 7C82F87C: Patching 30 -> FF 7C82F87D: Patching 62 -> 55 7C82F87E: Patching 7F -> 8B 7C82F87F: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of CreateFileA at 7C801A28 7C801A28: Patching E9 -> 8B 7C801A29: Patching E3 -> FF 7C801A2A: Patching 40 -> 55 7C801A2B: Patching 82 -> 8B 7C801A2C: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of CreateFileW at 7C810800 7C810800: Patching E9 -> 8B 7C810801: Patching EB -> FF 7C810802: Patching 52 -> 55 7C810803: Patching 81 -> 8B 7C810804: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of CreateProcessA at 7C80236B 7C80236B: Patching E9 -> 8B 7C80236C: Patching 00 -> FF 7C80236D: Patching 3A -> 55 7C80236E: Patching 82 -> 8B 7C80236F: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of CreateProcessW at 7C802336 7C802336: Patching E9 -> 8B 7C802337: Patching 15 -> FF 7C802338: Patching 3A -> 55 7C802339: Patching 82 -> 8B 7C80233A: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of DeleteFileA at 7C831EDD 7C831EDD: Patching E9 -> 8B 7C831EDE: Patching AE -> FF 7C831EDF: Patching 3A -> 55 7C831EE0: Patching 7F -> 8B 7C831EE1: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of DeleteFileW at 7C831F63 7C831F63: Patching E9 -> 8B 7C831F64: Patching 08 -> FF 7C831F65: Patching 3A -> 55 7C831F66: Patching 7F -> 8B 7C831F67: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of GetModuleHandleA at 7C80B741 7C80B741: Patching E9 -> 8B 7C80B742: Patching 0A -> FF 7C80B743: Patching A2 -> 55 7C80B744: Patching 81 -> 8B 7C80B745: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of GetModuleHandleW at 7C80E4DD 7C80E4DD: Patching E9 -> 8B 7C80E4DE: Patching 4E -> FF 7C80E4DF: Patching 74 -> 55 7C80E4E0: Patching 81 -> 8B 7C80E4E1: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of GetProcAddress at 7C80AE40 7C80AE40: Patching E9 -> 8B 7C80AE41: Patching 6B -> FF 7C80AE42: Patching AD -> 55 7C80AE43: Patching 81 -> 8B 7C80AE44: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of LoadLibraryA at 7C801D7B 7C801D7B: Patching E9 -> 8B 7C801D7C: Patching 90 -> FF 7C801D7D: Patching 3B -> 55 7C801D7E: Patching 82 -> 8B 7C801D7F: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of LoadLibraryExA at 7C801D53 7C801D53: Patching E9 -> 8B 7C801D54: Patching 18 -> FF 7C801D55: Patching 3E -> 55 7C801D56: Patching 82 -> 8B 7C801D57: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of LoadLibraryExW at 7C801AF5 7C801AF5: Patching E9 -> 6A 7C801AF6: Patching 56 -> 34 7C801AF7: Patching 40 -> 68 7C801AF8: Relocating 7C80E0F8 -> 7C80E0F8 7C801AF8: Patching CCCC9382 -> 7C80E0F8 [+] Wrote patch to process memory. [+] Patching code of LoadLibraryW at 7C80AEEB 7C80AEEB: Patching E9 -> 8B 7C80AEEC: Patching 00 -> FF 7C80AEED: Patching AA -> 55 7C80AEEE: Patching 81 -> 8B 7C80AEEF: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of LoadModule at 7C86261E 7C86261E: Patching E9 -> 68 7C86261F: Patching 6D -> A4 7C862620: Patching 35 -> 00 7C862621: Patching 7C -> 00 7C862622: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of MoveFileA at 7C835EBF 7C835EBF: Patching E9 -> 8B 7C835EC0: Patching 8C -> FF 7C835EC1: Patching FB -> 55 7C835EC2: Patching 7E -> 8B 7C835EC3: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of MoveFileExA at 7C85E49B 7C85E49B: Patching E9 -> 8B 7C85E49C: Patching 70 -> FF 7C85E49D: Patching 75 -> 55 7C85E49E: Patching 7C -> 8B 7C85E49F: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of MoveFileExW at 7C83568B 7C83568B: Patching E9 -> 8B 7C83568C: Patching 60 -> FF 7C83568D: Patching 03 -> 55 7C83568E: Patching 7F -> 8B 7C83568F: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of MoveFileW at 7C821261 7C821261: Patching E9 -> 8B 7C821262: Patching CA -> FF 7C821263: Patching 47 -> 55 7C821264: Patching 80 -> 8B 7C821265: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of MoveFileWithProgressA at 7C835EDE 7C835EDE: Patching E9 -> 8B 7C835EDF: Patching ED -> FF 7C835EE0: Patching FA -> 55 7C835EE1: Patching 7E -> 8B 7C835EE2: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of MoveFileWithProgressW at 7C81F72E 7C81F72E: Patching E9 -> 68 7C81F72F: Patching 7D -> 9C 7C81F730: Patching 62 -> 00 7C81F731: Patching 80 -> 00 7C81F732: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of OpenFile at 7C821982 7C821982: Patching E9 -> 68 7C821983: Patching A9 -> 04 7C821984: Patching 41 -> 01 7C821985: Patching 80 -> 00 7C821986: Patching 93 -> 00 [+] Wrote patch to process memory. [+] Patching code of VirtualProtect at 7C801AD4 7C801AD4: Patching E9 -> 8B 7C801AD5: Patching D7 -> FF 7C801AD6: Patching 3D -> 55 7C801AD7: Patching 82 -> 8B 7C801AD8: Patching 93 -> EC [+] Wrote patch to process memory. [+] Patching code of WinExec at 7C86250D 7C86250D: Patching E9 -> 8B 7C86250E: Patching BE -> FF 7C86250F: Patching 33 -> 55 7C862510: Patching 7C -> 8B 7C862511: Patching 93 -> EC [+] Wrote patch to process memory. guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) [+] Patching code of EndTask at 7E3AA0A5 7E3AA0A5: Patching E9 -> 8B 7E3AA0A6: Patching 76 -> FF 7E3AA0A7: Patching D2 -> 55 7E3AA0A8: Patching C7 -> 8B 7E3AA0A9: Patching 91 -> EC [+] Wrote patch to process memory. GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) [+] Patching code of CreateProcessAsUserA at 77DE0CE8 77DE0CE8: Patching E9 -> 8B 77DE0CE9: Patching C3 -> FF 77DE0CEA: Patching F1 -> 55 77DE0CEB: Patching 23 -> 8B 77DE0CEC: Patching 98 -> EC [+] Wrote patch to process memory. [+] Patching code of CreateProcessAsUserW at 77DBA8A9 77DBA8A9: Patching E9 -> 8B 77DBA8AA: Patching F2 -> FF 77DBA8AB: Patching 4D -> 55 77DBA8AC: Patching 26 -> 8B 77DBA8AD: Patching 98 -> EC [+] Wrote patch to process memory. [+] Patching code of CreateServiceA at 77E07211 77E07211: Patching E9 -> 6A 77E07212: Patching 3A -> 30 77E07213: Patching FB -> 68 77E07214: Relocating 77E07398 -> 77E07398 77E07214: Patching CCCC9821 -> 77E07398 [+] Wrote patch to process memory. [+] Patching code of CreateServiceW at 77E073A9 77E073A9: Patching E9 -> 6A 77E073AA: Patching C2 -> 20 77E073AB: Patching F6 -> 68 77E073AC: Relocating 77E074A0 -> 77E074A0 77E073AC: Patching CCCC9821 -> 77E074A0 [+] Wrote patch to process memory. [+] Patching code of OpenServiceA at 77DC4C66 77DC4C66: Patching E9 -> 6A 77DC4C67: Patching F5 -> 14 77DC4C68: Patching 18 -> 68 77DC4C69: Relocating 77DC4CA8 -> 77DC4CA8 77DC4C69: Patching CCCC9826 -> 77DC4CA8 [+] Wrote patch to process memory. [+] Patching code of OpenServiceW at 77DB6FFD 77DB6FFD: Patching E9 -> 6A 77DB6FFE: Patching FE -> 14 77DB6FFF: Patching F7 -> 68 77DB7000: Relocating 77DB7040 -> 77DB7040 77DB7000: Patching CCCC9826 -> 77DB7040 [+] Wrote patch to process memory. RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) comdlg32.dll (76350000 - 7639A000) COMCTL32.dll (5D450000 - 5D4EA000) SHELL32.dll (7E670000 - 7EE91000) [+] Patching code of ShellExecuteA at 7E6F11E0 7E6F11E0: Patching E9 -> 8B 7E6F11E1: Patching AB -> FF 7E6F11E2: Patching 46 -> 55 7E6F11E3: Patching 93 -> 8B 7E6F11E4: Patching 91 -> EC [+] Wrote patch to process memory. [+] Patching code of ShellExecuteEx at 7E6F0EB5 7E6F0EB5: Patching E9 -> 8B 7E6F0EB6: Patching 96 -> FF 7E6F0EB7: Patching 49 -> 55 7E6F0EB8: Patching 93 -> 8B 7E6F0EB9: Patching 91 -> EC [+] Wrote patch to process memory. [+] Patching code of ShellExecuteExW at 7E6B996B 7E6B996B: Patching E9 -> 8B 7E6B996C: Patching C0 -> FF 7E6B996D: Patching BE -> 55 7E6B996E: Patching 96 -> 8B 7E6B996F: Patching 91 -> EC [+] Wrote patch to process memory. [+] Patching code of ShellExecuteW at 7E765D48 7E765D48: Patching E9 -> 8B 7E765D49: Patching 23 -> FF 7E765D4A: Patching FB -> 55 7E765D4C: Patching 91 -> EC [+] Wrote patch to process memory. msvcrt.dll (77BE0000 - 77C38000) SHLWAPI.dll (77F40000 - 77FB6000) ole32.dll (774B0000 - 775ED000) [+] Patching code of CoCreateInstanceEx at 774D0526 774D0526: Patching E9 -> 8B 774D0527: Patching 75 -> FF 774D0528: Patching 72 -> 55 774D0529: Patching B5 -> 8B 774D052A: Patching 98 -> EC [+] Wrote patch to process memory. [+] Patching code of CoGetClassObject at 774E56C5 774E56C5: Patching E9 -> 8B 774E56C6: Patching 96 -> FF 774E56C7: Patching 1E -> 55 774E56C8: Patching B4 -> 8B 774E56C9: Patching 98 -> EC [+] Wrote patch to process memory. dbghelp.dll (59DD0000 - 59E71000) fltlib.dll (5E160000 - 5E168000) [+] Patching code of FilterConnectCommunicationPort at 5E16135C 5E16135C: Patching E9 -> 8B 5E16135D: Patching 2F -> FF 5E16135E: Patching BB -> 55 5E16135F: Patching EB -> 8B 5E161360: Patching B1 -> EC [+] Wrote patch to process memory. [+] Patching code of FilterSendMessage at 5E1623A4 5E1623A4: Patching E9 -> 8B 5E1623A5: Patching A7 -> FF 5E1623A6: Patching AA -> 55 5E1623A7: Patching EB -> 8B 5E1623A8: Patching B1 -> EC [+] Wrote patch to process memory. comctl32.dll (773A0000 - 774A3000) wintrust.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) IMAGEHLP.dll (76C50000 - 76C78000) NTMARTA.DLL (77660000 - 77681000) SAMLIB.dll (71B70000 - 71B83000) WLDAP32.dll (76F20000 - 76F4D000) Selftest complete. 20:51:9 - Performing check: "MBR": Partition Table: +----+-----+------Start------+--------End------+----------+----------+----+ | Nr | Act | Head Sect Track | Head Sect Track | Offset | Length | OS | +----+-----+-----------------+-----------------+----------+----------+----+ | 1 | Y | 001 01 0000 | 254 63 0255 | 0000003F | 06FD7745 | 07 | | 2 | N | 000 00 0000 | 000 00 0000 | 00000000 | 00000000 | 00 | | 3 | N | 000 00 0000 | 000 00 0000 | 00000000 | 00000000 | 00 | | 4 | N | 000 00 0000 | 000 00 0000 | 00000000 | 00000000 | 00 | +----+-----+-----------------+-----------------+----------+----------+----+ MBR seems to be OK. 20:51:9 - Performing check: "IRP hooks": 00 \Driver\Beep 899A5F38 Beep.SYS 01 \Driver\NDIS 89D666A0 NDIS.SYS 02 \Driver\KSecDD 89DFC198 KSecDD.sys 03 \Driver\Mouclass 89C8E268 mouclass.sys 04 \Driver\Raspti 899E9E98 raspti.sys 05 \Driver\avgio 89A6DDA0 avgio.sys 06 \Driver\Fips 89A482A8 Fips.SYS 07 \Driver\Kbdclass 89C8F268 kbdclass.sys 08 \Driver\nvatabus 89DEF290 nvatabus.sys 08 >\Driver\ACPIabus 89E5D970 ACPI.sys 09 >\Driver\Imapibus 89C833E0 imapi.sys 10 >\Driver\PxHelp20 89DFC398 PxHelp20.sys 11 >\Driver\Cdromp20 89C87030 cdrom.sys 12 >\Driver\redbook0 89C8F360 redbook.sys 13 >\Driver\InCDPass 89C8F880 InCDPass.sys 14 >\Driver\incdrmss 89C9A308 InCDRm.sys 16 \Driver\cm102u32 899D75C0 c6501.sys 17 \Driver\VgaSave 898A7CA8 vga.sys 18 \Driver\NDProxy 89A82B00 NDProxy.SYS 19 \Driver\Ptilink 89B41B88 ptilink.sys 20 \Driver\MountMgr 89DEFF38 MountMgr.sys 21 \Driver\wdmaud 89AD4360 wdmaud.sys 22 \Driver\Processor 89C896B8 processr.sys 23 \Driver\isapnp 89E428B8 isapnp.sys 13 \Driver\redbook 89C8F360 redbook.sys 13 >\Driver\InCDPass 89C8F880 InCDPass.sys 14 >\Driver\incdrmss 89C9A308 InCDRm.sys 24 \Driver\atapi 89DEF388 atapi.sys 25 \Driver\IpNat 899D6DA0 ipnat.sys 26 \Driver\RasAcd 89A7B030 rasacd.sys 27 \Driver\PSched 89B0E770 psched.sys 28 \Driver\SDTHelper 886457D0 sdthlpr.sys 29 \Driver\NVENETFD 89957828 NVENETFD.sys 30 \Driver\audstub 899A6860 audstub.sys 31 \Driver\usbohci 89C8FB10 usbohci.sys 31 >\Driver\usbhubi 89A67A60 usbhub.sys 33 \Driver\Win32k 89CE44E0 win32k.sys 32 \Driver\usbhub 89A67A60 usbhub.sys 32 >\Driver\usbccgp 89987CA8 usbccgp.sys 35 \Driver\swenum 898F2898 swenum.sys 35 >\Driver\sysaudio 8998E260 sysaudio.sys 37 \Driver\HTTP 89A7E5F8 HTTP.sys 34 \Driver\usbccgp 89987CA8 usbccgp.sys 34 >\Driver\cm102u32 899D75C0 c6501.sys 38 \Driver\RDPCDD 899568F0 RDPCDD.sys 39 \Driver\Update 8999CA30 update.sys 40 \Driver\hamachi 898E1C60 hamachi.sys 41 \Driver\RasPppoe 89A5E890 raspppoe.sys 42 \Driver\TermDD 898FDF38 termdd.sys 42 >\Driver\Mouclass 89C8E268 mouclass.sys 43 \Driver\Ftdisk 89DEFC98 ftdisk.sys 43 >\Driver\VolSnap 89DEF698 VolSnap.sys 36 \Driver\sysaudio 8998E260 sysaudio.sys 45 \Driver\Rasl2tp 899A7540 rasl2tp.sys 46 \Driver\nvnetbus 89CD5030 nvnetbus.sys 46 >\Driver\NVENETFD 89957828 NVENETFD.sys 47 \Driver\Fdc 89C89BC0 fdc.sys 47 >\Driver\Flpydisk 89A8D518 flpydisk.sys 49 \Driver\ParVdm 89C86F38 ParVdm.SYS 14 \Driver\InCDPass 89C8F880 InCDPass.sys 14 >\Driver\incdrmss 89C9A308 InCDRm.sys 50 \Driver\PptpMiniport 89A7D898 raspptp.sys 51 \Driver\serenum 89E48D58 serenum.sys 52 \Driver\WMIxWDM 89E241A8 ntkrnlpa.exe 53 \Driver\ACPI_HAL 89E27098 hal.dll 53 >\Driver\ACPI_HAL 89E5D970 ACPI.sys 54 \Driver\NetBT 8997FD08 netbt.sys 12 \Driver\Cdrom 89C87030 cdrom.sys 12 >\Driver\redbook 89C8F360 redbook.sys 13 >\Driver\InCDPass 89C8F880 InCDPass.sys 14 >\Driver\incdrmss 89C9A308 InCDRm.sys 55 \Driver\mssmbios 899743E0 mssmbios.sys 56 \Driver\PCIIde 89DEF030 pciide.sys 57 \Driver\Wanarp 899C99E0 wanarp.sys 58 \Driver\Tcpip 89C8CB28 tcpip.sys 58 >\Driver\cmdHlp 89A59258 cmdhlp.sys 60 \Driver\mnmdd 899565C8 mnmdd.SYS 61 \Driver\gameenum 89C90DA0 gameenum.sys 44 \Driver\VolSnap 89DEF698 VolSnap.sys 62 \Driver\Inspect 89D9E218 inspect.sys 63 \Driver\nv_agp 89E445A0 nv_agp.sys 63 >\Driver\ati2mtag 899BD030 ati2mtag.sys 10 \Driver\Imapi 89C833E0 imapi.sys 10 >\Driver\PxHelp20 89DFC398 PxHelp20.sys 11 >\Driver\Cdromp20 89C87030 cdrom.sys 12 >\Driver\redbook0 89C8F360 redbook.sys 13 >\Driver\InCDPass 89C8F880 InCDPass.sys 14 >\Driver\incdrmss 89C9A308 InCDRm.sys 59 \Driver\cmdHlp 89A59258 cmdhlp.sys 65 \Driver\Null 898F5DA0 Null.SYS 66 \Driver\usbehci 89C8F5F0 usbehci.sys 66 >\Driver\usbhubi 89A67A60 usbhub.sys 67 \Driver\Disk 89DEAF38 disk.sys 68 \Driver\IPSec 89A4D3D8 ipsec.sys 64 \Driver\ati2mtag 899BD030 ati2mtag.sys 69 \Driver\PCI 89E440C8 pci.sys 69 >\Driver\ati2mtag 899BD030 ati2mtag.sys 70 \Driver\PartMgr 89DEF790 PartMgr.sys 71 \Driver\Serial 89D2D398 serial.sys 71 >\Driver\serenum 89E48D58 serenum.sys 72 \Driver\NdisTapi 899A6B88 ndistapi.sys 73 \Driver\NdisWan 89966728 ndiswan.sys 74 \Driver\Gpc 89C64ED0 msgpc.sys 09 \Driver\ACPI 89E5D970 ACPI.sys 48 \Driver\Flpydisk 89A8D518 flpydisk.sys 75 \Driver\PnpManager 89E28030 ntkrnlpa.exe 75 >\Driver\mssmbioser 899743E0 mssmbios.sys 76 \Driver\AFD 89A677D0 afd.sys 77 \Driver\Ndisuio 89A20258 ndisuio.sys 78 \Driver\Parport 89C8E5F0 parport.sys 79 \Driver\avipbb 89A6E1D8 avipbb.sys 15 \Driver\incdrm 89C9A308 InCDRm.sys 80 \Driver\ssmdrv 89A3B6B8 ssmdrv.sys 81 \Driver\i8042prt 89C8FDA0 i8042prt.sys 81 >\Driver\Mouclass 89C8E268 mouclass.sys 11 \Driver\PxHelp20 89DFC398 PxHelp20.sys 11 >\Driver\Cdromp20 89C87030 cdrom.sys 12 >\Driver\redbook0 89C8F360 redbook.sys 13 >\Driver\InCDPass 89C8F880 InCDPass.sys 14 >\Driver\incdrmss 89C9A308 InCDRm.sys 82 \FileSystem\InCDfs 89A3C340 InCDFs.sys 83 \FileSystem\Ntfs 89D9EA18 Ntfs.sys 83 >\FileSystem\srfs 89DFD860 sr.sys 84 >\FileSystem\FltMgr 89DA20D0 fltmgr.sys 86 \FileSystem\Fastfat 8995DCA8 Fastfat.SYS 86 >\FileSystem\srstfat 89DFD860 sr.sys 84 >\FileSystem\FltMgrt 89DA20D0 fltmgr.sys 87 \FileSystem\NetBIOS 89A465D0 netbios.sys 84 \FileSystem\sr 89DFD860 sr.sys 84 >\FileSystem\FltMgr 89DA20D0 fltmgr.sys 88 \FileSystem\Rdbss 899849F8 rdbss.sys 89 \FileSystem\avgntflt 8925C788 avgntflt.sys 90 \FileSystem\Lbd 89DFD610 Lbd.sys 91 \FileSystem\Msfs 89A5C500 Msfs.SYS 92 \FileSystem\MRxSmb 89A3CD58 mrxsmb.sys 93 \FileSystem\Srv 899EC138 srv.sys 94 \FileSystem\cmdGuard 899C7030 cmdguard.sys 95 \FileSystem\Mup 89D62918 Mup.sys 96 \FileSystem\RAW 89E23228 ntkrnlpa.exe 97 \FileSystem\Npfs 89A5BD58 Npfs.SYS 98 \FileSystem\Fs_Rec 89A5B030 Fs_Rec.SYS 98 >\FileSystem\InCDrec 89A3BD58 InCDrec.SYS 100 \FileSystem\Cdfs 898B20E8 Cdfs.SYS 100 >\FileSystem\FltMgr 89DA20D0 fltmgr.sys 85 >\FileSystem\InCDrec 89A3BD58 InCDrec.SYS 85 \FileSystem\FltMgr 89DA20D0 fltmgr.sys 101 \FileSystem\MRxDAV 89257880 mrxdav.sys 99 \FileSystem\InCDrec 89A3BD58 InCDrec.SYS 21:8:41 - Performing check: "Patched modules": Module information: Idx Base Size Module Service Pre Sig Patched 000 804D7000 0020E000 ntkrnlpa.exe YES YES 001 806E5000 00020D00 hal.dll YES YES 002 BADA8000 00002000 KDCOM.DLL YES YES 003 BACB8000 00003000 BOOTVID.dll YES YES 004 BA778000 0002F000 ACPI.sys ACPI YES YES 005 BADAA000 00002000 WMILIB.SYS YES YES 006 BA767000 00011000 pci.sys PCI YES YES 007 BA8A8000 0000A000 isapnp.sys isapnp YES YES 008 BAE70000 00001000 pciide.sys PCIIde YES YES 009 BAB28000 00007000 PCIIDEX.SYS YES YES 010 BA8B8000 0000B000 MountMgr.sys MountMgr YES YES 011 BA748000 0001F000 ftdisk.sys Ftdisk YES YES 012 BAB30000 00005000 PartMgr.sys PartMgr YES YES 013 BA8C8000 0000E000 VolSnap.sys VolSnap YES YES 014 BA730000 00018000 atapi.sys atapi YES YES 015 BA71C000 00014000 nvatabus.sys nvatabus YES YES 016 BA8D8000 00009000 disk.sys Disk YES YES 017 BA8E8000 0000D000 CLASSPNP.SYS YES YES 018 BA6FC000 00020000 fltmgr.sys FltMgr YES YES 019 BA6EA000 00012000 sr.sys sr YES YES 020 BA8F8000 0000F000 Lbd.sys Lbd YES YES 021 BA908000 0000A000 PxHelp20.sys PxHelp20 YES YES 022 BA6D3000 00017000 KSecDD.sys KSecDD YES YES 023 BA646000 0008D000 Ntfs.sys Ntfs YES YES 024 BA632000 00014000 inspect.sys Inspect YES YES 025 BA605000 0002D000 NDIS.SYS NDIS YES YES 026 BAB38000 00005000 TDI.SYS YES YES 027 BAB40000 00006000 nv_agp.sys nv_agp YES YES 028 BA5EB000 0001A000 Mup.sys Mup YES YES 029 BA9B8000 0000A000 processr.sys Processor YES YES 030 BABF8000 00007000 fdc.sys Fdc YES YES 031 BA037000 00014000 parport.sys Parport YES YES 032 BAD6C000 00003000 gameenum.sys gameenum YES YES 033 BA9C8000 0000D000 i8042prt.sys i8042prt YES YES 034 BAC00000 00007000 kbdclass.sys Kbdclass YES YES 035 BAC08000 00006000 mouclass.sys Mouclass YES YES 036 BA9D8000 00010000 serial.sys Serial YES YES 037 BAD70000 00004000 serenum.sys serenum YES YES 038 BAC10000 00005000 usbohci.sys usbohci YES YES 039 BA013000 00024000 USBPORT.SYS YES YES 040 BAC18000 00008000 usbehci.sys usbehci YES YES 041 BAD78000 00004000 nvnetbus.sys nvnetbus YES YES 042 B9FC9000 0004A000 NVNRM.SYS YES YES 043 B9F92000 00037000 NVSNPU.SYS YES YES 044 BA9E8000 0000B000 imapi.sys Imapi YES YES 045 BA9F8000 00010000 cdrom.sys Cdrom YES YES 046 BAA08000 0000F000 redbook.sys redbook YES YES 047 B9F6F000 00023000 ks.sys YES YES 048 BAC28000 00008000 InCDPass.sys InCDPass YES YES 049 BAA18000 00009000 InCDRm.sys incdrm YES YES 050 B9CA9000 002C6000 ati2mtag.sys ati2mtag YES YES 051 AB3FA000 00014000 VIDEOPRT.SYS YES YES 052 AB6FF000 00001000 audstub.sys audstub YES YES 053 AC0C5000 0000D000 rasl2tp.sys Rasl2tp YES YES 054 BA4C6000 00003000 ndistapi.sys NdisTapi YES YES 055 AB3E3000 00017000 ndiswan.sys NdisWan YES YES 056 AC0B5000 0000B000 raspppoe.sys RasPppoe YES YES 057 AC0A5000 0000C000 raspptp.sys PptpMiniport YES YES 058 AB3D2000 00011000 psched.sys PSched YES YES 059 AC095000 00009000 msgpc.sys Gpc YES YES 060 B26CD000 00005000 ptilink.sys Ptilink YES YES 061 B164D000 00005000 raspti.sys Raspti YES YES 062 B1645000 00005000 hamachi.sys hamachi YES YES 063 AC085000 0000A000 termdd.sys TermDD YES YES 064 BADB0000 00002000 swenum.sys swenum YES YES 065 AB374000 0005E000 update.sys Update YES YES 066 BA4C2000 00004000 mssmbios.sys mssmbios YES YES 067 AC075000 0000A000 NDProxy.SYS NDProxy YES YES 068 AC055000 0000F000 usbhub.sys usbhub YES YES 069 BADE2000 00002000 USBD.SYS YES YES 070 AB6AB000 00009000 NVENETFD.sys NVENETFD YES YES 071 B162D000 00005000 flpydisk.sys Flpydisk YES YES 072 9B31D000 00035000 cmdguard.sys cmdGuard YES YES 073 BADF2000 00002000 Fs_Rec.SYS Fs_Rec YES YES 074 BAFBB000 00001000 Null.SYS Null YES YES 075 BADF4000 00002000 Beep.SYS Beep YES YES 076 B1615000 00006000 vga.sys VgaSave YES YES 077 BADF6000 00002000 mnmdd.SYS mnmdd YES YES 078 BADF8000 00002000 RDPCDD.sys RDPCDD YES YES 079 B5EF6000 00003000 InCDrec.SYS InCDrec YES YES 080 9B2E1000 0001C000 InCDFs.sys InCDfs YES YES 081 B160D000 00005000 Msfs.SYS Msfs YES YES 082 B1605000 00008000 Npfs.SYS Npfs YES YES 083 B5EF2000 00003000 rasacd.sys RasAcd YES YES 084 9B2CE000 00013000 ipsec.sys IPSec YES YES 085 9B275000 00059000 tcpip.sys Tcpip YES YES 086 B5DA2000 00005000 cmdhlp.sys cmdHlp YES YES 087 9B24F000 00026000 ipnat.sys IpNat YES YES 088 9B227000 00028000 netbt.sys NetBT YES YES 089 AB68B000 00009000 wanarp.sys Wanarp YES YES 090 9B205000 00022000 afd.sys AFD YES YES 091 AB67B000 00009000 netbios.sys NetBIOS YES YES 092 B1336000 00006000 ssmdrv.sys ssmdrv YES YES 093 9B1DA000 0002B000 rdbss.sys Rdbss YES YES 094 9B16A000 00070000 mrxsmb.sys MRxSmb YES YES 095 AB66B000 0000B000 Fips.SYS Fips YES YES 096 9B148000 00022000 avipbb.sys avipbb YES YES 097 BADFC000 00002000 avgio.sys avgio YES YES 098 9B124000 00024000 Fastfat.SYS Fastfat YES YES 099 B130E000 00008000 usbccgp.sys usbccgp YES YES 100 9AFC9000 0015B000 c6501.sys cm102u32 YES YES 101 9AFA5000 00024000 portcls.sys YES YES 102 B186E000 0000F000 drmk.sys YES YES 103 9AF91000 00014000 dump_nvatabus.sys NO NO 104 B4EFE000 00002000 dump_WMILIB.SYS NO NO 105 BF800000 001C4000 win32k.sys YES YES 106 AC76F000 00003000 Dxapi.sys YES YES 107 BACA8000 00005000 watchdog.sys YES YES 108 BF9C4000 00012000 dxg.sys YES YES 109 B12E3000 00001000 dxgthk.sys YES YES 110 BF9D6000 00044000 ati2dvag.dll YES YES 111 BFA1A000 00048000 ati2cqag.dll YES YES 112 BFA62000 00045000 atikvmag.dll YES YES 113 BFAA7000 00269000 ati3duag.dll YES YES 114 BFD10000 0010B000 ativvaxx.dll YES YES 115 BFFA0000 00046000 ATMFD.DLL YES YES 116 98F7C000 00015000 avgntflt.sys avgntflt YES YES 117 AC34E000 00004000 ndisuio.sys Ndisuio YES YES 118 98E0F000 0002D000 mrxdav.sys MRxDAV YES YES 119 98DD2000 00015000 wdmaud.sys wdmaud YES YES 120 B181E000 0000F000 sysaudio.sys sysaudio YES YES 121 98BFC000 00010000 Cdfs.SYS Cdfs YES YES 122 BAE2E000 00002000 ParVdm.SYS ParVdm YES YES 123 989C2000 00052000 srv.sys Srv YES YES 124 985E9000 00041000 HTTP.sys HTTP YES YES 125 98E58000 00004000 sdthlpr.sys SDTHelper YES NO 126 7C910000 000B9000 ntdll.dll YES YES Number of Module Table entries patched = 0 21:8:53 - Performing check: "SDT hooks": Found KiServiceTable @ 8055C700 0 ZwAcceptConnectPort 805A4614 1 ZwAccessCheck 805F0AEA 2 ZwAccessCheckAndAuditAlarm 805F4320 3 ZwAccessCheckByType 805F0B1C 4 ZwAccessCheckByTypeAndAuditAlarm 805F435A 5 ZwAccessCheckByTypeResultList 805F0B52 6 ZwAccessCheckByTypeResultListAndAuditAlarm 805F439E 7 ZwAccessCheckByTypeResultListAndAuditAlarmByHandle 805F43E2 8 ZwAddAtom 806153CE 9 ZwAddBootEntry 80616110 10 ZwAdjustGroupsToken 805EBEE8 11 ZwAdjustPrivilegesToken --[HOOKED]-- 9B327212 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 12 ZwAlertResumeThread 805D4B48 13 ZwAlertThread 805D4AF8 14 ZwAllocateLocallyUniqueId 806159F4 15 ZwAllocateUserPhysicalPages 805B5F80 16 ZwAllocateUuids 80615010 17 ZwAllocateVirtualMemory 805A8A9E 18 ZwAreMappedFilesTheSame 805B0594 19 ZwAssignProcessToJobObject 805D660C 20 ZwCallbackReturn 8050189C 21 ZwCancelDeviceWakeupRequest 80616102 22 ZwCancelIoFile 80576AE6 23 ZwCancelTimer 80538BE2 24 ZwClearEvent 8060E5DE 25 ZwClose 805BC4FA 26 ZwCloseObjectAuditAlarm 805F485A 27 ZwCompactKeys 80623382 28 ZwCompareTokens 805F8D6A 29 ZwCompleteConnectPort 805A4D02 30 ZwCompressKey 806235D6 31 ZwConnectPort --[HOOKED]-- 9B3267CA probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 32 ZwContinue 80544E7C 33 ZwCreateDebugObject 80641EA8 34 ZwCreateDirectoryObject 805BE4AA 35 ZwCreateEvent 8060E62E 36 ZwCreateEventPair 80616986 37 ZwCreateFile --[HOOKED]-- 9B326E78 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 38 ZwCreateIoCompletion 80578A62 39 ZwCreateJobObject 805D55D0 40 ZwCreateJobSet 805D5308 41 ZwCreateKey --[HOOKED]-- BAFCA2BE probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 96 Base address: 9B148000 Size: 00022000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: AntiVir Desktop Version: 10.00.02.06 Company: Avira GmbH File Version: 10.00.02.06 Description: Avira Driver for Security Enhancement Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 42 ZwCreateMailslotFile 80579192 43 ZwCreateMutant 80616D7E 44 ZwCreateNamedPipeFile 805790BE 45 ZwCreatePagingFile 805AB9D2 46 ZwCreatePort --[HOOKED]-- 9B3266A6 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 47 ZwCreateProcess 805D11FA 48 ZwCreateProcessEx 805D1144 49 ZwCreateProfile 8061719E 50 ZwCreateSection --[HOOKED]-- 9B3297A6 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 51 ZwCreateSemaphore 8061472E 52 ZwCreateSymbolicLinkObject --[HOOKED]-- 9B329A44 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 53 ZwCreateThread --[HOOKED]-- BAFCA2B4 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 96 Base address: 9B148000 Size: 00022000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: AntiVir Desktop Version: 10.00.02.06 Company: Avira GmbH File Version: 10.00.02.06 Description: Avira Driver for Security Enhancement Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 54 ZwCreateTimer 8061664E 55 ZwCreateToken 805F9112 56 ZwCreateWaitablePort 805A50F4 57 ZwDebugActiveProcess 80642F84 58 ZwDebugContinue 806430D4 59 ZwDelayExecution 80616052 60 ZwDeleteAtom 80615884 61 ZwDeleteBootEntry 80616102 62 ZwDeleteFile 80576C2C 63 ZwDeleteKey --[HOOKED]-- BAFCA2C3 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 96 Base address: 9B148000 Size: 00022000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: AntiVir Desktop Version: 10.00.02.06 Company: Avira GmbH File Version: 10.00.02.06 Description: Avira Driver for Security Enhancement Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 64 ZwDeleteObjectAuditAlarm 805F4966 65 ZwDeleteValueKey --[HOOKED]-- BAFCA2CD probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 96 Base address: 9B148000 Size: 00022000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: AntiVir Desktop Version: 10.00.02.06 Company: Avira GmbH File Version: 10.00.02.06 Description: Avira Driver for Security Enhancement Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 66 ZwDeviceIoControlFile 8057924A 67 ZwDisplayString 806126AC 68 ZwDuplicateObject --[HOOKED]-- 9B32601C probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 69 ZwDuplicateToken 805ECD96 70 ZwEnumerateBootEntries 80616110 71 ZwEnumerateKey --[HOOKED]-- 9B328118 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 72 ZwEnumerateSystemEnvironmentValuesEx 806160F4 73 ZwEnumerateValueKey --[HOOKED]-- 9B328356 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 74 ZwExtendSection 805B3CA0 75 ZwFilterToken 805ECF42 76 ZwFindAtom 80615638 77 ZwFlushBuffersFile 80576CF8 78 ZwFlushInstructionCache 805B6814 79 ZwFlushKey 806244C6 80 ZwFlushVirtualMemory 805AC6E6 81 ZwFlushWriteBuffer 805B67B6 82 ZwFreeUserPhysicalPages 805B6322 83 ZwFreeVirtualMemory 805B2F7C 84 ZwFsControlFile 8057927E 85 ZwGetContextThread 805D14F4 86 ZwGetDevicePowerState 805C864E 87 ZwGetPlugPlayEvent 80599116 88 ZwGetWriteWatch 8052118A 89 ZwImpersonateAnonymousToken 805F8A5E 90 ZwImpersonateClientOfPort 805A515E 91 ZwImpersonateThread 805D77CC 92 ZwInitializeRegistry 80621908 93 ZwInitiatePowerAction 805C8434 94 ZwIsProcessInJob 805D51CC 95 ZwIsSystemResumeAutomatic 805C863A 96 ZwListenPort 805A536A 97 ZwLoadDriver --[HOOKED]-- 9B3293E2 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 98 ZwLoadKey --[HOOKED]-- BAFCA2D2 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 96 Base address: 9B148000 Size: 00022000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: AntiVir Desktop Version: 10.00.02.06 Company: Avira GmbH File Version: 10.00.02.06 Description: Avira Driver for Security Enhancement Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 99 ZwLoadKey2 806255BA 100 ZwLockFile 805792B2 101 ZwLockProductActivationKeys 80612C9E 102 ZwLockRegistryKey 80623682 103 ZwLockVirtualMemory 805B691C 104 ZwMakePermanentObject 805BE2A0 105 ZwMakeTemporaryObject --[HOOKED]-- 9B326A66 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 106 ZwMapUserPhysicalPages 805B53E0 107 ZwMapUserPhysicalPagesScatter 805B5930 108 ZwMapViewOfSection 805B2004 109 ZwModifyBootEntry 80616102 110 ZwNotifyChangeDirectoryFile 80579ECA 111 ZwNotifyChangeKey 80625978 112 ZwNotifyChangeMultipleKeys 806245C8 113 ZwOpenDirectoryObject 805BE57C 114 ZwOpenEvent 8060E72E 115 ZwOpenEventPair 80616A5E 116 ZwOpenFile --[HOOKED]-- 9B327054 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 117 ZwOpenIoCompletion 80578B3A 118 ZwOpenJobObject 805D5756 119 ZwOpenKey --[HOOKED]-- 9B327A56 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 120 ZwOpenMutant 80616E56 121 ZwOpenObjectAuditAlarm 805F4428 122 ZwOpenProcess --[HOOKED]-- BAFCA2A0 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 96 Base address: 9B148000 Size: 00022000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: AntiVir Desktop Version: 10.00.02.06 Company: Avira GmbH File Version: 10.00.02.06 Description: Avira Driver for Security Enhancement Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 123 ZwOpenProcessToken 805ED730 124 ZwOpenProcessTokenEx 805ED394 125 ZwOpenSection --[HOOKED]-- 9B326D02 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 126 ZwOpenSemaphore 80614828 127 ZwOpenSymbolicLinkObject 805C3BAA 128 ZwOpenThread --[HOOKED]-- BAFCA2A5 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 96 Base address: 9B148000 Size: 00022000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: AntiVir Desktop Version: 10.00.02.06 Company: Avira GmbH File Version: 10.00.02.06 Description: Avira Driver for Security Enhancement Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 129 ZwOpenThreadToken 805ED74E 130 ZwOpenThreadTokenEx 805ED504 131 ZwOpenTimer 80616770 132 ZwPlugPlayControl 80645176 133 ZwPowerInformation 805C94BC 134 ZwPrivilegeCheck 805F7B10 135 ZwPrivilegeObjectAuditAlarm 805F373A 136 ZwPrivilegedServiceAuditAlarm 805F3926 137 ZwProtectVirtualMemory 805B83E8 138 ZwPulseEvent 8060E7E6 139 ZwQueryAttributesFile 80576ED6 140 ZwQueryBootEntryOrder 80616110 141 ZwQueryBootOptions 80616110 142 ZwQueryDebugFilterState 8053FBC6 143 ZwQueryDefaultLocale 806103D8 144 ZwQueryDefaultUILanguage 80611038 145 ZwQueryDirectoryFile 80579E64 146 ZwQueryDirectoryObject 805BE61C 147 ZwQueryEaFile 8057A1B2 148 ZwQueryEvent 8060E8AE 149 ZwQueryFullAttributesFile 8057702A 150 ZwQueryInformationAtom 806158AC 151 ZwQueryInformationFile 8057AA1E 152 ZwQueryInformationJobObject 805D5C28 153 ZwQueryInformationPort 805A53C8 154 ZwQueryInformationProcess 805CCF5E 155 ZwQueryInformationThread 805CBB8C 156 ZwQueryInformationToken 805ED82E 157 ZwQueryInstallUILanguage 806107D6 158 ZwQueryIntervalProfile 80617620 159 ZwQueryIoCompletion 80578BE2 160 ZwQueryKey --[HOOKED]-- 9B32853E probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 161 ZwQueryMultipleValueKey --[HOOKED]-- 9B328902 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 162 ZwQueryMutant 80616EFE 163 ZwQueryObject 805C5296 164 ZwQueryOpenSubKeys 80622FAC 165 ZwQueryPerformanceCounter 806176AE 166 ZwQueryQuotaInformationFile 8057B800 167 ZwQuerySection 805B85AA 168 ZwQuerySecurityObject 805C0064 169 ZwQuerySemaphore 806148E0 170 ZwQuerySymbolicLinkObject 805C3C4A 171 ZwQuerySystemEnvironmentValue 8061612C 172 ZwQuerySystemEnvironmentValueEx 806160E6 173 ZwQuerySystemInformation 806110B8 174 ZwQuerySystemTime 80612878 175 ZwQueryTimer 80616828 176 ZwQueryTimerResolution 8061290A 177 ZwQueryValueKey --[HOOKED]-- 9B32871A probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 178 ZwQueryVirtualMemory 805B8C38 179 ZwQueryVolumeInformationFile 8057BCEA 180 ZwQueueApcThread 805D1240 181 ZwRaiseException 80544EC4 182 ZwRaiseHardError 80614552 183 ZwReadFile 8057C48A 184 ZwReadFileScatter 8057C9F4 185 ZwReadRequestData 805A5E50 186 ZwReadVirtualMemory 805B428C 187 ZwRegisterThreadTerminatePort 805D2762 188 ZwReleaseMutant 80617036 189 ZwReleaseSemaphore 80614A10 190 ZwRemoveIoCompletion 80578EDA 191 ZwRemoveProcessDebug 80643054 192 ZwRenameKey --[HOOKED]-- 9B327F30 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 193 ZwReplaceKey --[HOOKED]-- BAFCA2DC probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 96 Base address: 9B148000 Size: 00022000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: AntiVir Desktop Version: 10.00.02.06 Company: Avira GmbH File Version: 10.00.02.06 Description: Avira Driver for Security Enhancement Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 194 ZwReplyPort 805A54D0 195 ZwReplyWaitReceivePort 805A6498 196 ZwReplyWaitReceivePortEx 805A5EA0 197 ZwReplyWaitReplyPort 805A57BA 198 ZwRequestDeviceWakeup 805C85CC 199 ZwRequestPort 805A2A2E 200 ZwRequestWaitReplyPort --[HOOKED]-- 9B328E76 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 201 ZwRequestWakeupLatency 805C83DA 202 ZwResetEvent 8060E9C0 203 ZwResetWriteWatch 80521672 204 ZwRestoreKey --[HOOKED]-- BAFCA2D7 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 96 Base address: 9B148000 Size: 00022000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: AntiVir Desktop Version: 10.00.02.06 Company: Avira GmbH File Version: 10.00.02.06 Description: Avira Driver for Security Enhancement Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 205 ZwResumeProcess 805D4AA2 206 ZwResumeThread 805D4984 207 ZwSaveKey 80625266 208 ZwSaveKeyEx 8062534C 209 ZwSaveMergedKeys 80625474 210 ZwSecureConnectPort --[HOOKED]-- 9B32912A probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 211 ZwSetBootEntryOrder 80616110 212 ZwSetBootOptions 80616110 213 ZwSetContextThread 805D1704 214 ZwSetDebugFilterState 80645D0C 215 ZwSetDefaultHardErrorPort 806143FC 216 ZwSetDefaultLocale 80610528 217 ZwSetDefaultUILanguage 80610D9A 218 ZwSetEaFile 8057A6C6 219 ZwSetEvent 8060EA80 220 ZwSetEventBoostPriority 8060EB4A 221 ZwSetHighEventPair 80616D1A 222 ZwSetHighWaitLowEventPair 80616C4A 223 ZwSetInformationDebugObject 80642A1E 224 ZwSetInformationFile 8057B010 225 ZwSetInformationJobObject 805D6936 226 ZwSetInformationKey 806224CC 227 ZwSetInformationObject 805C480C 228 ZwSetInformationProcess 805CDE54 229 ZwSetInformationThread 805CC0D8 230 ZwSetInformationToken 805F9E8C 231 ZwSetIntervalProfile 80617182 232 ZwSetIoCompletion 80578E78 233 ZwSetLdtEntries 805D38CE 234 ZwSetLowEventPair 80616CB6 235 ZwSetLowWaitHighEventPair 80616BDE 236 ZwSetQuotaInformationFile 8057B7DE 237 ZwSetSecurityObject --[HOOKED]-- 9B32782E probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 238 ZwSetSystemEnvironmentValue 806163B0 239 ZwSetSystemEnvironmentValueEx 806160E6 240 ZwSetSystemInformation --[HOOKED]-- 9B3295AE probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 241 ZwSetSystemPowerState 80652E18 242 ZwSetSystemTime 80613B80 243 ZwSetThreadExecutionState 805C82EE 244 ZwSetTimer 80538D72 245 ZwSetTimerResolution 80613052 246 ZwSetUuidSeed 80614EC6 247 ZwSetValueKey --[HOOKED]-- BAFCA2C8 probably by C:\WINDOWS\system32\DRIVERS\avipbb.sys ------------------------------------------------------------------------------- Information for module avipbb.sys: ------------------------------------------------------------------------------- Index: 96 Base address: 9B148000 Size: 00022000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\system32\DRIVERS\avipbb.sys Name: AntiVir Desktop Version: 10.00.02.06 Company: Avira GmbH File Version: 10.00.02.06 Description: Avira Driver for Security Enhancement Possible path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Signed: YES 248 ZwSetVolumeInformationFile 8057C0F4 249 ZwShutdownSystem --[HOOKED]-- 9B326A00 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 250 ZwSignalAndWaitForSingleObject 80526768 251 ZwStartProfile 806173CC 252 ZwStopProfile 80617576 253 ZwSuspendProcess 805D4A4C 254 ZwSuspendThread 805D48BE 255 ZwSystemDebugControl --[HOOKED]-- 9B326BEE probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 256 ZwTerminateJobObject 805D74CA 257 ZwTerminateProcess --[HOOKED]-- 9B326544 probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 258 ZwTerminateThread --[HOOKED]-- 9B3263EA probably by C:\WINDOWS\System32\DRIVERS\cmdguard.sys ------------------------------------------------------------------------------- Information for module cmdguard.sys: ------------------------------------------------------------------------------- Index: 72 Base address: 9B31D000 Size: 00035000 Flags: 09104000 Load count: 1 Imagename: \SystemRoot\System32\DRIVERS\cmdguard.sys Name: COMODO Internet Security Sandbox Driver Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 built by: WinDDK Description: COMODO Internet Security Sandbox Driver Possible path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys Signed: YES 259 ZwTestAlert 805D4C0C 260 ZwTraceEvent 80535108 261 ZwTranslateFilePath 8061611E 262 ZwUnloadDriver 805842CE 263 ZwUnloadKey 80622062 264 ZwUnloadKeyEx 8062227C 265 ZwUnlockFile 80579656 266 ZwUnlockVirtualMemory 805B6EAA 267 ZwUnmapViewOfSection 805B2E12 268 ZwVdmControl 805FB244 269 ZwWaitForDebugEvent 80642786 270 ZwWaitForMultipleObjects 805C07AE 271 ZwWaitForSingleObject 805C06C4 272 ZwWaitHighEventPair 80616B7A 273 ZwWaitLowEventPair 80616B16 274 ZwWriteFile 8057CEF2 275 ZwWriteFileGather 8057D4D6 276 ZwWriteRequestData 805A5E78 277 ZwWriteVirtualMemory 805B4396 278 ZwYieldExecution 80504AE8 279 ZwCreateKeyedEvent 80617BF2 280 ZwOpenKeyedEvent 80617CDC 281 ZwReleaseKeyedEvent 80617D8E 282 ZwWaitForKeyedEvent 80617FEA 283 ZwQueryPortInformationProcess 805CB90C Number of Service Table entries hooked = 36 Number of Service Table entries patched = 0 21:8:55 - Performing check: "IDT hooks": IDT offset in kernel: 0x035DAF54 IDT address: 0x8003F400 (phys.: 0x0289F400) INT# SegType DPL ISR 000(00) IntG32 00 0008:805421B0 001(01) IntG32 00 0008:8054232C 002(02) TaskG32 00 0058:805528A6 003(03) IntG32 03 0008:80542740 004(04) IntG32 03 0008:805428C0 005(05) IntG32 00 0008:80542A20 006(06) IntG32 00 0008:80542B94 007(07) IntG32 00 0008:8054320C 008(08) TaskG32 00 0050:80552898 009(09) IntG32 00 0008:80543610 010(0A) IntG32 00 0008:80543730 011(0B) IntG32 00 0008:80543870 012(0C) IntG32 00 0008:80543AD0 013(0D) IntG32 00 0008:80543DBC 014(0E) IntG32 00 0008:805444B8 015(0F) IntG32 00 0008:805447F0 016(10) IntG32 00 0008:80544910 017(11) IntG32 00 0008:80544A4C 018(12) TaskG32 00 00A0:0A3A90A8 (hooked) 019(13) IntG32 00 0008:80544BB4 020(14) IntG32 00 0008:805447F0 021(15) IntG32 00 0008:805447F0 022(16) IntG32 00 0008:805447F0 023(17) IntG32 00 0008:805447F0 024(18) IntG32 00 0008:805447F0 025(19) IntG32 00 0008:805447F0 026(1A) IntG32 00 0008:805447F0 027(1B) IntG32 00 0008:805447F0 028(1C) IntG32 00 0008:805447F0 029(1D) IntG32 00 0008:805447F0 030(1E) IntG32 00 0008:805447F0 031(1F) IntG32 00 0008:806E710C 032(20) Not present 033(21) Not present 034(22) Not present 035(23) Not present 036(24) Not present 037(25) Not present 038(26) Not present 039(27) Not present 040(28) Not present 041(29) Not present 042(2A) IntG32 03 0008:805419DE 043(2B) IntG32 03 0008:80541AE0 044(2C) IntG32 03 0008:80541C90 045(2D) IntG32 03 0008:8054261C 046(2E) IntG32 03 0008:80541461 047(2F) IntG32 00 0008:805447F0 048(30) IntG32 00 0008:80540B20 049(31) IntG32 00 0008:80540B2A 050(32) IntG32 00 0008:80540B34 051(33) IntG32 00 0008:80540B3E 052(34) IntG32 00 0008:80540B48 053(35) IntG32 00 0008:80540B52 054(36) IntG32 00 0008:80540B5C 055(37) IntG32 00 0008:806E6864 056(38) IntG32 00 0008:80540B70 057(39) IntG32 00 0008:80540B7A 058(3A) IntG32 00 0008:80540B84 059(3B) IntG32 00 0008:80540B8E 060(3C) IntG32 00 0008:80540B98 061(3D) IntG32 00 0008:806E7E2C 062(3E) IntG32 00 0008:80540BAC 063(3F) IntG32 00 0008:80540BB6 064(40) IntG32 00 0008:80540BC0 065(41) IntG32 00 0008:806E7C88 066(42) IntG32 00 0008:80540BD4 067(43) IntG32 00 0008:80540BDE 068(44) IntG32 00 0008:80540BE8 069(45) IntG32 00 0008:80540BF2 070(46) IntG32 00 0008:80540BFC 071(47) IntG32 00 0008:80540C06 072(48) IntG32 00 0008:80540C10 073(49) IntG32 00 0008:80540C1A 074(4A) IntG32 00 0008:80540C24 075(4B) IntG32 00 0008:80540C2E 076(4C) IntG32 00 0008:80540C38 077(4D) IntG32 00 0008:80540C42 078(4E) IntG32 00 0008:80540C4C 079(4F) IntG32 00 0008:80540C56 080(50) IntG32 00 0008:806E693C 081(51) IntG32 00 0008:80540C6A 082(52) IntG32 00 0008:80540C74 083(53) IntG32 00 0008:80540C7E 084(54) IntG32 00 0008:80540C88 085(55) IntG32 00 0008:80540C92 086(56) IntG32 00 0008:80540C9C 087(57) IntG32 00 0008:80540CA6 088(58) IntG32 00 0008:80540CB0 089(59) IntG32 00 0008:80540CBA 090(5A) IntG32 00 0008:80540CC4 091(5B) IntG32 00 0008:80540CCE 092(5C) IntG32 00 0008:80540CD8 093(5D) IntG32 00 0008:80540CE2 094(5E) IntG32 00 0008:80540CEC 095(5F) IntG32 00 0008:80540CF6 096(60) IntG32 00 0008:80540D00 097(61) IntG32 00 0008:80540D0A 098(62) IntG32 00 0008:89DEEBEC (hooked) 099(63) IntG32 00 0008:899DB754 (hooked) 100(64) IntG32 00 0008:80540D28 101(65) IntG32 00 0008:80540D32 102(66) IntG32 00 0008:80540D3C 103(67) IntG32 00 0008:80540D46 104(68) IntG32 00 0008:80540D50 105(69) IntG32 00 0008:80540D5A 106(6A) IntG32 00 0008:80540D64 107(6B) IntG32 00 0008:80540D6E 108(6C) IntG32 00 0008:80540D78 109(6D) IntG32 00 0008:80540D82 110(6E) IntG32 00 0008:80540D8C 111(6F) IntG32 00 0008:80540D96 112(70) IntG32 00 0008:80540DA0 113(71) IntG32 00 0008:80540DAA 114(72) IntG32 00 0008:80540DB4 115(73) IntG32 00 0008:89A98BEC (hooked) 116(74) IntG32 00 0008:80540DC8 117(75) IntG32 00 0008:80540DD2 118(76) IntG32 00 0008:80540DDC 119(77) IntG32 00 0008:80540DE6 120(78) IntG32 00 0008:80540DF0 121(79) IntG32 00 0008:80540DFA 122(7A) IntG32 00 0008:80540E04 123(7B) IntG32 00 0008:80540E0E 124(7C) IntG32 00 0008:80540E18 125(7D) IntG32 00 0008:80540E22 126(7E) IntG32 00 0008:80540E2C 127(7F) IntG32 00 0008:80540E36 128(80) IntG32 00 0008:80540E40 129(81) IntG32 00 0008:80540E4A 130(82) IntG32 00 0008:89DED044 (hooked) 131(83) IntG32 00 0008:89DECA44 (hooked) 132(84) IntG32 00 0008:80540E68 133(85) IntG32 00 0008:80540E72 134(86) IntG32 00 0008:80540E7C 135(87) IntG32 00 0008:80540E86 136(88) IntG32 00 0008:80540E90 137(89) IntG32 00 0008:80540E9A 138(8A) IntG32 00 0008:80540EA4 139(8B) IntG32 00 0008:80540EAE 140(8C) IntG32 00 0008:80540EB8 141(8D) IntG32 00 0008:80540EC2 142(8E) IntG32 00 0008:80540ECC 143(8F) IntG32 00 0008:80540ED6 144(90) IntG32 00 0008:80540EE0 145(91) IntG32 00 0008:80540EEA 146(92) IntG32 00 0008:899E0514 (hooked) 147(93) IntG32 00 0008:89A22BEC (hooked) 148(94) IntG32 00 0008:80540F08 149(95) IntG32 00 0008:80540F12 150(96) IntG32 00 0008:80540F1C 151(97) IntG32 00 0008:80540F26 152(98) IntG32 00 0008:80540F30 153(99) IntG32 00 0008:80540F3A 154(9A) IntG32 00 0008:80540F44 155(9B) IntG32 00 0008:80540F4E 156(9C) IntG32 00 0008:80540F58 157(9D) IntG32 00 0008:80540F62 158(9E) IntG32 00 0008:80540F6C 159(9F) IntG32 00 0008:80540F76 160(A0) IntG32 00 0008:80540F80 161(A1) IntG32 00 0008:80540F8A 162(A2) IntG32 00 0008:80540F94 163(A3) IntG32 00 0008:89AE9BEC (hooked) 164(A4) IntG32 00 0008:80540FA8 165(A5) IntG32 00 0008:80540FB2 166(A6) IntG32 00 0008:80540FBC 167(A7) IntG32 00 0008:80540FC6 168(A8) IntG32 00 0008:80540FD0 169(A9) IntG32 00 0008:80540FDA 170(AA) IntG32 00 0008:80540FE4 171(AB) IntG32 00 0008:80540FEE 172(AC) IntG32 00 0008:80540FF8 173(AD) IntG32 00 0008:80541002 174(AE) IntG32 00 0008:8054100C 175(AF) IntG32 00 0008:80541016 176(B0) IntG32 00 0008:80541020 177(B1) IntG32 00 0008:89E44934 (hooked) 178(B2) IntG32 00 0008:80541034 179(B3) IntG32 00 0008:8054103E 180(B4) IntG32 00 0008:8991251C (hooked) 181(B5) IntG32 00 0008:80541052 182(B6) IntG32 00 0008:8054105C 183(B7) IntG32 00 0008:80541066 184(B8) IntG32 00 0008:80541070 185(B9) IntG32 00 0008:8054107A 186(BA) IntG32 00 0008:80541084 187(BB) IntG32 00 0008:8054108E 188(BC) IntG32 00 0008:80541098 189(BD) IntG32 00 0008:805410A2 190(BE) IntG32 00 0008:805410AC 191(BF) IntG32 00 0008:805410B6 192(C0) IntG32 00 0008:805410C0 193(C1) IntG32 00 0008:806E6AC0 194(C2) IntG32 00 0008:805410D4 195(C3) IntG32 00 0008:805410DE 196(C4) IntG32 00 0008:805410E8 197(C5) IntG32 00 0008:805410F2 198(C6) IntG32 00 0008:805410FC 199(C7) IntG32 00 0008:80541106 200(C8) IntG32 00 0008:80541110 201(C9) IntG32 00 0008:8054111A 202(CA) IntG32 00 0008:80541124 203(CB) IntG32 00 0008:8054112E 204(CC) IntG32 00 0008:80541138 205(CD) IntG32 00 0008:80541142 206(CE) IntG32 00 0008:8054114C 207(CF) IntG32 00 0008:80541156 208(D0) IntG32 00 0008:80541160 209(D1) IntG32 00 0008:806E5E54 210(D2) IntG32 00 0008:80541174 211(D3) IntG32 00 0008:8054117E 212(D4) IntG32 00 0008:80541188 213(D5) IntG32 00 0008:80541192 214(D6) IntG32 00 0008:8054119C 215(D7) IntG32 00 0008:805411A6 216(D8) IntG32 00 0008:805411B0 217(D9) IntG32 00 0008:805411BA 218(DA) IntG32 00 0008:805411C4 219(DB) IntG32 00 0008:805411CE 220(DC) IntG32 00 0008:805411D8 221(DD) IntG32 00 0008:805411E2 222(DE) IntG32 00 0008:805411EC 223(DF) IntG32 00 0008:805411F6 224(E0) IntG32 00 0008:80541200 225(E1) IntG32 00 0008:806E7048 226(E2) IntG32 00 0008:80541214 227(E3) IntG32 00 0008:806E6DAC 228(E4) IntG32 00 0008:80541228 229(E5) IntG32 00 0008:80541232 230(E6) IntG32 00 0008:8054123C 231(E7) IntG32 00 0008:80541246 232(E8) IntG32 00 0008:80541250 233(E9) IntG32 00 0008:8054125A 234(EA) IntG32 00 0008:80541264 235(EB) IntG32 00 0008:8054126E 236(EC) IntG32 00 0008:80541278 237(ED) IntG32 00 0008:80541282 238(EE) IntG32 00 0008:80541289 239(EF) IntG32 00 0008:80541290 240(F0) IntG32 00 0008:80541297 241(F1) IntG32 00 0008:8054129E 242(F2) IntG32 00 0008:805412A5 243(F3) IntG32 00 0008:805412AC 244(F4) IntG32 00 0008:805412B3 245(F5) IntG32 00 0008:805412BA 246(F6) IntG32 00 0008:805412C1 247(F7) IntG32 00 0008:805412C8 248(F8) IntG32 00 0008:805412CF 249(F9) IntG32 00 0008:805412D6 250(FA) IntG32 00 0008:805412DD 251(FB) IntG32 00 0008:805412E4 252(FC) IntG32 00 0008:805412EB 253(FD) IntG32 00 0008:806E75A8 254(FE) IntG32 00 0008:806E7748 255(FF) IntG32 00 0008:80541300 21:8:57 - Performing check: "SYSENTER hook": SYSENTER offset in kernel: 0x0046A530 (=0x80541530) SYSENTER EIP: 0008:80541530 [OK] 21:8:57 - Performing check: "IAT hooks": PID 660 - C:\WINDOWS\System32\smss.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) PID 724 - C:\WINDOWS\system32\csrss.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) CSRSRV.dll (75AE0000 - 75AEB000) basesrv.dll (75AF0000 - 75B00000) winsrv.dll (75B00000 - 75B4B000) GDI32.dll (77EF0000 - 77F39000) KERNEL32.dll (7C800000 - 7C908000) USER32.dll (7E360000 - 7E3F1000) sxs.dll (76970000 - 76A21000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) Apphelp.dll (77B10000 - 77B32000) VERSION.dll (77BD0000 - 77BD8000) PID 752 - C:\WINDOWS\system32\winlogon.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C908000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) AUTHZ.dll (77690000 - 776A2000) msvcrt.dll (77BE0000 - 77C38000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) USER32.dll (7E360000 - 7E3F1000) GDI32.dll (77EF0000 - 77F39000) NDdeApi.dll (758E0000 - 758E8000) PROFMAP.dll (758D0000 - 758DA000) NETAPI32.dll (597D0000 - 59825000) USERENV.dll (76620000 - 766D6000) PSAPI.DLL (76BB0000 - 76BBB000) REGAPI.dll (76B70000 - 76B7F000) SETUPAPI.dll (778F0000 - 779E4000) VERSION.dll (77BD0000 - 77BD8000) WINSTA.dll (76300000 - 76310000) WINTRUST.dll (76BF0000 - 76C1E000) IMAGEHLP.dll (76C50000 - 76C78000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) guard32.dll (10000000 - 10046000) fltlib.dll (5E160000 - 5E168000) MSGINA.dll (75910000 - 75A0A000) COMCTL32.dll (5D450000 - 5D4EA000) ODBC32.dll (745D0000 - 7460D000) comdlg32.dll (76350000 - 7639A000) SHELL32.dll (7E670000 - 7EE91000) SHLWAPI.dll (77F40000 - 77FB6000) comctl32.dll (773A0000 - 774A3000) odbcint.dll (1F840000 - 1F859000) SHSVCS.dll (776B0000 - 776D3000) sfc.dll (76B60000 - 76B65000) sfc_os.dll (76C20000 - 76C4A000) ole32.dll (774B0000 - 775ED000) Apphelp.dll (77B10000 - 77B32000) WINSCARD.DLL (72360000 - 7237C000) WTSAPI32.dll (76F10000 - 76F18000) sxs.dll (76970000 - 76A21000) uxtheme.dll (5B0F0000 - 5B128000) WINMM.dll (76AF0000 - 76B1E000) Ati2evxx.dll (01120000 - 01138000) cscdll.dll (765A0000 - 765BD000) rsaenh.dll (68000000 - 68036000) dimsntfy.dll (47120000 - 47128000) WlNotify.dll (758F0000 - 7590B000) MPR.dll (71A80000 - 71A92000) WINSPOOL.DRV (72F70000 - 72F96000) msv1_0.dll (77C40000 - 77C65000) cryptdll.dll (76740000 - 7674C000) iphlpapi.dll (76D20000 - 76D39000) SAMLIB.dll (71B70000 - 71B83000) cscui.dll (779F0000 - 77A46000) MPRAPI.dll (76D00000 - 76D18000) ACTIVEDS.dll (77C90000 - 77CC2000) adsldpc.dll (76DD0000 - 76DF5000) WLDAP32.dll (76F20000 - 76F4D000) ATL.DLL (76AD0000 - 76AE1000) OLEAUT32.dll (770F0000 - 7717B000) rtutils.dll (76E40000 - 76E4E000) xpsp2res.dll (015B0000 - 01889000) NTMARTA.DLL (77660000 - 77681000) wdmaud.drv (72C90000 - 72C99000) msacm32.drv (72C80000 - 72C88000) MSACM32.dll (77BB0000 - 77BC5000) midimap.dll (77BA0000 - 77BA7000) COMRes.dll (77010000 - 770E3000) CLBCATQ.DLL (76F90000 - 7700F000) PID 796 - C:\WINDOWS\system32\services.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) msvcrt.dll (77BE0000 - 77C38000) NCObjAPI.DLL (5FB60000 - 5FB6C000) MSVCP60.dll (76020000 - 76085000) SCESRV.dll (77B40000 - 77B94000) AUTHZ.dll (77690000 - 776A2000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) USERENV.dll (76620000 - 766D6000) umpnpmgr.dll (7DBB0000 - 7DBD1000) WINSTA.dll (76300000 - 76310000) The code of WinStationTerminateProcess at 76307819 (0) got patched. Here is the diff: Address New-Original 76307819: E9 - 6A 7630781A: C2 - 14 7630781B: F8 - 68 --> JMP DWORD PTR DS:[100270E0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: NETAPI32.dll (597D0000 - 59825000) ShimEng.dll (5CF00000 - 5CF26000) AcAdProc.dll (47440000 - 4744F000) guard32.dll (10000000 - 10046000) VERSION.dll (77BD0000 - 77BD8000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Apphelp.dll (77B10000 - 77B32000) eventlog.dll (772D0000 - 772E1000) PSAPI.DLL (76BB0000 - 76BBB000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) wtsapi32.dll (76F10000 - 76F18000) PID 808 - C:\WINDOWS\system32\lsass.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) LSASRV.dll (753D0000 - 75487000) MPR.dll (71A80000 - 71A92000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) MSASN1.dll (77AF0000 - 77B02000) msvcrt.dll (77BE0000 - 77C38000) NETAPI32.dll (597D0000 - 59825000) NTDSAPI.dll (76750000 - 76763000) DNSAPI.dll (76EE0000 - 76F07000) WS2_32.dll (71A10000 - 71A27000) The code of WSASocketA at 71A18B6A (0) got patched. Here is the diff: Address New-Original 71A18B6A: E9 - 8B 71A18B6B: 61 - FF 71A18B6C: CC - 55 71A18B6D: 60 - 8B 71A18B6E: 9E - EC --> JMP DWORD PTR DS:[100257D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WSASocketW at 71A1404E (0) got patched. Here is the diff: Address New-Original 71A1404E: E9 - 6A 71A1404F: 5D - 20 71A14050: 17 - 68 --> JMP DWORD PTR DS:[100257B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WS2HELP.dll (71A00000 - 71A08000) WLDAP32.dll (76F20000 - 76F4D000) SAMLIB.dll (71B70000 - 71B83000) SAMSRV.dll (743C0000 - 7442E000) cryptdll.dll (76740000 - 7674C000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: OLEAUT32.dll (770F0000 - 7717B000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) guard32.dll (10000000 - 10046000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) msprivs.dll (4D200000 - 4D20E000) kerberos.dll (71C70000 - 71CBC000) msv1_0.dll (77C40000 - 77C65000) iphlpapi.dll (76D20000 - 76D39000) netlogon.dll (74430000 - 74495000) w32time.dll (76770000 - 7679D000) MSVCP60.dll (76020000 - 76085000) schannel.dll (767A0000 - 767C8000) CRYPT32.dll (77A50000 - 77AE6000) wdigest.dll (7F000000 - 7F011000) rsaenh.dll (68000000 - 68036000) setupapi.dll (778F0000 - 779E4000) scecli.dll (7D520000 - 7D551000) ipsecsvc.dll (74350000 - 74380000) AUTHZ.dll (77690000 - 776A2000) oakley.DLL (756C0000 - 75790000) WINIPSEC.DLL (742E0000 - 742EB000) pstorsvc.dll (74310000 - 7431B000) psbase.dll (74330000 - 7434B000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) dssenh.dll (68100000 - 68126000) PID 992 - C:\WINDOWS\system32\Ati2evxx.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717B000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: userenv.dll (76620000 - 766D6000) powrprof.dll (74A50000 - 74A58000) psapi.dll (76BB0000 - 76BBB000) msv1_0.dll (77C40000 - 77C65000) cryptdll.dll (76740000 - 7674C000) iphlpapi.dll (76D20000 - 76D39000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) Ati2edxx.dll (003F0000 - 00400000) atipdlxx.dll (00CB0000 - 00CCF000) PID 1012 - C:\WINDOWS\system32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717B000) MSACM32.dll (77BB0000 - 77BC5000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) NTMARTA.DLL (77660000 - 77681000) SAMLIB.dll (71B70000 - 71B83000) WLDAP32.dll (76F20000 - 76F4D000) rpcss.dll (76A30000 - 76A94000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) xpsp2res.dll (00810000 - 00AE9000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) termsrv.dll (761D0000 - 76224000) ICAAPI.dll (74EF0000 - 74EF6000) SETUPAPI.dll (778F0000 - 779E4000) WINTRUST.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) IMAGEHLP.dll (76C50000 - 76C78000) AUTHZ.dll (77690000 - 776A2000) mstlsapi.dll (75090000 - 750AF000) ACTIVEDS.dll (77C90000 - 77CC2000) adsldpc.dll (76DD0000 - 76DF5000) NETAPI32.dll (597D0000 - 59825000) ATL.DLL (76AD0000 - 76AE1000) REGAPI.dll (76B70000 - 76B7F000) rsaenh.dll (68000000 - 68036000) Apphelp.dll (77B10000 - 77B32000) PID 1088 - C:\WINDOWS\system32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717B000) MSACM32.dll (77BB0000 - 77BC5000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) rpcss.dll (76A30000 - 76A94000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) xpsp2res.dll (00810000 - 00AE9000) rsaenh.dll (68000000 - 68036000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) DNSAPI.dll (76EE0000 - 76F07000) iphlpapi.dll (76D20000 - 76D39000) winrnr.dll (76F70000 - 76F78000) WLDAP32.dll (76F20000 - 76F4D000) rasadhlp.dll (76F80000 - 76F86000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) msi.dll (7D1F0000 - 7D4AC000) PID 1444 - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 5D - 11 7C91CF70: A4 - 00 7C91CF71: B4 - 00 7C91CF72: 83 - 00 --> JMP DWORD PTR DS:[004673D0] Patched by C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe+0xFFC00000 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe+0xFFC00000: Base address: 00400000 Size: 000F5000 Flags: 00005000 Load count: 65535 Name: (null) Prod. Version: (null) Company: (null) File Version: (null) Description: (null) Location: C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 5D - 11 7C91CF70: A4 - 00 7C91CF71: B4 - 00 7C91CF72: 83 - 00 --> JMP DWORD PTR DS:[004673D0] Patched by C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe+0xFFC00000 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe+0xFFC00000: Base address: 00400000 Size: 000F5000 Flags: 00005000 Load count: 65535 Name: (null) Prod. Version: (null) Company: (null) File Version: (null) Description: (null) Location: C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) VERSION.dll (77BD0000 - 77BD8000) USER32.dll (7E360000 - 7E3F1000) GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) SHELL32.dll (7E670000 - 7EE91000) msvcrt.dll (77BE0000 - 77C38000) SHLWAPI.dll (77F40000 - 77FB6000) ole32.dll (774B0000 - 775ED000) OLEAUT32.dll (770F0000 - 7717B000) FLTLIB.DLL (5E160000 - 5E168000) WININET.dll (77180000 - 7722B000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) dbghelp.dll (59DD0000 - 59E71000) imagehlp.dll (76C50000 - 76C78000) WINTRUST.dll (76BF0000 - 76C1E000) PSAPI.DLL (76BB0000 - 76BBB000) WINMM.dll (76AF0000 - 76B1E000) NETAPI32.dll (597D0000 - 59825000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) OLEACC.dll (74C00000 - 74C2C000) MSVCP60.dll (76020000 - 76085000) WINSPOOL.DRV (72F70000 - 72F96000) COMDLG32.dll (76350000 - 7639A000) COMCTL32.dll (5D450000 - 5D4EA000) guard32.dll (10000000 - 10046000) comctl32.dll (773A0000 - 774A3000) Framework.dll (00CA0000 - 00CC7000) urlmon.dll (7DF20000 - 7DFC3000) rasapi32.dll (76EA0000 - 76EDC000) rasman.dll (76E50000 - 76E62000) TAPI32.dll (76E70000 - 76E9F000) rtutils.dll (76E40000 - 76E4E000) SETUPAPI.dll (778F0000 - 779E4000) platform.dll (01540000 - 0157A000) common.cav (015A0000 - 015D7000) signmgr.dll (01600000 - 01666000) fileid.cav (017D0000 - 017FF000) pkann.dll (01820000 - 01875000) mach32.dll (018A0000 - 019BC000) white.cav (01FC0000 - 01FD2000) rsaenh.dll (68000000 - 68036000) xpsp2res.dll (05020000 - 052F9000) userenv.dll (76620000 - 766D6000) cryptnet.dll (76580000 - 76593000) SensApi.dll (72240000 - 72245000) WINHTTP.dll (4D5C0000 - 4D619000) WLDAP32.dll (76F20000 - 76F4D000) Cabinet.dll (750D0000 - 750E3000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) wbemprox.dll (74E70000 - 74E78000) wbemcomn.dll (75210000 - 75247000) wbemsvc.dll (74E50000 - 74E5E000) fastprox.dll (75620000 - 75696000) NTDSAPI.dll (76750000 - 76763000) DNSAPI.dll (76EE0000 - 76F07000) PID 1468 - C:\WINDOWS\system32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717B000) MSACM32.dll (77BB0000 - 77BC5000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) NTMARTA.DLL (77660000 - 77681000) SAMLIB.dll (71B70000 - 71B83000) WLDAP32.dll (76F20000 - 76F4D000) xpsp2res.dll (00810000 - 00AE9000) cryptsvc.dll (76CD0000 - 76CE2000) certcli.dll (752D0000 - 75303000) ATL.DLL (76AD0000 - 76AE1000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) CRYPTUI.dll (76880000 - 76905000) NETAPI32.dll (597D0000 - 59825000) WININET.dll (77180000 - 7722B000) WINTRUST.dll (76BF0000 - 76C1E000) IMAGEHLP.dll (76C50000 - 76C78000) ESENT.dll (5E200000 - 5E310000) shsvcs.dll (776B0000 - 776D3000) WINSTA.dll (76300000 - 76310000) The code of WinStationTerminateProcess at 76307819 (0) got patched. Here is the diff: Address New-Original 76307819: E9 - 6A 7630781A: C2 - 14 7630781B: F8 - 68 --> JMP DWORD PTR DS:[100270E0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: dhcpcsvc.dll (7D4C0000 - 7D4E2000) DNSAPI.dll (76EE0000 - 76F07000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) iphlpapi.dll (76D20000 - 76D39000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) wzcsvc.dll (7DB20000 - 7DBAC000) rtutils.dll (76E40000 - 76E4E000) WMI.dll (76CF0000 - 76CF4000) EapolQec.dll (745C0000 - 745CB000) QUtil.dll (61900000 - 61916000) MSVCP60.dll (76020000 - 76085000) dot3api.dll (5F8F0000 - 5F8FA000) WTSAPI32.dll (76F10000 - 76F18000) rsaenh.dll (68000000 - 68036000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) rastls.dll (7D4F0000 - 7D517000) MPRAPI.dll (76D00000 - 76D18000) ACTIVEDS.dll (77C90000 - 77CC2000) adsldpc.dll (76DD0000 - 76DF5000) SETUPAPI.dll (778F0000 - 779E4000) RASAPI32.dll (76EA0000 - 76EDC000) rasman.dll (76E50000 - 76E62000) TAPI32.dll (76E70000 - 76E9F000) SCHANNEL.dll (767A0000 - 767C8000) WinSCard.dll (72360000 - 7237C000) PSAPI.DLL (76BB0000 - 76BBB000) raschap.dll (76CA0000 - 76CB6000) msv1_0.dll (77C40000 - 77C65000) cryptdll.dll (76740000 - 7674C000) schedsvc.dll (76B20000 - 76B54000) NTDSAPI.dll (76750000 - 76763000) MSIDLE.DLL (74ED0000 - 74ED5000) audiosrv.dll (70DC0000 - 70DCD000) wkssvc.dll (76E00000 - 76E23000) qmgr.dll (5AF90000 - 5AFFB000) MPR.dll (71A80000 - 71A92000) SHFOLDER.dll (76730000 - 76739000) WINHTTP.dll (4D5C0000 - 4D619000) ersvc.dll (74F00000 - 74F09000) es.dll (776E0000 - 77724000) netman.dll (77CD0000 - 77D03000) netshell.dll (763A0000 - 7654A000) credui.dll (76BC0000 - 76BEF000) dot3dlg.dll (71260000 - 71266000) OneX.DLL (72760000 - 72788000) eappcfg.dll (6DB40000 - 6DB62000) eappprxy.dll (47700000 - 4770E000) WZCSAPI.DLL (72FA0000 - 72FB0000) pchsvc.dll (74EC0000 - 74ECC000) hidserv.dll (68D80000 - 68D89000) HID.DLL (68D90000 - 68D99000) srvsvc.dll (75010000 - 7502A000) sens.dll (72260000 - 7226D000) seclogon.dll (73C90000 - 73C98000) ipnathlp.dll (668D0000 - 66926000) AUTHZ.dll (77690000 - 776A2000) srsvc.dll (75120000 - 7514E000) POWRPROF.dll (74A50000 - 74A58000) trkwks.dll (74FF0000 - 75009000) SXS.DLL (76970000 - 76A21000) w32time.dll (76770000 - 7679D000) wmisvc.dll (4F110000 - 4F138000) VSSAPI.DLL (75360000 - 753CD000) wuauserv.dll (50000000 - 50005000) wuaueng.dll (50040000 - 50219000) WINSPOOL.DRV (72F70000 - 72F96000) Cabinet.dll (750D0000 - 750E3000) mspatcha.dll (604A0000 - 604AB000) browser.dll (772F0000 - 77306000) wscsvc.dll (4C170000 - 4C187000) msi.dll (7D1F0000 - 7D4AC000) wbemcomn.dll (75210000 - 75247000) wbemcore.dll (76260000 - 762E5000) esscli.dll (75290000 - 752CF000) FastProx.dll (75620000 - 75696000) wbemsvc.dll (74E50000 - 74E5E000) sfc.dll (76B60000 - 76B65000) sfc_os.dll (76C20000 - 76C4A000) wmiutils.dll (74FA0000 - 74FBC000) comsvcs.dll (76090000 - 761CC000) colbact.DLL (750B0000 - 750C4000) MTXCLU.DLL (75070000 - 75083000) WSOCK32.dll (71A30000 - 71A3A000) CLUSAPI.DLL (76D60000 - 76D72000) RESUTILS.DLL (75030000 - 75042000) repdrvfs.dll (75180000 - 751AF000) Apphelp.dll (77B10000 - 77B32000) wmiprvsd.dll (42160000 - 421D2000) NCObjAPI.DLL (5FB60000 - 5FB6C000) wbemess.dll (75310000 - 75356000) ncprov.dll (5FB30000 - 5FB3E000) wups2.dll (50F00000 - 50F0D000) tapisrv.dll (73350000 - 73390000) rasmans.dll (7DEE0000 - 7DF12000) WINIPSEC.DLL (742E0000 - 742EB000) netcfgx.dll (75580000 - 7561D000) upnp.dll (76DA0000 - 76DC4000) SSDPAPI.dll (74E80000 - 74E8C000) rastapi.dll (75490000 - 754A1000) unimdm.tsp (58030000 - 58066000) uniplat.dll (71F90000 - 71F97000) rasadhlp.dll (76F80000 - 76F86000) kmddsp.tsp (580B0000 - 580BB000) ndptsp.tsp (58090000 - 580A0000) ipconf.tsp (580C0000 - 580C8000) h323.tsp (580E0000 - 58126000) hidphone.tsp (580D0000 - 580DA000) rasppp.dll (721D0000 - 72207000) ntlsapi.dll (72420000 - 72426000) kerberos.dll (71C70000 - 71CBC000) RASQEC.DLL (4DB70000 - 4DB83000) RASDLG.dll (754D0000 - 7557B000) dssenh.dll (68100000 - 68126000) catsrvut.dll (70020000 - 700BE000) catsrv.dll (700E0000 - 7011D000) MfcSubs.dll (61DB0000 - 61DB9000) urlmon.dll (7DF20000 - 7DFC3000) msxml3.dll (74900000 - 74A23000) PID 1560 - C:\WINDOWS\System32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717B000) MSACM32.dll (77BB0000 - 77BC5000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) dnsrslvr.dll (76720000 - 7672D000) DNSAPI.dll (76EE0000 - 76F07000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) iphlpapi.dll (76D20000 - 76D39000) rsaenh.dll (68000000 - 68036000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) PID 1828 - C:\WINDOWS\system32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717B000) MSACM32.dll (77BB0000 - 77BC5000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) NTMARTA.DLL (77660000 - 77681000) SAMLIB.dll (71B70000 - 71B83000) WLDAP32.dll (76F20000 - 76F4D000) xpsp2res.dll (00810000 - 00AE9000) lmhsvc.dll (74BC0000 - 74BC6000) iphlpapi.dll (76D20000 - 76D39000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) ssdpsrv.dll (76910000 - 76924000) hnetcfg.dll (66710000 - 66769000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) mswsock.dll (719B0000 - 719F0000) wshtcpip.dll (719F0000 - 719F8000) PID 1884 - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) PSAPI.DLL (76BB0000 - 76BBB000) sbap.dll (00350000 - 003DC000) SBTE.dll (00550000 - 00681000) sfc.dll (76B60000 - 76B65000) sfc_os.dll (76C20000 - 76C4A000) WINTRUST.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) msvcrt.dll (77BE0000 - 77C38000) IMAGEHLP.dll (76C50000 - 76C78000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) OLEAUT32.dll (770F0000 - 7717B000) USERENV.dll (76620000 - 766D6000) WININET.dll (77180000 - 7722B000) The code of InternetConnectA at 7719345A (0) got patched. Here is the diff: Address New-Original 7719345A: E9 - 8B 7719345B: B1 - FF 7719345C: 23 - 55 7719345D: E9 - 8B 7719345E: 98 - EC --> JMP DWORD PTR DS:[10025810] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of InternetConnectW at 7719EE40 (0) got patched. Here is the diff: Address New-Original 7719EE40: E9 - 8B 7719EE41: AB - FF 7719EE42: 69 - 55 7719EE43: E8 - 8B 7719EE44: 98 - EC --> JMP DWORD PTR DS:[100257F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPAPI.dll (00690000 - 006E5000) MSVCP90.dll (78480000 - 7850E000) MSVCR90.dll (78520000 - 785C3000) FLTLIB.DLL (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) Resources.dll (00E20000 - 01423000) NTMARTA.DLL (77660000 - 77681000) SAMLIB.dll (71B70000 - 71B83000) WLDAP32.dll (76F20000 - 76F4D000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) mstask.dll (73540000 - 73587000) comdlg32.dll (76350000 - 7639A000) MPR.dll (71A80000 - 71A92000) NTDSAPI.dll (76750000 - 76763000) DNSAPI.dll (76EE0000 - 76F07000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) NETAPI32.dll (597D0000 - 59825000) lavalicense.dll (01B80000 - 01BE1000) xpsp2res.dll (01CF0000 - 01FC9000) wbemprox.dll (74E70000 - 74E78000) wbemcomn.dll (75210000 - 75247000) wbemsvc.dll (74E50000 - 74E5E000) fastprox.dll (75620000 - 75696000) MSVCP60.dll (76020000 - 76085000) ceapi.dll (024D0000 - 025C0000) rsaenh.dll (68000000 - 68036000) cryptnet.dll (76580000 - 76593000) SensApi.dll (72240000 - 72245000) WINHTTP.dll (4D5C0000 - 4D619000) Cabinet.dll (750D0000 - 750E3000) msv1_0.dll (77C40000 - 77C65000) cryptdll.dll (76740000 - 7674C000) iphlpapi.dll (76D20000 - 76D39000) lavamessage.dll (04250000 - 04284000) wsock32.dll (71A30000 - 71A3A000) RASAPI32.DLL (76EA0000 - 76EDC000) rasman.dll (76E50000 - 76E62000) TAPI32.dll (76E70000 - 76E9F000) rtutils.dll (76E40000 - 76E4E000) WINMM.dll (76AF0000 - 76B1E000) urlmon.dll (7DF20000 - 7DFC3000) The code of URLDownloadToCacheFileA at 7DF7BC8B (0) got patched. Here is the diff: Address New-Original 7DF7BC8B: E9 - 8B 7DF7BC8C: C0 - FF 7DF7BC8D: 9A - 55 7DF7BC8E: 0A - 8B 7DF7BC8F: 92 - EC --> JMP DWORD PTR DS:[10025750] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of URLDownloadToCacheFileW at 7DF7B87C (0) got patched. Here is the diff: Address New-Original 7DF7B87C: E9 - 8B 7DF7B87D: AF - FF 7DF7B87E: 9E - 55 7DF7B87F: 0A - 8B 7DF7B880: 92 - EC --> JMP DWORD PTR DS:[10025730] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of URLDownloadToFileA at 7DF7BB85 (0) got patched. Here is the diff: Address New-Original 7DF7BB85: E9 - 8B 7DF7BB86: 06 - FF 7DF7BB87: 9C - 55 7DF7BB88: 0A - 8B 7DF7BB89: 92 - EC --> JMP DWORD PTR DS:[10025790] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of URLDownloadToFileW at 7DF7B816 (0) got patched. Here is the diff: Address New-Original 7DF7B816: E9 - 8B 7DF7B817: 55 - FF 7DF7B818: 9F - 55 7DF7B819: 0A - 8B 7DF7B81A: 92 - EC --> JMP DWORD PTR DS:[10025770] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: mswsock.dll (719B0000 - 719F0000) rasadhlp.dll (76F80000 - 76F86000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) PID 1936 - C:\WINDOWS\system32\Ati2evxx.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717B000) guard32.dll (10000000 - 10046000) VERSION.dll (77BD0000 - 77BD8000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: userenv.dll (76620000 - 766D6000) powrprof.dll (74A50000 - 74A58000) psapi.dll (76BB0000 - 76BBB000) xpsp2res.dll (00D70000 - 01049000) msv1_0.dll (77C40000 - 77C65000) cryptdll.dll (76740000 - 7674C000) iphlpapi.dll (76D20000 - 76D39000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) Ati2edxx.dll (00CC0000 - 00CD0000) atipdlxx.dll (00CE0000 - 00CFF000) ati2evxx.dll (00D10000 - 00D28000) PID 260 - C:\WINDOWS\system32\spoolsv.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) msvcrt.dll (77BE0000 - 77C38000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: OLEAUT32.dll (770F0000 - 7717B000) MSACM32.dll (77BB0000 - 77BC5000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) SPOOLSS.DLL (74250000 - 74265000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) DNSAPI.dll (76EE0000 - 76F07000) rasadhlp.dll (76F80000 - 76F86000) localspl.dll (75E60000 - 75EB8000) sfc_os.dll (76C20000 - 76C4A000) WINTRUST.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) IMAGEHLP.dll (76C50000 - 76C78000) winspool.drv (72F70000 - 72F96000) netapi32.dll (597D0000 - 59825000) cnbjmon.dll (74200000 - 7420F000) pjlmon.dll (741E0000 - 741E7000) tcpmon.dll (72390000 - 7239F000) usbmon.dll (72380000 - 72387000) filterpipelineprintproc.dll(3F420000 - 3F43B000) mswsock.dll (719B0000 - 719F0000) winrnr.dll (76F70000 - 76F78000) WLDAP32.dll (76F20000 - 76F4D000) win32spl.dll (76550000 - 76574000) NETRAP.dll (71C00000 - 71C07000) NTDSAPI.dll (76750000 - 76763000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) inetpp.dll (74270000 - 74285000) xpsp2res.dll (01060000 - 01339000) PID 368 - C:\Programme\Avira\AntiVir Desktop\sched.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) IPHLPAPI.DLL (76D20000 - 76D39000) msvcrt.dll (77BE0000 - 77C38000) WS2_32.dll (71A10000 - 71A27000) The code of WSASocketA at 71A18B6A (0) got patched. Here is the diff: Address New-Original 71A18B6A: E9 - 8B 71A18B6B: 61 - FF 71A18B6C: CC - 55 71A18B6D: 60 - 8B 71A18B6E: 9E - EC --> JMP DWORD PTR DS:[100257D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WSASocketW at 71A1404E (0) got patched. Here is the diff: Address New-Original 71A1404E: E9 - 6A 71A1404F: 5D - 20 71A14050: 17 - 68 --> JMP DWORD PTR DS:[100257B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WS2HELP.dll (71A00000 - 71A08000) MSVCP90.dll (78480000 - 7850E000) MSVCR90.dll (78520000 - 785C3000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) schedr.dll (00A60000 - 00A64000) WTSAPI32.DLL (76F10000 - 76F18000) WINSTA.dll (76300000 - 76310000) NETAPI32.dll (597D0000 - 59825000) rasapi32.dll (76EA0000 - 76EDC000) rasman.dll (76E50000 - 76E62000) TAPI32.dll (76E70000 - 76E9F000) rtutils.dll (76E40000 - 76E4E000) WINMM.dll (76AF0000 - 76B1E000) avevtlog.dll (00D50000 - 00D86000) cfglib.dll (00D30000 - 00D40000) sqlite3.dll (00EA0000 - 00EFB000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) xpsp2res.dll (01670000 - 01949000) rsaenh.dll (68000000 - 68036000) userenv.dll (76620000 - 766D6000) cryptnet.dll (76580000 - 76593000) PSAPI.DLL (76BB0000 - 76BBB000) SensApi.dll (72240000 - 72245000) WINHTTP.dll (4D5C0000 - 4D619000) WLDAP32.dll (76F20000 - 76F4D000) Cabinet.dll (750D0000 - 750E3000) ole32.dll (774B0000 - 775ED000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) DNSAPI.dll (76EE0000 - 76F07000) rasadhlp.dll (76F80000 - 76F86000) PID 544 - C:\WINDOWS\Explorer.EXE ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) Explorer.EXE:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\ShimEng.dll: Base address: 5CF00000 Size: 00026000 Flags: 8000400C Load count: 1 Name: Microsoft® Windows® Operating System Prod. Version: 5.1.2600.5512 Company: Microsoft Corporation File Version: 5.1.2600.5512 (xpsp.080413-2105) Description: Shim Engine DLL Location: C:\WINDOWS\system32\ShimEng.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\ShimEng.dll: Base address: 5CF00000 Size: 00026000 Flags: 8000400C Load count: 1 Name: Microsoft® Windows® Operating System Prod. Version: 5.1.2600.5512 Company: Microsoft Corporation File Version: 5.1.2600.5512 (xpsp.080413-2105) Description: Shim Engine DLL Location: C:\WINDOWS\system32\ShimEng.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: USER32.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll GDI32.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll ADVAPI32.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll RPCRT4.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll Secur32.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll VERSION.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll BROWSEUI.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll msvcrt.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll ole32.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll SHLWAPI.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll OLEAUT32.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll SHDOCVW.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll CRYPT32.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll MSASN1.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll CRYPTUI.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll NETAPI32.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll WININET.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll WINTRUST.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll IMAGEHLP.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll WLDAP32.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll SHELL32.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll UxTheme.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll WINMM.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll MSACM32.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll USERENV.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll comctl32.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll comctl32.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll appHelp.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll CLBCATQ.DLL :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll cscui.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll CSCDLL.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll themeui.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll msutb.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll MSCTF.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll ntshrui.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll ATL.DLL :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll SETUPAPI.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll LINKINFO.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll NETSHELL.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll credui.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll WTSAPI32.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll eappcfg.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll iphlpapi.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll WS2_32.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll WS2HELP.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll msi.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll urlmon.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll webcheck.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll stobject.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll BatMeter.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll wdmaud.drv :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll MPR.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll ntlanman.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll NETUI0.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll davclnt.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll rsaenh.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll SXS.DLL :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll MSVCR80.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll DUSER.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll MSGINA.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll ODBC32.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll comdlg32.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll MLANG.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll gdiplus.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll mscms.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll WINSPOOL.DRV:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll NTMARTA.DLL :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll actxprxy.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll shimgvw.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll atiacmxx.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll mbamext.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll MFC71U.DLL :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll MSVCR71.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll rarext.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll shlext.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll mfc90u.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll MSVCR90.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll ShellExt.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll ATL90.DLL :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll PSAPI.DLL :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll InCDshx.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll MFC71.DLL :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll CoverEdExtensGetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll MSVFW32.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll Faultrep.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll RICHED20.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll cavshell.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll syncui.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll shmedia.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll l3codeca.acm:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll qedit.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll quartz.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll devenum.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll DivXMedia.ax:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll NeFLVSplitterGetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll [i] Unable to load module C:\Programme\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax for checking. divxdec.ax :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll [i] Unable to load module C:\Programme\Gemeinsame Dateien\Ahead\DSFilter\NeVideo.ax for checking. [i] Unable to load module C:\Programme\Gemeinsame Dateien\Ahead\DSFilter\NeVideo.ax for checking. [i] Unable to load module C:\Programme\Gemeinsame Dateien\Ahead\DSFilter\NeVideo.ax for checking. [i] Unable to load module C:\Programme\Gemeinsame Dateien\Ahead\DSFilter\NeVideo.ax for checking. DDRAW.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll DCIMAN32.dll:GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll AdvrCntr2.dllGetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll qdvd.dll :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll NeResize.ax :GetProcAddress --[HOOKED]-- @5CF07774 by C:\WINDOWS\system32\ShimEng.dll The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) BROWSEUI.dll (75F20000 - 7601D000) msvcrt.dll (77BE0000 - 77C38000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) OLEAUT32.dll (770F0000 - 7717B000) SHDOCVW.dll (7E1E0000 - 7E353000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) CRYPTUI.dll (76880000 - 76905000) NETAPI32.dll (597D0000 - 59825000) WININET.dll (77180000 - 7722B000) The code of InternetConnectA at 7719345A (0) got patched. Here is the diff: Address New-Original 7719345A: E9 - 8B 7719345B: B1 - FF 7719345C: 23 - 55 7719345D: E9 - 8B 7719345E: 98 - EC --> JMP DWORD PTR DS:[10025810] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of InternetConnectW at 7719EE40 (0) got patched. Here is the diff: Address New-Original 7719EE40: E9 - 8B 7719EE41: AB - FF 7719EE42: 69 - 55 7719EE43: E8 - 8B 7719EE44: 98 - EC --> JMP DWORD PTR DS:[100257F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WINTRUST.dll (76BF0000 - 76C1E000) IMAGEHLP.dll (76C50000 - 76C78000) WLDAP32.dll (76F20000 - 76F4D000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll (5B0F0000 - 5B128000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) MSACM32.dll (77BB0000 - 77BC5000) USERENV.dll (76620000 - 766D6000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) appHelp.dll (77B10000 - 77B32000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) cscui.dll (779F0000 - 77A46000) CSCDLL.dll (765A0000 - 765BD000) themeui.dll (5B9B0000 - 5BA22000) MSIMG32.dll (76320000 - 76325000) xpsp2res.dll (01110000 - 013E9000) msutb.dll (60010000 - 60043000) MSCTF.dll (746A0000 - 746EC000) ntshrui.dll (76940000 - 76966000) ATL.DLL (76AD0000 - 76AE1000) SETUPAPI.dll (778F0000 - 779E4000) LINKINFO.dll (76930000 - 76938000) NETSHELL.dll (763A0000 - 7654A000) credui.dll (76BC0000 - 76BEF000) dot3api.dll (5F8F0000 - 5F8FA000) rtutils.dll (76E40000 - 76E4E000) dot3dlg.dll (71260000 - 71266000) OneX.DLL (72760000 - 72788000) WTSAPI32.dll (76F10000 - 76F18000) WINSTA.dll (76300000 - 76310000) eappcfg.dll (6DB40000 - 6DB62000) MSVCP60.dll (76020000 - 76085000) eappprxy.dll (47700000 - 4770E000) iphlpapi.dll (76D20000 - 76D39000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) msi.dll (7D1F0000 - 7D4AC000) urlmon.dll (7DF20000 - 7DFC3000) The code of URLDownloadToCacheFileA at 7DF7BC8B (0) got patched. Here is the diff: Address New-Original 7DF7BC8B: E9 - 8B 7DF7BC8C: C0 - FF 7DF7BC8D: 9A - 55 7DF7BC8E: 0A - 8B 7DF7BC8F: 92 - EC --> JMP DWORD PTR DS:[10025750] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of URLDownloadToCacheFileW at 7DF7B87C (0) got patched. Here is the diff: Address New-Original 7DF7B87C: E9 - 8B 7DF7B87D: AF - FF 7DF7B87E: 9E - 55 7DF7B87F: 0A - 8B 7DF7B880: 92 - EC --> JMP DWORD PTR DS:[10025730] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of URLDownloadToFileA at 7DF7BB85 (0) got patched. Here is the diff: Address New-Original 7DF7BB85: E9 - 8B 7DF7BB86: 06 - FF 7DF7BB87: 9C - 55 7DF7BB88: 0A - 8B 7DF7BB89: 92 - EC --> JMP DWORD PTR DS:[10025790] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of URLDownloadToFileW at 7DF7B816 (0) got patched. Here is the diff: Address New-Original 7DF7B816: E9 - 8B 7DF7B817: 55 - FF 7DF7B818: 9F - 55 7DF7B819: 0A - 8B 7DF7B81A: 92 - EC --> JMP DWORD PTR DS:[10025770] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: webcheck.dll (74AB0000 - 74AF8000) WSOCK32.dll (71A30000 - 71A3A000) stobject.dll (765C0000 - 765E1000) BatMeter.dll (74A70000 - 74A7A000) POWRPROF.dll (74A50000 - 74A58000) wdmaud.drv (72C90000 - 72C99000) msacm32.drv (72C80000 - 72C88000) midimap.dll (77BA0000 - 77BA7000) MPR.dll (71A80000 - 71A92000) drprov.dll (75F00000 - 75F07000) ntlanman.dll (71B90000 - 71B9E000) NETUI0.dll (71C50000 - 71C67000) NETUI1.dll (71C10000 - 71C50000) NETRAP.dll (71C00000 - 71C07000) SAMLIB.dll (71B70000 - 71B83000) davclnt.dll (75F10000 - 75F1A000) rsaenh.dll (68000000 - 68036000) SXS.DLL (76970000 - 76A21000) PDFShell.dll (00E20000 - 00E7B000) MSVCR80.dll (78130000 - 781CB000) PDFShell.DEU (00E80000 - 00ECC000) browselc.dll (71600000 - 71613000) DUSER.dll (6C670000 - 6C6BD000) MSGINA.dll (75910000 - 75A0A000) ODBC32.dll (745D0000 - 7460D000) comdlg32.dll (76350000 - 7639A000) odbcint.dll (1F840000 - 1F859000) MLANG.dll (75DC0000 - 75E51000) shdoclc.dll (71800000 - 7188E000) gdiplus.dll (4EBA0000 - 4ED4B000) mscms.dll (73AA0000 - 73AB5000) WINSPOOL.DRV (72F70000 - 72F96000) NTMARTA.DLL (77660000 - 77681000) actxprxy.dll (71CC0000 - 71CDB000) shimgvw.dll (5CE90000 - 5CEFE000) atiacmxx.dll (00E00000 - 00E13000) mbamext.dll (00D10000 - 00D28000) NBShell.dll (00D30000 - 00D49000) MFC71U.DLL (7C250000 - 7C352000) MSVCR71.dll (00D80000 - 00DD6000) MSVCP71.dll (7C3A0000 - 7C41B000) rarext.dll (01430000 - 0145D000) shlext.dll (01530000 - 01548000) mfc90u.dll (789E0000 - 78D81000) MSVCR90.dll (78520000 - 785C3000) MSVCP90.dll (78480000 - 7850E000) MFC90DEU.DLL (5D360000 - 5D36F000) ShellExt.dll (01740000 - 0176A000) ATL90.DLL (78E20000 - 78E4B000) PSAPI.DLL (76BB0000 - 76BBB000) InCDshx.dll (1C000000 - 1C018000) MFC71.DLL (7C140000 - 7C243000) CoverEdExtension.dll(03410000 - 035F2000) MSVFW32.dll (75EC0000 - 75EE1000) Faultrep.dll (69900000 - 69916000) RICHED32.DLL (73250000 - 73255000) RICHED20.dll (74DB0000 - 74E1D000) cavshell.dll (023E0000 - 02424000) syncui.dll (71D30000 - 71D63000) shmedia.dll (5CE60000 - 5CE88000) AVIFIL32.dll (73AC0000 - 73AD7000) l3codeca.acm (58700000 - 5878A000) qedit.dll (66B80000 - 66C0C000) quartz.dll (74790000 - 748FE000) devenum.dll (765F0000 - 76601000) DivXMedia.ax (04010000 - 04066000) NeFLVSplitter.ax (02A50000 - 02A70000) DivXDecH264.ax (048D0000 - 04AB1000) [-] Unable to load module C:\Programme\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax for checking divxdec.ax (04AC0000 - 04BC4000) NeVideo.ax (04BD0000 - 04D9A000) [-] Unable to load module C:\Programme\Gemeinsame Dateien\Ahead\DSFilter\NeVideo.ax for checking DDRAW.dll (736D0000 - 7371B000) DCIMAN32.dll (73B30000 - 73B36000) AdvrCntr2.dll (04DA0000 - 05093000) qdvd.dll (47290000 - 472F1000) NeResize.ax (05AA0000 - 05AC5000) perfos.dll (5EB30000 - 5EB3A000) PID 556 - C:\WINDOWS\System32\svchost.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717B000) MSACM32.dll (77BB0000 - 77BC5000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) NTMARTA.DLL (77660000 - 77681000) SAMLIB.dll (71B70000 - 71B83000) WLDAP32.dll (76F20000 - 76F4D000) xpsp2res.dll (00810000 - 00AE9000) webclnt.dll (5AA50000 - 5AA65000) WININET.dll (77180000 - 7722B000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) PID 940 - C:\WINDOWS\system32\RunDll32.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) msvcrt.dll (77BE0000 - 77C38000) IMAGEHLP.dll (76C50000 - 76C78000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: OLEAUT32.dll (770F0000 - 7717B000) MSACM32.dll (77BB0000 - 77BC5000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) c6501.cpl (01020000 - 015AB000) CFGMGR32.dll (74A60000 - 74A67000) setupapi.dll (778F0000 - 779E4000) WINSPOOL.DRV (72F70000 - 72F96000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) c6501p.dll (00B20000 - 00B28000) WINTRUST.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) dsound.dll (73E70000 - 73ECC000) wdmaud.drv (72C90000 - 72C99000) msacm32.drv (72C80000 - 72C88000) midimap.dll (77BA0000 - 77BA7000) KsUser.dll (73E40000 - 73E44000) PID 1128 - C:\Programme\Avira\AntiVir Desktop\avgnt.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) mfc90u.dll (789E0000 - 78D81000) MSVCR90.dll (78520000 - 785C3000) SHLWAPI.dll (77F40000 - 77FB6000) msvcrt.dll (77BE0000 - 77C38000) COMCTL32.dll (773A0000 - 774A3000) MSIMG32.dll (76320000 - 76325000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: MSVCP90.dll (78480000 - 7850E000) gdiplus.dll (4EBA0000 - 4ED4B000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll (5B0F0000 - 5B128000) MFC90DEU.DLL (5D360000 - 5D36F000) ccwkrlib.dll (00BD0000 - 00C1A000) cfglib.dll (00C30000 - 00C40000) ccgen.dll (00C50000 - 00D27000) NETAPI32.dll (597D0000 - 59825000) OLEAUT32.dll (770F0000 - 7717B000) ccgenrc.dll (00D50000 - 00D5C000) ccguard.dll (00F70000 - 00FDE000) PSAPI.DLL (76BB0000 - 76BBB000) ccgrdrc.dll (01000000 - 01008000) ccgrdw.dll (01020000 - 0103A000) avipc.dll (01050000 - 01062000) ccupdate.dll (01080000 - 010C7000) ccupdrc.dll (010F0000 - 010F8000) cclic.dll (01110000 - 0113C000) cclicrc.dll (01160000 - 01163000) ccmsg.dll (01180000 - 011CB000) ccmsgrc.dll (011F0000 - 011F3000) rcimage.dll (01510000 - 01780000) wtsapi32.dll (76F10000 - 76F18000) WINSTA.dll (76300000 - 76310000) ccmainrc.dll (018F0000 - 018F4000) PID 1176 - C:\Programme\COMODO\COMODO Internet Security\cfp.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 8D - 11 7C91CF70: 73 - 00 7C91CF71: DB - 00 7C91CF72: 83 - 00 --> JMP DWORD PTR DS:[006D4300] Patched by C:\Programme\COMODO\COMODO Internet Security\cfp.exe+0xFFC00000 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe+0xFFC00000: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 8D - 11 7C91CF70: 73 - 00 7C91CF71: DB - 00 7C91CF72: 83 - 00 --> JMP DWORD PTR DS:[006D4300] Patched by C:\Programme\COMODO\COMODO Internet Security\cfp.exe+0xFFC00000 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe+0xFFC00000: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. UxTheme.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ADVAPI32.dll:LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ADVAPI32.dll:CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ADVAPI32.dll:GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ADVAPI32.dll:LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ADVAPI32.dll:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ADVAPI32.dll:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RPCRT4.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RPCRT4.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RPCRT4.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RPCRT4.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe Secur32.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe Secur32.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe Secur32.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msvcrt.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msvcrt.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msvcrt.dll :GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msvcrt.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe IPHLPAPI.DLL:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe IPHLPAPI.DLL:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WS2_32.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WS2_32.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WS2_32.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WS2HELP.dll :GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WS2HELP.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WS2HELP.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WS2HELP.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMDLG32.dll:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMDLG32.dll:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMDLG32.dll:LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMDLG32.dll:CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMDLG32.dll:GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :LoadLibraryExA --[HOOKED]-- @0052BA70 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :LoadLibraryExA --[HOOKED]-- @0052BA70 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINSPOOL.DRV:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINSPOOL.DRV:LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINSPOOL.DRV:LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINSPOOL.DRV:CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINSPOOL.DRV:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe oledlg.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe oledlg.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :LoadLibraryExA --[HOOKED]-- @0052BA70 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe OLEAUT32.dll:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe OLEAUT32.dll:CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe OLEAUT32.dll:LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe OLEAUT32.dll:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe OLEAUT32.dll:GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WTSAPI32.dll:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WTSAPI32.dll:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINSTA.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe NETAPI32.dll:LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe NETAPI32.dll:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe NETAPI32.dll:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe NETAPI32.dll:CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe imagehlp.dll:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe imagehlp.dll:GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe imagehlp.dll:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe CRYPT32.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe CRYPT32.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe CRYPT32.dll :LoadLibraryExA --[HOOKED]-- @0052BA70 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe CRYPT32.dll :LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe CRYPT32.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe CRYPT32.dll :GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe MSASN1.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe MSASN1.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINTRUST.dll:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINTRUST.dll:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINTRUST.dll:GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINTRUST.dll:LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe VERSION.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe VERSION.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe VERSION.dll :LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe gdiplus.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe gdiplus.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe gdiplus.dll :GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe gdiplus.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe gdiplus.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe PSAPI.DLL :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe PSAPI.DLL :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe MPR.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe MPR.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe MPR.dll :LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe MPR.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINMM.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINMM.dll :LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINMM.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINMM.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINMM.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msi.dll :LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msi.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msi.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msi.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe guard32.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe guard32.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe guard32.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe guard32.dll :GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe guard32.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe appHelp.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe appHelp.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe appHelp.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe CLBCATQ.DLL :LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe CLBCATQ.DLL :GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe CLBCATQ.DLL :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe CLBCATQ.DLL :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe wdmaud.drv :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe wdmaud.drv :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe wdmaud.drv :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msacm32.drv :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe MSACM32.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msxml3.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msxml3.dll :LoadLibraryExW --[HOOKED]-- @0052BAC0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msxml3.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msxml3.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msxml3.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msxml3.dll :GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe urlmon.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe urlmon.dll :LoadLibraryExA --[HOOKED]-- @0052BA70 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe urlmon.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe urlmon.dll :GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe urlmon.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe urlmon.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe mlang.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe mlang.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe mlang.dll :GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe mlang.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SETUPAPI.dll:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SETUPAPI.dll:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SETUPAPI.dll:LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe dciman32.dll:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe dciman32.dll:GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:LoadLibraryExA --[HOOKED]-- @0052BA70 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe shdocvw.dll :LoadLibraryA --[HOOKED]-- @0052B9F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe shdocvw.dll :LoadLibraryW --[HOOKED]-- @0052BA30 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe shdocvw.dll :GetModuleHandleA --[HOOKED]-- @0052BB10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe shdocvw.dll :GetProcAddress --[HOOKED]-- @0052BBA0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe shdocvw.dll :CreateThread --[HOOKED]-- @0052B120 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe shdocvw.dll :LoadLibraryExA --[HOOKED]-- @0052BA70 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe UxTheme.dll (5B0F0000 - 5B128000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) GDI32.dll (77EF0000 - 77F39000) [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. UxTheme.dll :DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: COMDLG32.dll:DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe oledlg.dll :DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe OLEAUT32.dll:DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe gdiplus.dll :DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msi.dll :DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe guard32.dll :DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe MSACM32.dll :DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe urlmon.dll :DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe mlang.dll :DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SETUPAPI.dll:DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe dciman32.dll:DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe shdocvw.dll :DeleteObject --[HOOKED]-- @0052A880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe USER32.dll (7E360000 - 7E3F1000) [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. [i] Unable to load module C:\Programme\COMODO\COMODO Internet Security\cfp.exe for checking. UxTheme.dll :DrawFrameControl --[HOOKED]-- @0052B7F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :GetScrollInfo --[HOOKED]-- @0052AAD0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :SystemParametersInfoW --[HOOKED]-- @0052B4B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :AdjustWindowRectEx --[HOOKED]-- @0052B5F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :RegisterClassW --[HOOKED]-- @0052B270 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :DrawMenuBar --[HOOKED]-- @0052B880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :DrawEdge --[HOOKED]-- @0052B7A0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :GetSysColorBrush --[HOOKED]-- @0052A8D0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :DefWindowProcW --[HOOKED]-- @0052AD10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :DefFrameProcW --[HOOKED]-- @0052AE40 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: UxTheme.dll :FillRect --[HOOKED]-- @0052B720 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\Programme\COMODO\COMODO Internet Security\cfp.exe: Base address: 00400000 Size: 005BC000 Flags: 00005000 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 138377, 779 Company: COMODO File Version: 4, 0, 138377, 779 Description: COMODO Internet Security Location: C:\Programme\COMODO\COMODO Internet Security\cfp.exe Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: COMDLG32.dll:DefWindowProcW --[HOOKED]-- @0052AD10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMDLG32.dll:GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMDLG32.dll:GetSysColorBrush --[HOOKED]-- @0052A8D0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMDLG32.dll:GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMDLG32.dll:CallWindowProcW --[HOOKED]-- @0052AB40 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMDLG32.dll:DrawEdge --[HOOKED]-- @0052B7A0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMDLG32.dll:FillRect --[HOOKED]-- @0052B720 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:GetSysColorBrush --[HOOKED]-- @0052A8D0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:SystemParametersInfoW --[HOOKED]-- @0052B4B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:DefWindowProcW --[HOOKED]-- @0052AD10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:FillRect --[HOOKED]-- @0052B720 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:DrawEdge --[HOOKED]-- @0052B7A0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:DrawFrameControl --[HOOKED]-- @0052B7F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:RegisterClassW --[HOOKED]-- @0052B270 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:CallWindowProcW --[HOOKED]-- @0052AB40 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:GetScrollInfo --[HOOKED]-- @0052AAD0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:EnableScrollBar --[HOOKED]-- @0052AA40 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:SetScrollPos --[HOOKED]-- @0052A930 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:SetScrollInfo --[HOOKED]-- @0052A9C0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe COMCTL32.dll:AdjustWindowRectEx --[HOOKED]-- @0052B5F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :DefWindowProcA --[HOOKED]-- @0052AC80 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :DefWindowProcW --[HOOKED]-- @0052AD10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :RegisterClassA --[HOOKED]-- @0052B1B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :RegisterClassW --[HOOKED]-- @0052B270 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :SystemParametersInfoW --[HOOKED]-- @0052B4B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :CallWindowProcW --[HOOKED]-- @0052AB40 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :CallWindowProcA --[HOOKED]-- @0052ABE0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHLWAPI.dll :GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :AdjustWindowRectEx --[HOOKED]-- @0052B5F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :DefWindowProcA --[HOOKED]-- @0052AC80 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :DefWindowProcW --[HOOKED]-- @0052AD10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :RegisterClassW --[HOOKED]-- @0052B270 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :GetSysColorBrush --[HOOKED]-- @0052A8D0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :FillRect --[HOOKED]-- @0052B720 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :DrawFrameControl --[HOOKED]-- @0052B7F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :DrawEdge --[HOOKED]-- @0052B7A0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :SystemParametersInfoW --[HOOKED]-- @0052B4B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :GetScrollInfo --[HOOKED]-- @0052AAD0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :CallWindowProcW --[HOOKED]-- @0052AB40 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SHELL32.dll :SetScrollInfo --[HOOKED]-- @0052A9C0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe oledlg.dll :GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe oledlg.dll :GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe oledlg.dll :FillRect --[HOOKED]-- @0052B720 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe oledlg.dll :DefWindowProcW --[HOOKED]-- @0052AD10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe oledlg.dll :RegisterClassW --[HOOKED]-- @0052B270 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe oledlg.dll :DrawMenuBar --[HOOKED]-- @0052B880 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :SystemParametersInfoW --[HOOKED]-- @0052B4B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :CallWindowProcW --[HOOKED]-- @0052AB40 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :RegisterClassW --[HOOKED]-- @0052B270 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe ole32.dll :DefWindowProcW --[HOOKED]-- @0052AD10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe OLEAUT32.dll:GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe OLEAUT32.dll:GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe OLEAUT32.dll:RegisterClassW --[HOOKED]-- @0052B270 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe OLEAUT32.dll:DefWindowProcW --[HOOKED]-- @0052AD10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe CRYPT32.dll :GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe gdiplus.dll :GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe gdiplus.dll :GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe gdiplus.dll :DefWindowProcA --[HOOKED]-- @0052AC80 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe gdiplus.dll :RegisterClassA --[HOOKED]-- @0052B1B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINMM.dll :GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINMM.dll :SystemParametersInfoW --[HOOKED]-- @0052B4B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINMM.dll :RegisterClassA --[HOOKED]-- @0052B1B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe WINMM.dll :DefWindowProcA --[HOOKED]-- @0052AC80 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msi.dll :DefWindowProcW --[HOOKED]-- @0052AD10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msi.dll :RegisterClassW --[HOOKED]-- @0052B270 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msi.dll :GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msi.dll :SystemParametersInfoW --[HOOKED]-- @0052B4B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe guard32.dll :CallWindowProcW --[HOOKED]-- @0052AB40 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe guard32.dll :GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe guard32.dll :DefWindowProcW --[HOOKED]-- @0052AD10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe MSACM32.dll :GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe MSACM32.dll :FillRect --[HOOKED]-- @0052B720 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe urlmon.dll :DefWindowProcA --[HOOKED]-- @0052AC80 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe urlmon.dll :RegisterClassA --[HOOKED]-- @0052B1B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe mlang.dll :GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:SetScrollInfo --[HOOKED]-- @0052A9C0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:SystemParametersInfoW --[HOOKED]-- @0052B4B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:EnableScrollBar --[HOOKED]-- @0052AA40 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:DefWindowProcA --[HOOKED]-- @0052AC80 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:DefWindowProcW --[HOOKED]-- @0052AD10 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:RegisterClassA --[HOOKED]-- @0052B1B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:RegisterClassW --[HOOKED]-- @0052B270 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:SetScrollPos --[HOOKED]-- @0052A930 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:FillRect --[HOOKED]-- @0052B720 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe RICHED20.DLL:DrawFrameControl --[HOOKED]-- @0052B7F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SETUPAPI.dll:SystemParametersInfoW --[HOOKED]-- @0052B4B0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SETUPAPI.dll:GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SETUPAPI.dll:GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe SETUPAPI.dll:GetSysColorBrush --[HOOKED]-- @0052A8D0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe dciman32.dll:GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:FillRect --[HOOKED]-- @0052B720 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:GetSysColorBrush --[HOOKED]-- @0052A8D0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:AdjustWindowRectEx --[HOOKED]-- @0052B5F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:SetScrollInfo --[HOOKED]-- @0052A9C0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:GetScrollInfo --[HOOKED]-- @0052AAD0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:SetScrollPos --[HOOKED]-- @0052A930 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe browseui.dll:DrawEdge --[HOOKED]-- @0052B7A0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe shdocvw.dll :GetSysColor --[HOOKED]-- @0052A820 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe shdocvw.dll :GetSystemMetrics --[HOOKED]-- @0052B330 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe shdocvw.dll :AdjustWindowRectEx --[HOOKED]-- @0052B5F0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe shdocvw.dll :FillRect --[HOOKED]-- @0052B720 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe shdocvw.dll :GetSysColorBrush --[HOOKED]-- @0052A8D0 by C:\Programme\COMODO\COMODO Internet Security\cfp.exe msvcrt.dll (77BE0000 - 77C38000) IPHLPAPI.DLL (76D20000 - 76D39000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) COMDLG32.dll (76350000 - 7639A000) COMCTL32.dll (773A0000 - 774A3000) SHLWAPI.dll (77F40000 - 77FB6000) SHELL32.dll (7E670000 - 7EE91000) WINSPOOL.DRV (72F70000 - 72F96000) oledlg.dll (74CB0000 - 74CD3000) ole32.dll (774B0000 - 775ED000) OLEAUT32.dll (770F0000 - 7717B000) WTSAPI32.dll (76F10000 - 76F18000) WINSTA.dll (76300000 - 76310000) NETAPI32.dll (597D0000 - 59825000) FLTLIB.DLL (5E160000 - 5E168000) imagehlp.dll (76C50000 - 76C78000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) WINTRUST.dll (76BF0000 - 76C1E000) dbghelp.dll (59DD0000 - 59E71000) VERSION.dll (77BD0000 - 77BD8000) WININET.dll (77180000 - 7722B000) gdiplus.dll (4EBA0000 - 4ED4B000) PSAPI.DLL (76BB0000 - 76BBB000) MPR.dll (71A80000 - 71A92000) WINMM.dll (76AF0000 - 76B1E000) msi.dll (7D1F0000 - 7D4AC000) guard32.dll (10000000 - 10046000) appHelp.dll (77B10000 - 77B32000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) wdmaud.drv (72C90000 - 72C99000) msacm32.drv (72C80000 - 72C88000) MSACM32.dll (77BB0000 - 77BC5000) midimap.dll (77BA0000 - 77BA7000) CFP.theme (01670000 - 016D0000) msxml3.dll (74900000 - 74A23000) urlmon.dll (7DF20000 - 7DFC3000) mlang.dll (75DC0000 - 75E51000) RICHED20.DLL (74DB0000 - 74E1D000) msimg32.dll (76320000 - 76325000) SETUPAPI.dll (778F0000 - 779E4000) dciman32.dll (73B30000 - 73B36000) xpsp2res.dll (05190000 - 05469000) browseui.dll (75F20000 - 7601D000) shdocvw.dll (7E1E0000 - 7E353000) CRYPTUI.dll (76880000 - 76905000) WLDAP32.dll (76F20000 - 76F4D000) PID 1188 - C:\Programme\ICQ6.5\ICQ.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of KiUserExceptionDispatcher at 7C91E47C (0) got patched. Here is the diff: Address New-Original 7C91E47C: E9 - 8B 7C91E47D: 4F - 4C 7C91E47E: 71 - 24 7C91E47F: 70 - 04 7C91E480: 93 - 8B 7C91E481: CC - 1C 7C91E482: CC - 24 --> JMP DWORD PTR DS:[100255D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) OLEAUT32.dll (770F0000 - 7717B000) MKernel.dll (31500000 - 3153A000) MUtils.dll (31000000 - 3109F000) MSVCP71.dll (7C3A0000 - 7C41B000) MSVCR71.dll (7C340000 - 7C396000) coolcore49.dll (40100000 - 401D0000) xprt6.dll (40000000 - 4003D000) WSOCK32.dll (71A30000 - 71A3A000) WS2_32.dll (71A10000 - 71A27000) The code of WSASocketA at 71A18B6A (0) got patched. Here is the diff: Address New-Original 71A18B6A: E9 - 8B 71A18B6B: 61 - FF 71A18B6C: CC - 55 71A18B6D: 60 - 8B 71A18B6E: 9E - EC --> JMP DWORD PTR DS:[100257D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WSASocketW at 71A1404E (0) got patched. Here is the diff: Address New-Original 71A1404E: E9 - 6A 71A1404F: 5D - 20 71A14050: 17 - 68 --> JMP DWORD PTR DS:[100257B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WS2HELP.dll (71A00000 - 71A08000) iphlpapi.dll (76D20000 - 76D39000) gdiplus.dll (4EBA0000 - 4ED4B000) MSIMG32.dll (76320000 - 76325000) MDb.dll (32900000 - 3293B000) WINSPOOL.DRV (72F70000 - 72F96000) COMCTL32.dll (5D450000 - 5D4EA000) SHLWAPI.dll (77F40000 - 77FB6000) MCoreLib.dll (31A00000 - 31A1F000) MUIUtils.dll (32E00000 - 32E65000) comdlg32.dll (76350000 - 7639A000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: MUICoreLib.dll (33300000 - 333D3000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) Wtsapi32.dll (76F10000 - 76F18000) WINSTA.dll (76300000 - 76310000) NETAPI32.dll (597D0000 - 59825000) NTMARTA.DLL (77660000 - 77681000) SAMLIB.dll (71B70000 - 71B83000) WLDAP32.dll (76F20000 - 76F4D000) AOLSvcMgr.dll (6C000000 - 6C097000) xpsp2res.dll (00C30000 - 00F09000) boxelyRenderer.dll (67AE0000 - 67CE0000) WINMM.dll (76AF0000 - 76B1E000) urlmon.dll (7DF20000 - 7DFC3000) IMM32.dll (76330000 - 7634D000) RICHED20.dll (74DB0000 - 74E1D000) oleacc.dll (74C00000 - 74C2C000) MSVCP60.dll (76020000 - 76085000) msxml3.dll (74900000 - 74A23000) ICQDevilImg.ocx (37500000 - 37542000) MFC42.DLL (73D30000 - 73E2E000) MFC42LOC.DLL (61DC0000 - 61DCE000) MBContainer.dll (34700000 - 34719000) MCore.dll (31F00000 - 32142000) MReport.dll (32400000 - 32418000) WININET.dll (77180000 - 7722B000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) MISB.dll (34200000 - 342BB000) dao360.dll (1B720000 - 1B7A5000) MSJET40.DLL (1B000000 - 1B170000) mswstr10.dll (1B5D0000 - 1B665000) expsrv.dll (0F9C0000 - 0FA22000) MUICore.dll (33800000 - 33B39000) SETUPAPI.dll (778F0000 - 779E4000) appHelp.dll (77B10000 - 77B32000) shdocvw.dll (7E1E0000 - 7E353000) CRYPTUI.dll (76880000 - 76905000) WINTRUST.dll (76BF0000 - 76C1E000) IMAGEHLP.dll (76C50000 - 76C78000) mydocs.dll (723A0000 - 723BA000) ntshrui.dll (76940000 - 76966000) ATL.DLL (76AD0000 - 76AE1000) USERENV.dll (76620000 - 766D6000) SXS.DLL (76970000 - 76A21000) msftedit.dll (4B4D0000 - 4B556000) jscript.dll (75BF0000 - 75C6D000) RASAPI32.DLL (76EA0000 - 76EDC000) rasman.dll (76E50000 - 76E62000) TAPI32.dll (76E70000 - 76E9F000) rtutils.dll (76E40000 - 76E4E000) msv1_0.dll (77C40000 - 77C65000) cryptdll.dll (76740000 - 7674C000) sensapi.dll (72240000 - 72245000) mswsock.dll (719B0000 - 719F0000) DNSAPI.dll (76EE0000 - 76F07000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) winrnr.dll (76F70000 - 76F78000) rasadhlp.dll (76F80000 - 76F86000) mlang.dll (75DC0000 - 75E51000) vbscript.dll (73270000 - 732DA000) msjtes40.dll (1B800000 - 1B83A000) VBAJET32.DLL (0F9A0000 - 0F9AB000) quartz.dll (74790000 - 748FE000) devenum.dll (765F0000 - 76601000) msdmo.dll (73620000 - 73627000) NeMP4Splitter.ax (01030000 - 0106D000) NeFLVSplitter.ax (01070000 - 01090000) l3codecx.ax (72C40000 - 72C58000) wdmaud.drv (72C90000 - 72C99000) msacm32.drv (72C80000 - 72C88000) MSACM32.dll (77BB0000 - 77BC5000) midimap.dll (77BA0000 - 77BA7000) DSOUND.DLL (73E70000 - 73ECC000) KsUser.dll (73E40000 - 73E44000) mshtml.dll (7DBE0000 - 7DED8000) msls31.dll (74640000 - 74667000) PSAPI.DLL (76BB0000 - 76BBB000) shdoclc.dll (71800000 - 7188E000) msimtf.dll (74670000 - 7469A000) MSCTF.dll (746A0000 - 746EC000) FlashPlayerControl.dll(37000000 - 37060000) Flash10d.ocx (0C550000 - 0C9F4000) mscms.dll (73AA0000 - 73AB5000) dxtrans.dll (6C290000 - 6C2C6000) ddrawex.dll (6D910000 - 6D91A000) DDRAW.dll (736D0000 - 7371B000) DCIMAN32.dll (73B30000 - 73B36000) dxtmsft.dll (6C2D0000 - 6C32A000) mshtmled.dll (75D40000 - 75DB1000) MUIMessage.dll (33D00000 - 33E42000) SSCE5532.dll (38400000 - 3843C000) UxTheme.dll (5B0F0000 - 5B128000) USP10.dll (75790000 - 757FB000) schannel.dll (767A0000 - 767C8000) cscui.dll (779F0000 - 77A46000) CSCDLL.dll (765A0000 - 765BD000) ImgUtil.dll (66D10000 - 66D1C000) pngfilt.dll (5E6E0000 - 5E6EC000) hlink.dll (767D0000 - 767E5000) msi.dll (7D1F0000 - 7D4AC000) urlData.dll (675A0000 - 675B7000) xpsp3res.dll (20000000 - 200C0000) PID 196 - C:\Programme\Avira\AntiVir Desktop\avguard.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) MSVCR90.dll (78520000 - 785C3000) MSVCP90.dll (78480000 - 7850E000) libdb44.dll (13000000 - 130BF000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) SHLWAPI.dll (77F40000 - 77FB6000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: OLEAUT32.dll (770F0000 - 7717B000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) WTSAPI32.DLL (76F10000 - 76F18000) WINSTA.dll (76300000 - 76310000) NETAPI32.dll (597D0000 - 59825000) AVEvtLog.dll (00A80000 - 00AB6000) guardmsg.dll (00AC0000 - 00ACA000) cfglib.dll (00AE0000 - 00AF0000) sqlite3.dll (00F10000 - 00F6B000) AVPREF.DLL (01080000 - 0108D000) avsmtp.dll (010A0000 - 010B3000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) mswsock.dll (719B0000 - 719F0000) DNSAPI.dll (76EE0000 - 76F07000) winrnr.dll (76F70000 - 76F78000) WLDAP32.dll (76F20000 - 76F4D000) rasadhlp.dll (76F80000 - 76F86000) AVGIO.DLL (01170000 - 0118A000) aecore.dll (012A0000 - 012D0000) aevdf.dll (012E0000 - 012FB000) aescript.dll (01310000 - 0144A000) aescn.dll (01460000 - 01480000) aesbx.dll (01490000 - 014CF000) aerdl.dll (014E0000 - 01566000) aepack.dll (01780000 - 017ED000) unacev2.dll (01800000 - 0184B000) aeoffice.dll (01860000 - 01893000) aeheur.dll (018B0000 - 01B14000) aehelp.dll (01B30000 - 01B6D000) aegen.dll (01B80000 - 01BDD000) aeemu.dll (01BF0000 - 01C51000) aebb.dll (01C70000 - 01C7E000) avipc.dll (01C90000 - 01CA2000) Apphelp.dll (77B10000 - 77B32000) PID 384 - C:\Programme\LogMeIn Hamachi\hamachi-2.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) WS2_32.dll (71A10000 - 71A27000) The code of WSASocketA at 71A18B6A (0) got patched. Here is the diff: Address New-Original 71A18B6A: E9 - 8B 71A18B6B: 61 - FF 71A18B6C: CC - 55 71A18B6D: 60 - 8B 71A18B6E: 9E - EC --> JMP DWORD PTR DS:[100257D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WSASocketW at 71A1404E (0) got patched. Here is the diff: Address New-Original 71A1404E: E9 - 6A 71A1404F: 5D - 20 71A14050: 17 - 68 --> JMP DWORD PTR DS:[100257B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) WS2HELP.dll (71A00000 - 71A08000) IPHLPAPI.DLL (76D20000 - 76D39000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) WINTRUST.dll (76BF0000 - 76C1E000) IMAGEHLP.dll (76C50000 - 76C78000) NETAPI32.dll (597D0000 - 59825000) WTSAPI32.dll (76F10000 - 76F18000) WINSTA.dll (76300000 - 76310000) The code of WinStationTerminateProcess at 76307819 (0) got patched. Here is the diff: Address New-Original 76307819: E9 - 6A 7630781A: C2 - 14 7630781B: F8 - 68 --> JMP DWORD PTR DS:[100270E0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: USERENV.dll (76620000 - 766D6000) WININET.dll (77180000 - 7722B000) The code of InternetConnectA at 7719345A (0) got patched. Here is the diff: Address New-Original 7719345A: E9 - 8B 7719345B: B1 - FF 7719345C: 23 - 55 7719345D: E9 - 8B 7719345E: 98 - EC --> JMP DWORD PTR DS:[10025810] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of InternetConnectW at 7719EE40 (0) got patched. Here is the diff: Address New-Original 7719EE40: E9 - 8B 7719EE41: AB - FF 7719EE42: 69 - 55 7719EE43: E8 - 8B 7719EE44: 98 - EC --> JMP DWORD PTR DS:[100257F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: OLEAUT32.dll (770F0000 - 7717B000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) urlmon.dll (7DF20000 - 7DFC3000) The code of URLDownloadToCacheFileA at 7DF7BC8B (0) got patched. Here is the diff: Address New-Original 7DF7BC8B: E9 - 8B 7DF7BC8C: C0 - FF 7DF7BC8D: 9A - 55 7DF7BC8E: 0A - 8B 7DF7BC8F: 92 - EC --> JMP DWORD PTR DS:[10025750] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of URLDownloadToCacheFileW at 7DF7B87C (0) got patched. Here is the diff: Address New-Original 7DF7B87C: E9 - 8B 7DF7B87D: AF - FF 7DF7B87E: 9E - 55 7DF7B87F: 0A - 8B 7DF7B880: 92 - EC --> JMP DWORD PTR DS:[10025730] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of URLDownloadToFileA at 7DF7BB85 (0) got patched. Here is the diff: Address New-Original 7DF7BB85: E9 - 8B 7DF7BB86: 06 - FF 7DF7BB87: 9C - 55 7DF7BB88: 0A - 8B 7DF7BB89: 92 - EC --> JMP DWORD PTR DS:[10025790] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of URLDownloadToFileW at 7DF7B816 (0) got patched. Here is the diff: Address New-Original 7DF7B816: E9 - 8B 7DF7B817: 55 - FF 7DF7B818: 9F - 55 7DF7B819: 0A - 8B 7DF7B81A: 92 - EC --> JMP DWORD PTR DS:[10025770] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SETUPAPI.dll (778F0000 - 779E4000) DNSAPI.dll (76EE0000 - 76F07000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) NTMARTA.DLL (77660000 - 77681000) SAMLIB.dll (71B70000 - 71B83000) WLDAP32.dll (76F20000 - 76F4D000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) MPRAPI.dll (76D00000 - 76D18000) ACTIVEDS.dll (77C90000 - 77CC2000) adsldpc.dll (76DD0000 - 76DF5000) ATL.DLL (76AD0000 - 76AE1000) rtutils.dll (76E40000 - 76E4E000) rsaenh.dll (68000000 - 68036000) mswsock.dll (719B0000 - 719F0000) rasadhlp.dll (76F80000 - 76F86000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) PID 1812 - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) MSVCR71.dll (7C340000 - 7C396000) MSVCP71.dll (7C3A0000 - 7C41B000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) AdvrCntr2.dll (00780000 - 00A73000) WININET.dll (77180000 - 7722B000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) OLEAUT32.dll (770F0000 - 7717B000) ole32.dll (774B0000 - 775ED000) SHLWAPI.dll (77F40000 - 77FB6000) comdlg32.dll (76350000 - 7639A000) COMCTL32.dll (5D450000 - 5D4EA000) SHELL32.dll (7E670000 - 7EE91000) WINSPOOL.DRV (72F70000 - 72F96000) comctl32.dll (773A0000 - 774A3000) Faultrep.dll (69900000 - 69916000) USERENV.dll (76620000 - 766D6000) WINSTA.dll (76300000 - 76310000) NETAPI32.dll (597D0000 - 59825000) WTSAPI32.dll (76F10000 - 76F18000) SETUPAPI.dll (778F0000 - 779E4000) DriveLocker.dll (00AE0000 - 00B1F000) incdshx.dll (1C000000 - 1C018000) MFC71.DLL (7C140000 - 7C243000) PID 1868 - C:\Programme\Avira\AntiVir Desktop\avshadow.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) MSVCP90.dll (78480000 - 7850E000) MSVCR90.dll (78520000 - 785C3000) VSSAPI.DLL (75360000 - 753CD000) ATL.DLL (76AD0000 - 76AE1000) OLEAUT32.dll (770F0000 - 7717B000) NETAPI32.dll (597D0000 - 59825000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: xpsp2res.dll (00A10000 - 00CE9000) avipc.dll (003D0000 - 003E2000) PID 1304 - C:\WINDOWS\system32\wdfmgr.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) msvcrt.dll (77BE0000 - 77C38000) SETUPAPI.dll (778F0000 - 779E4000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WINTRUST.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) IMAGEHLP.dll (76C50000 - 76C78000) PID 2928 - C:\WINDOWS\System32\wbem\unsecapp.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) msvcrt.dll (77BE0000 - 77C38000) wbemcomn.dll (75210000 - 75247000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: OLEAUT32.dll (770F0000 - 7717B000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) MSACM32.dll (77BB0000 - 77BC5000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) xpsp2res.dll (00C50000 - 00F29000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) wbemsvc.dll (74E50000 - 74E5E000) fastprox.dll (75620000 - 75696000) MSVCP60.dll (76020000 - 76085000) NTDSAPI.dll (76750000 - 76763000) DNSAPI.dll (76EE0000 - 76F07000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) NETAPI32.dll (597D0000 - 59825000) WLDAP32.dll (76F20000 - 76F4D000) PID 3516 - C:\WINDOWS\System32\alg.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) msvcrt.dll (77BE0000 - 77C38000) ATL.DLL (76AD0000 - 76AE1000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: OLEAUT32.dll (770F0000 - 7717B000) WSOCK32.dll (71A30000 - 71A3A000) WS2_32.dll (71A10000 - 71A27000) The code of WSASocketA at 71A18B6A (0) got patched. Here is the diff: Address New-Original 71A18B6A: E9 - 8B 71A18B6B: 61 - FF 71A18B6C: CC - 55 71A18B6D: 60 - 8B 71A18B6E: 9E - EC --> JMP DWORD PTR DS:[100257D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WSASocketW at 71A1404E (0) got patched. Here is the diff: Address New-Original 71A1404E: E9 - 6A 71A1404F: 5D - 20 71A14050: 17 - 68 --> JMP DWORD PTR DS:[100257B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WS2HELP.dll (71A00000 - 71A08000) MSWSOCK.dll (719B0000 - 719F0000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) MSACM32.dll (77BB0000 - 77BC5000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) xpsp2res.dll (00890000 - 00B69000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) PID 3792 - C:\WINDOWS\system32\wbem\wmiprvse.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) wbemcomn.dll (75210000 - 75247000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: OLEAUT32.dll (770F0000 - 7717B000) FastProx.dll (75620000 - 75696000) MSVCP60.dll (76020000 - 76085000) NTDSAPI.dll (76750000 - 76763000) DNSAPI.dll (76EE0000 - 76F07000) WS2_32.dll (71A10000 - 71A27000) The code of WSASocketA at 71A18B6A (0) got patched. Here is the diff: Address New-Original 71A18B6A: E9 - 8B 71A18B6B: 61 - FF 71A18B6C: CC - 55 71A18B6D: 60 - 8B 71A18B6E: 9E - EC --> JMP DWORD PTR DS:[100257D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WSASocketW at 71A1404E (0) got patched. Here is the diff: Address New-Original 71A1404E: E9 - 6A 71A1404F: 5D - 20 71A14050: 17 - 68 --> JMP DWORD PTR DS:[100257B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WS2HELP.dll (71A00000 - 71A08000) NETAPI32.dll (597D0000 - 59825000) WLDAP32.dll (76F20000 - 76F4D000) NCObjAPI.DLL (5FB60000 - 5FB6C000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) MSACM32.dll (77BB0000 - 77BC5000) VERSION.dll (77BD0000 - 77BD8000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) guard32.dll (10000000 - 10046000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) xpsp2res.dll (00850000 - 00B29000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) wbemsvc.dll (74E50000 - 74E5E000) wmiutils.dll (74FA0000 - 74FBC000) cimwin32.dll (46E30000 - 46F81000) framedyn.dll (69770000 - 697A0000) SETUPAPI.dll (778F0000 - 779E4000) esscli.dll (75290000 - 752CF000) PID 3040 - C:\WINDOWS\system32\wuauclt.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) msvcrt.dll (77BE0000 - 77C38000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: OLEAUT32.dll (770F0000 - 7717B000) SHLWAPI.dll (77F40000 - 77FB6000) ShimEng.dll (5CF00000 - 5CF26000) AcGenral.DLL (6FD90000 - 6FF5A000) WINMM.dll (76AF0000 - 76B1E000) MSACM32.dll (77BB0000 - 77BC5000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: USERENV.dll (76620000 - 766D6000) UxTheme.dll (5B0F0000 - 5B128000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) wucltui.dll (507E0000 - 50832000) MSIMG32.dll (76320000 - 76325000) Cabinet.dll (750D0000 - 750E3000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) WINTRUST.dll (76BF0000 - 76C1E000) IMAGEHLP.dll (76C50000 - 76C78000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) xpsp2res.dll (00B20000 - 00DF9000) wups2.dll (50F00000 - 50F0D000) PID 3412 - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) Strange... Import descriptor in memory differs from Import descriptor in file. Taking import Descriptor from file. However this is suspicious! The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) SHLWAPI.dll (77F40000 - 77FB6000) MSVCP90.dll (78480000 - 7850E000) MSVCR90.dll (78520000 - 785C3000) PSAPI.DLL (76BB0000 - 76BBB000) guard32.dll (10000000 - 10046000) VERSION.dll (77BD0000 - 77BD8000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084004 Load count: 1 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) Resources.dll (00AC0000 - 010C3000) PID 1212 - C:\Programme\Mozilla Firefox\firefox.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of KiUserExceptionDispatcher at 7C91E47C (0) got patched. Here is the diff: Address New-Original 7C91E47C: E9 - 8B 7C91E47D: 4F - 4C 7C91E47E: 71 - 24 7C91E47F: 70 - 04 7C91E480: 93 - 8B 7C91E481: CC - 1C 7C91E482: CC - 24 --> JMP DWORD PTR DS:[100255D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) xul.dll (004F0000 - 0102C000) sqlite3.dll (00290000 - 00303000) MOZCRT19.dll (78130000 - 781E0000) msvcrt.dll (77BE0000 - 77C38000) js3250.dll (01030000 - 0112A000) nspr4.dll (00310000 - 00339000) WSOCK32.dll (71A30000 - 71A3A000) WS2_32.dll (71A10000 - 71A27000) The code of WSASocketA at 71A18B6A (0) got patched. Here is the diff: Address New-Original 71A18B6A: E9 - 8B 71A18B6B: 61 - FF 71A18B6C: CC - 55 71A18B6D: 60 - 8B 71A18B6E: 9E - EC --> JMP DWORD PTR DS:[100257D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WSASocketW at 71A1404E (0) got patched. Here is the diff: Address New-Original 71A1404E: E9 - 6A 71A1404F: 5D - 20 71A14050: 17 - 68 --> JMP DWORD PTR DS:[100257B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WS2HELP.dll (71A00000 - 71A08000) WINMM.dll (76AF0000 - 76B1E000) smime3.dll (00340000 - 00358000) nss3.dll (00360000 - 003FD000) nssutil3.dll (01130000 - 01144000) plc4.dll (01150000 - 01157000) plds4.dll (01160000 - 01167000) ssl3.dll (01170000 - 01191000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WINSPOOL.DRV (72F70000 - 72F96000) COMDLG32.dll (76350000 - 7639A000) COMCTL32.dll (773A0000 - 774A3000) IMM32.dll (76330000 - 7634D000) MSIMG32.dll (76320000 - 76325000) USP10.dll (75790000 - 757FB000) OLEAUT32.dll (770F0000 - 7717B000) xpcom.dll (011A0000 - 011A7000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: uxtheme.dll (5B0F0000 - 5B128000) dbghelp.dll (59DD0000 - 59E71000) SETUPAPI.dll (778F0000 - 779E4000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) browserdirprovider.dll(01820000 - 01828000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) iphlpapi.dll (76D20000 - 76D39000) brwsrcmp.dll (01880000 - 018A4000) t2embed.dll (73C50000 - 73C71000) LZ32.dll (73DC0000 - 73DC3000) DNSAPI.dll (76EE0000 - 76F07000) winrnr.dll (76F70000 - 76F78000) WLDAP32.dll (76F20000 - 76F4D000) xpsp2res.dll (02F00000 - 031D9000) mscms.dll (73AA0000 - 73AB5000) rasadhlp.dll (76F80000 - 76F86000) softokn3.dll (03E00000 - 03E26000) nssdbm3.dll (03E30000 - 03E48000) freebl3.dll (03E50000 - 03E91000) nssckbi.dll (03EA0000 - 03EF5000) shdocvw.dll (7E1E0000 - 7E353000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) CRYPTUI.dll (76880000 - 76905000) NETAPI32.dll (597D0000 - 59825000) WININET.dll (77180000 - 7722B000) WINTRUST.dll (76BF0000 - 76C1E000) IMAGEHLP.dll (76C50000 - 76C78000) NTMARTA.DLL (77660000 - 77681000) SAMLIB.dll (71B70000 - 71B83000) NPSWF32.dll (09600000 - 09A96000) urlmon.dll (7DF20000 - 7DFC3000) mlang.dll (75DC0000 - 75E51000) wdmaud.drv (72C90000 - 72C99000) msacm32.drv (72C80000 - 72C88000) MSACM32.dll (77BB0000 - 77BC5000) midimap.dll (77BA0000 - 77BA7000) schannel.dll (767A0000 - 767C8000) USERENV.dll (76620000 - 766D6000) appHelp.dll (77B10000 - 77B32000) cscui.dll (779F0000 - 77A46000) CSCDLL.dll (765A0000 - 765BD000) wuapi.dll (506A0000 - 5072E000) Cabinet.dll (750D0000 - 750E3000) winsta.dll (76300000 - 76310000) The code of WinStationTerminateProcess at 76307819 (0) got patched. Here is the diff: Address New-Original 76307819: E9 - 6A 7630781A: C2 - 14 7630781B: F8 - 68 --> JMP DWORD PTR DS:[100270E0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: browseui.dll (75F20000 - 7601D000) ntshrui.dll (76940000 - 76966000) ATL.DLL (76AD0000 - 76AE1000) LINKINFO.dll (76930000 - 76938000) netman.dll (77CD0000 - 77D03000) MPRAPI.dll (76D00000 - 76D18000) ACTIVEDS.dll (77C90000 - 77CC2000) adsldpc.dll (76DD0000 - 76DF5000) rtutils.dll (76E40000 - 76E4E000) netshell.dll (763A0000 - 7654A000) credui.dll (76BC0000 - 76BEF000) dot3api.dll (5F8F0000 - 5F8FA000) dot3dlg.dll (71260000 - 71266000) OneX.DLL (72760000 - 72788000) WTSAPI32.dll (76F10000 - 76F18000) eappcfg.dll (6DB40000 - 6DB62000) MSVCP60.dll (76020000 - 76085000) eappprxy.dll (47700000 - 4770E000) RASAPI32.dll (76EA0000 - 76EDC000) rasman.dll (76E50000 - 76E62000) TAPI32.dll (76E70000 - 76E9F000) WZCSAPI.DLL (72FA0000 - 72FB0000) WZCSvc.DLL (7DB20000 - 7DBAC000) WMI.dll (76CF0000 - 76CF4000) DHCPCSVC.DLL (7D4C0000 - 7D4E2000) EapolQec.dll (745C0000 - 745CB000) QUtil.dll (61900000 - 61916000) ESENT.dll (5E200000 - 5E310000) PID 2400 - C:\Programme\Steam\Steam.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) WS2_32.dll (71A10000 - 71A27000) The code of WSASocketA at 71A18B6A (0) got patched. Here is the diff: Address New-Original 71A18B6A: E9 - 8B 71A18B6B: 61 - FF 71A18B6C: CC - 55 71A18B6D: 60 - 8B 71A18B6E: 9E - EC --> JMP DWORD PTR DS:[100257D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WSASocketW at 71A1404E (0) got patched. Here is the diff: Address New-Original 71A1404E: E9 - 6A 71A1404F: 5D - 20 71A14050: 17 - 68 --> JMP DWORD PTR DS:[100257B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: msvcrt.dll (77BE0000 - 77C38000) WS2HELP.dll (71A00000 - 71A08000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) OLEAUT32.dll (770F0000 - 7717B000) ole32.dll (774B0000 - 775ED000) The code of CoCreateInstanceEx at 774D0526 (0) got patched. Here is the diff: Address New-Original 774D0526: E9 - 8B 774D0527: 75 - FF 774D0528: 72 - 55 774D0529: B5 - 8B 774D052A: 98 - EC --> JMP DWORD PTR DS:[100277A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CoGetClassObject at 774E56C5 (0) got patched. Here is the diff: Address New-Original 774E56C5: E9 - 8B 774E56C6: 96 - FF 774E56C7: 1E - 55 774E56C8: B4 - 8B 774E56C9: 98 - EC --> JMP DWORD PTR DS:[10027560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: WINSPOOL.DRV (72F70000 - 72F96000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) comctl32.dll (5D450000 - 5D4EA000) mswsock.dll (719B0000 - 719F0000) hnetcfg.dll (66710000 - 66769000) wshtcpip.dll (719F0000 - 719F8000) Steam.dll (30000000 - 302CC000) DNSAPI.dll (76EE0000 - 76F07000) winrnr.dll (76F70000 - 76F78000) WLDAP32.dll (76F20000 - 76F4D000) rasadhlp.dll (76F80000 - 76F86000) DbgHelp.dll (03000000 - 03115000) CSERHelper.dll (60000000 - 60021000) SteamUI.dll (3A000000 - 3A2F6000) WINMM.dll (76AF0000 - 76B1E000) tier0_s.dll (3F000000 - 3F0AA000) vstdlib_s.dll (3F600000 - 3F662000) psapi.dll (76BB0000 - 76BBB000) FileSystem_Steam.dll(3FA00000 - 3FA34000) vgui2.dll (3F200000 - 3F27D000) IMM32.dll (76330000 - 7634D000) MSIMG32.dll (76320000 - 76325000) urlmon.dll (7DF20000 - 7DFC3000) The code of URLDownloadToCacheFileA at 7DF7BC8B (0) got patched. Here is the diff: Address New-Original 7DF7BC8B: E9 - 8B 7DF7BC8C: C0 - FF 7DF7BC8D: 9A - 55 7DF7BC8E: 0A - 8B 7DF7BC8F: 92 - EC --> JMP DWORD PTR DS:[10025750] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of URLDownloadToCacheFileW at 7DF7B87C (0) got patched. Here is the diff: Address New-Original 7DF7B87C: E9 - 8B 7DF7B87D: AF - FF 7DF7B87E: 9E - 55 7DF7B87F: 0A - 8B 7DF7B880: 92 - EC --> JMP DWORD PTR DS:[10025730] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of URLDownloadToFileA at 7DF7BB85 (0) got patched. Here is the diff: Address New-Original 7DF7BB85: E9 - 8B 7DF7BB86: 06 - FF 7DF7BB87: 9C - 55 7DF7BB88: 0A - 8B 7DF7BB89: 92 - EC --> JMP DWORD PTR DS:[10025790] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of URLDownloadToFileW at 7DF7B816 (0) got patched. Here is the diff: Address New-Original 7DF7B816: E9 - 8B 7DF7B817: 55 - FF 7DF7B818: 9F - 55 7DF7B819: 0A - 8B 7DF7B81A: 92 - EC --> JMP DWORD PTR DS:[10025770] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: steamclient.dll (38000000 - 383FD000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) imagehlp.dll (76C50000 - 76C78000) iphlpapi.dll (76D20000 - 76D39000) p2pvoice.dll (02D70000 - 02EB8000) mss32_s.dll (21100000 - 21199000) SteamService.dll (02EE0000 - 02F9C000) WINTRUST.dll (76BF0000 - 76C1E000) wdmaud.drv (72C90000 - 72C99000) msacm32.drv (72C80000 - 72C88000) MSACM32.dll (77BB0000 - 77BC5000) midimap.dll (77BA0000 - 77BA7000) dsound.dll (73E70000 - 73ECC000) rsaenh.dll (68000000 - 68036000) CLBCATQ.DLL (76F90000 - 7700F000) COMRes.dll (77010000 - 770E3000) wbemprox.dll (74E70000 - 74E78000) wbemcomn.dll (75210000 - 75247000) xpsp2res.dll (04960000 - 04C39000) wbemsvc.dll (74E50000 - 74E5E000) fastprox.dll (75620000 - 75696000) MSVCP60.dll (76020000 - 76085000) NTDSAPI.dll (76750000 - 76763000) NETAPI32.dll (597D0000 - 59825000) friendsui.dll (062F0000 - 0644E000) serverbrowser.dll (086E0000 - 087D3000) WSOCK32.dll (71A30000 - 71A3A000) shdocvw.dll (7E1E0000 - 7E353000) CRYPTUI.dll (76880000 - 76905000) WININET.dll (77180000 - 7722B000) appHelp.dll (77B10000 - 77B32000) SXS.DLL (76970000 - 76A21000) userenv.dll (76620000 - 766D6000) cryptnet.dll (76580000 - 76593000) SensApi.dll (72240000 - 72245000) WINHTTP.dll (4D5C0000 - 4D619000) PID 3536 - C:\WINDOWS\system32\wscntfy.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) The code of LdrGetProcedureAddress at 7C927EA8 (0) got patched. Here is the diff: Address New-Original 7C927EA8: E9 - 8B 7C927EA9: 63 - FF 7C927EAA: DD - 55 7C927EAB: 6F - 8B 7C927EAC: 93 - EC --> JMP DWORD PTR DS:[10025C10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrLoadDll at 7C9263C3 (0) got patched. Here is the diff: Address New-Original 7C9263C3: E9 - 68 7C9263C4: 68 - 6C 7C9263C5: D0 - 02 7C9263C6: 6F - 00 7C9263C7: 93 - 00 --> JMP DWORD PTR DS:[10023430] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LdrUnloadDll at 7C92738B (0) got patched. Here is the diff: Address New-Original 7C92738B: E9 - 68 7C92738C: B0 - C4 7C92738D: 5B - 00 7C92738E: 6F - 00 7C92738F: 93 - 00 --> JMP DWORD PTR DS:[1001CF40] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of NtWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of RtlAllocateHeap at 7C9200C4 (0) got patched. Here is the diff: Address New-Original 7C9200C4: E9 - 68 7C9200C5: 27 - 04 7C9200C6: 5B - 02 7C9200C7: 70 - 00 7C9200C8: 93 - 00 --> JMP DWORD PTR DS:[10025BF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwAllocateVirtualMemory at 7C91CF6E (0) got patched. Here is the diff: Address New-Original 7C91CF6E: E9 - B8 7C91CF6F: 1D - 11 7C91CF70: 8D - 00 7C91CF71: 70 - 00 7C91CF72: 93 - 00 --> JMP DWORD PTR DS:[10025C90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwClose at 7C91CFEE (0) got patched. Here is the diff: Address New-Original 7C91CFEE: E9 - B8 7C91CFEF: 2D - 19 7C91CFF0: FE - 00 7C91CFF1: 6F - 00 7C91CFF2: 93 - 00 --> JMP DWORD PTR DS:[1001CE20] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateFile at 7C91D0AE (0) got patched. Here is the diff: Address New-Original 7C91D0AE: E9 - B8 7C91D0AF: 5D - 25 7C91D0B0: 8C - 00 7C91D0B1: 70 - 00 7C91D0B2: 93 - 00 --> JMP DWORD PTR DS:[10025D10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcess at 7C91D14E (0) got patched. Here is the diff: Address New-Original 7C91D14E: E9 - B8 7C91D14F: 5D - 2F 7C91D150: 8C - 00 7C91D151: 70 - 00 7C91D152: 93 - 00 --> JMP DWORD PTR DS:[10025DB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwCreateProcessEx at 7C91D15E (0) got patched. Here is the diff: Address New-Original 7C91D15E: E9 - B8 7C91D15F: 2D - 30 7C91D160: 8C - 00 7C91D161: 70 - 00 7C91D162: 93 - 00 --> JMP DWORD PTR DS:[10025D90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwDeleteFile at 7C91D23E (0) got patched. Here is the diff: Address New-Original 7C91D23E: E9 - B8 7C91D23F: 8D - 3E 7C91D240: 8A - 00 7C91D241: 70 - 00 7C91D242: 93 - 00 --> JMP DWORD PTR DS:[10025CD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwFreeVirtualMemory at 7C91D38E (0) got patched. Here is the diff: Address New-Original 7C91D38E: E9 - B8 7C91D38F: 3D - 53 7C91D390: 88 - 00 7C91D391: 70 - 00 7C91D392: 93 - 00 --> JMP DWORD PTR DS:[10025BD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwLoadDriver at 7C91D46E (0) got patched. Here is the diff: Address New-Original 7C91D46E: E9 - B8 7C91D46F: FD - 61 7C91D470: 87 - 00 7C91D471: 70 - 00 7C91D472: 93 - 00 --> JMP DWORD PTR DS:[10025C70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwOpenFile at 7C91D59E (0) got patched. Here is the diff: Address New-Original 7C91D59E: E9 - B8 7C91D59F: 4D - 74 7C91D5A0: 87 - 00 7C91D5A1: 70 - 00 7C91D5A2: 93 - 00 --> JMP DWORD PTR DS:[10025CF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwProtectVirtualMemory at 7C91D6EE (0) got patched. Here is the diff: Address New-Original 7C91D6EE: E9 - B8 7C91D6EF: BD - 89 7C91D6F0: 85 - 00 7C91D6F1: 70 - 00 7C91D6F2: 93 - 00 --> JMP DWORD PTR DS:[10025CB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwSetInformationProcess at 7C91DC9E (0) got patched. Here is the diff: Address New-Original 7C91DC9E: E9 - B8 7C91DC9F: 8D - E4 7C91DCA0: 7F - 00 7C91DCA1: 70 - 00 7C91DCA2: 93 - 00 --> JMP DWORD PTR DS:[10025C30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwUnloadDriver at 7C91DEBE (0) got patched. Here is the diff: Address New-Original 7C91DEBE: E9 - B8 7C91DEBF: 8D - 06 7C91DEC0: 7D - 01 7C91DEC1: 70 - 00 7C91DEC2: 93 - 00 --> JMP DWORD PTR DS:[10025C50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ZwWriteVirtualMemory at 7C91DFAE (0) got patched. Here is the diff: Address New-Original 7C91DFAE: E9 - B8 7C91DFAF: 7D - 15 7C91DFB0: 7D - 01 7C91DFB1: 70 - 00 7C91DFB2: 93 - 00 --> JMP DWORD PTR DS:[10025D30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: kernel32.dll (7C800000 - 7C908000) The code of CopyFileA at 7C8286EE (0) got patched. Here is the diff: Address New-Original 7C8286EE: E9 - 8B 7C8286EF: DD - FF 7C8286F0: D3 - 55 7C8286F1: 7F - 8B 7C8286F2: 93 - EC --> JMP DWORD PTR DS:[10025AD0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExA at 7C85F39C (0) got patched. Here is the diff: Address New-Original 7C85F39C: E9 - 8B 7C85F39D: EF - FF 7C85F39E: 66 - 55 7C85F39F: 7C - 8B 7C85F3A0: 93 - EC --> JMP DWORD PTR DS:[10025A90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileExW at 7C827B32 (0) got patched. Here is the diff: Address New-Original 7C827B32: E9 - 6A 7C827B33: 39 - 14 7C827B34: DF - 68 --> JMP DWORD PTR DS:[10025A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CopyFileW at 7C82F87B (0) got patched. Here is the diff: Address New-Original 7C82F87B: E9 - 8B 7C82F87C: 30 - FF 7C82F87D: 62 - 55 7C82F87E: 7F - 8B 7C82F87F: 93 - EC --> JMP DWORD PTR DS:[10025AB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff: Address New-Original 7C801A28: E9 - 8B 7C801A29: E3 - FF 7C801A2A: 40 - 55 7C801A2B: 82 - 8B 7C801A2C: 93 - EC --> JMP DWORD PTR DS:[10025B10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateFileW at 7C810800 (0) got patched. Here is the diff: Address New-Original 7C810800: E9 - 8B 7C810801: EB - FF 7C810802: 52 - 55 7C810803: 81 - 8B 7C810804: 93 - EC --> JMP DWORD PTR DS:[10025AF0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff: Address New-Original 7C80236B: E9 - 8B 7C80236C: 00 - FF 7C80236D: 3A - 55 7C80236E: 82 - 8B 7C80236F: 93 - EC --> JMP DWORD PTR DS:[10025D70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff: Address New-Original 7C802336: E9 - 8B 7C802337: 15 - FF 7C802338: 3A - 55 7C802339: 82 - 8B 7C80233A: 93 - EC --> JMP DWORD PTR DS:[10025D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileA at 7C831EDD (0) got patched. Here is the diff: Address New-Original 7C831EDD: E9 - 8B 7C831EDE: AE - FF 7C831EDF: 3A - 55 7C831EE0: 7F - 8B 7C831EE1: 93 - EC --> JMP DWORD PTR DS:[10025990] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of DeleteFileW at 7C831F63 (0) got patched. Here is the diff: Address New-Original 7C831F63: E9 - 8B 7C831F64: 08 - FF 7C831F65: 3A - 55 7C831F66: 7F - 8B 7C831F67: 93 - EC --> JMP DWORD PTR DS:[10025970] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleA at 7C80B741 (0) got patched. Here is the diff: Address New-Original 7C80B741: E9 - 8B 7C80B742: 0A - FF 7C80B743: A2 - 55 7C80B744: 81 - 8B 7C80B745: 93 - EC --> JMP DWORD PTR DS:[10025950] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetModuleHandleW at 7C80E4DD (0) got patched. Here is the diff: Address New-Original 7C80E4DD: E9 - 8B 7C80E4DE: 4E - FF 7C80E4DF: 74 - 55 7C80E4E0: 81 - 8B 7C80E4E1: 93 - EC --> JMP DWORD PTR DS:[10025930] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff: Address New-Original 7C80AE40: E9 - 8B 7C80AE41: 6B - FF 7C80AE42: AD - 55 7C80AE43: 81 - 8B 7C80AE44: 93 - EC --> JMP DWORD PTR DS:[10025BB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff: Address New-Original 7C801D7B: E9 - 8B 7C801D7C: 90 - FF 7C801D7D: 3B - 55 7C801D7E: 82 - 8B 7C801D7F: 93 - EC --> JMP DWORD PTR DS:[10025910] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff: Address New-Original 7C801D53: E9 - 8B 7C801D54: 18 - FF 7C801D55: 3E - 55 7C801D56: 82 - 8B 7C801D57: 93 - EC --> JMP DWORD PTR DS:[10025B70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff: Address New-Original 7C801AF5: E9 - 6A 7C801AF6: 56 - 34 7C801AF7: 40 - 68 --> JMP DWORD PTR DS:[10025B50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff: Address New-Original 7C80AEEB: E9 - 8B 7C80AEEC: 00 - FF 7C80AEED: AA - 55 7C80AEEE: 81 - 8B 7C80AEEF: 93 - EC --> JMP DWORD PTR DS:[100258F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of LoadModule at 7C86261E (0) got patched. Here is the diff: Address New-Original 7C86261E: E9 - 68 7C86261F: 6D - A4 7C862620: 35 - 00 7C862621: 7C - 00 7C862622: 93 - 00 --> JMP DWORD PTR DS:[10025B90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileA at 7C835EBF (0) got patched. Here is the diff: Address New-Original 7C835EBF: E9 - 8B 7C835EC0: 8C - FF 7C835EC1: FB - 55 7C835EC2: 7E - 8B 7C835EC3: 93 - EC --> JMP DWORD PTR DS:[10025A50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExA at 7C85E49B (0) got patched. Here is the diff: Address New-Original 7C85E49B: E9 - 8B 7C85E49C: 70 - FF 7C85E49D: 75 - 55 7C85E49E: 7C - 8B 7C85E49F: 93 - EC --> JMP DWORD PTR DS:[10025A10] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileExW at 7C83568B (0) got patched. Here is the diff: Address New-Original 7C83568B: E9 - 8B 7C83568C: 60 - FF 7C83568D: 03 - 55 7C83568E: 7F - 8B 7C83568F: 93 - EC --> JMP DWORD PTR DS:[100259F0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileW at 7C821261 (0) got patched. Here is the diff: Address New-Original 7C821261: E9 - 8B 7C821262: CA - FF 7C821263: 47 - 55 7C821264: 80 - 8B 7C821265: 93 - EC --> JMP DWORD PTR DS:[10025A30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressA at 7C835EDE (0) got patched. Here is the diff: Address New-Original 7C835EDE: E9 - 8B 7C835EDF: ED - FF 7C835EE0: FA - 55 7C835EE1: 7E - 8B 7C835EE2: 93 - EC --> JMP DWORD PTR DS:[100259D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of MoveFileWithProgressW at 7C81F72E (0) got patched. Here is the diff: Address New-Original 7C81F72E: E9 - 68 7C81F72F: 7D - 9C 7C81F730: 62 - 00 7C81F731: 80 - 00 7C81F732: 93 - 00 --> JMP DWORD PTR DS:[100259B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenFile at 7C821982 (0) got patched. Here is the diff: Address New-Original 7C821982: E9 - 68 7C821983: A9 - 04 7C821984: 41 - 01 7C821985: 80 - 00 7C821986: 93 - 00 --> JMP DWORD PTR DS:[10025B30] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff: Address New-Original 7C801AD4: E9 - 8B 7C801AD5: D7 - FF 7C801AD6: 3D - 55 7C801AD7: 82 - 8B 7C801AD8: 93 - EC --> JMP DWORD PTR DS:[100258B0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of WinExec at 7C86250D (0) got patched. Here is the diff: Address New-Original 7C86250D: E9 - 8B 7C86250E: BE - FF 7C86250F: 33 - 55 7C862510: 7C - 8B 7C862511: 93 - EC --> JMP DWORD PTR DS:[100258D0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) The code of EndTask at 7E3AA0A5 (0) got patched. Here is the diff: Address New-Original 7E3AA0A5: E9 - 8B 7E3AA0A6: 76 - FF 7E3AA0A7: D2 - 55 7E3AA0A8: C7 - 8B 7E3AA0A9: 91 - EC --> JMP DWORD PTR DS:[10027320] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) The code of CreateProcessAsUserA at 77DE0CE8 (0) got patched. Here is the diff: Address New-Original 77DE0CE8: E9 - 8B 77DE0CE9: C3 - FF 77DE0CEA: F1 - 55 77DE0CEB: 23 - 8B 77DE0CEC: 98 - EC --> JMP DWORD PTR DS:[1001FEB0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateProcessAsUserW at 77DBA8A9 (0) got patched. Here is the diff: Address New-Original 77DBA8A9: E9 - 8B 77DBA8AA: F2 - FF 77DBA8AB: 4D - 55 77DBA8AC: 26 - 8B 77DBA8AD: 98 - EC --> JMP DWORD PTR DS:[1001F6A0] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceA at 77E07211 (0) got patched. Here is the diff: Address New-Original 77E07211: E9 - 6A 77E07212: 3A - 30 77E07213: FB - 68 --> JMP DWORD PTR DS:[10026D50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of CreateServiceW at 77E073A9 (0) got patched. Here is the diff: Address New-Original 77E073A9: E9 - 6A 77E073AA: C2 - 20 77E073AB: F6 - 68 --> JMP DWORD PTR DS:[10026A70] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceA at 77DC4C66 (0) got patched. Here is the diff: Address New-Original 77DC4C66: E9 - 6A 77DC4C67: F5 - 14 77DC4C68: 18 - 68 --> JMP DWORD PTR DS:[10026560] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of OpenServiceW at 77DB6FFD (0) got patched. Here is the diff: Address New-Original 77DB6FFD: E9 - 6A 77DB6FFE: FE - 14 77DB6FFF: F7 - 68 --> JMP DWORD PTR DS:[10026800] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) msvcrt.dll (77BE0000 - 77C38000) SHELL32.dll (7E670000 - 7EE91000) The code of ShellExecuteA at 7E6F11E0 (0) got patched. Here is the diff: Address New-Original 7E6F11E0: E9 - 8B 7E6F11E1: AB - FF 7E6F11E2: 46 - 55 7E6F11E3: 93 - 8B 7E6F11E4: 91 - EC --> JMP DWORD PTR DS:[10025890] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteEx at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExA at 7E6F0EB5 (0) got patched. Here is the diff: Address New-Original 7E6F0EB5: E9 - 8B 7E6F0EB6: 96 - FF 7E6F0EB7: 49 - 55 7E6F0EB8: 93 - 8B 7E6F0EB9: 91 - EC --> JMP DWORD PTR DS:[10025850] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteExW at 7E6B996B (0) got patched. Here is the diff: Address New-Original 7E6B996B: E9 - 8B 7E6B996C: C0 - FF 7E6B996D: BE - 55 7E6B996E: 96 - 8B 7E6B996F: 91 - EC --> JMP DWORD PTR DS:[10025830] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of ShellExecuteW at 7E765D48 (0) got patched. Here is the diff: Address New-Original 7E765D48: E9 - 8B 7E765D49: 23 - FF 7E765D4A: FB - 55 7E765D4C: 91 - EC --> JMP DWORD PTR DS:[10025870] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: SHLWAPI.dll (77F40000 - 77FB6000) fltlib.dll (5E160000 - 5E168000) The code of FilterConnectCommunicationPort at 5E16135C (0) got patched. Here is the diff: Address New-Original 5E16135C: E9 - 8B 5E16135D: 2F - FF 5E16135E: BB - 55 5E16135F: EB - 8B 5E161360: B1 - EC --> JMP DWORD PTR DS:[1001CE90] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The code of FilterSendMessage at 5E1623A4 (0) got patched. Here is the diff: Address New-Original 5E1623A4: E9 - 8B 5E1623A5: A7 - FF 5E1623A6: AA - 55 5E1623A7: EB - 8B 5E1623A8: B1 - EC --> JMP DWORD PTR DS:[1001CE50] Patched by C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Information about C:\WINDOWS\system32\guard32.dll!?Exported@@YAXXZ+0xEFFDB1D0: Base address: 10000000 Size: 00046000 Flags: 80084006 Load count: 65535 Name: COMODO Internet Security Prod. Version: 4, 0, 135239, 742 Company: COMODO File Version: 4, 0, 135239, 742 Description: COMODO Internet Security Location: C:\WINDOWS\system32\guard32.dll Signed: YES ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: comctl32.dll (773A0000 - 774A3000) xpsp2res.dll (00910000 - 00BE9000) PID 3636 - C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Downloads\radix_installer1009(2)\radixgui.exe ------------------------------------------------------------------------------- ntdll.dll (7C910000 - 7C9C9000) kernel32.dll (7C800000 - 7C908000) guard32.dll (10000000 - 10046000) USER32.dll (7E360000 - 7E3F1000) GDI32.dll (77EF0000 - 77F39000) ADVAPI32.dll (77DA0000 - 77E4A000) RPCRT4.dll (77E50000 - 77EE2000) Secur32.dll (77FC0000 - 77FD1000) VERSION.dll (77BD0000 - 77BD8000) comdlg32.dll (76350000 - 7639A000) COMCTL32.dll (5D450000 - 5D4EA000) SHELL32.dll (7E670000 - 7EE91000) msvcrt.dll (77BE0000 - 77C38000) SHLWAPI.dll (77F40000 - 77FB6000) ole32.dll (774B0000 - 775ED000) dbghelp.dll (59DD0000 - 59E71000) fltlib.dll (5E160000 - 5E168000) comctl32.dll (773A0000 - 774A3000) wintrust.dll (76BF0000 - 76C1E000) CRYPT32.dll (77A50000 - 77AE6000) MSASN1.dll (77AF0000 - 77B02000) IMAGEHLP.dll (76C50000 - 76C78000) NTMARTA.DLL (77660000 - 77681000) SAMLIB.dll (71B70000 - 71B83000) WLDAP32.dll (76F20000 - 76F4D000) xpsp2res.dll (01270000 - 01549000) rsaenh.dll (68000000 - 68036000) userenv.dll (76620000 - 766D6000) netapi32.dll (597D0000 - 59825000) cryptnet.dll (76580000 - 76593000) PSAPI.DLL (76BB0000 - 76BBB000) SensApi.dll (72240000 - 72245000) WINHTTP.dll (4D5C0000 - 4D619000) mswsock.dll (719B0000 - 719F0000) WS2_32.dll (71A10000 - 71A27000) WS2HELP.dll (71A00000 - 71A08000) ---- Check ended at 6.4.2010 21:10:50 ----