00000239 15:31:56 LoadImageNotifyRoutine 00000240 15:31:56 FullImageName = \Device\HarddiskVolume1\WINDOWS\system32\notepad.exe 00000241 15:31:56 ProcessId = 5264 00000242 15:31:56 ImageInfo->SystemModeImage = 0 00000243 15:31:56 ImageInfo->ImageBase = 01000000 00000244 15:31:56 ImageInfo->ImageSize = 77824 00000245 15:31:56 LoadImageNotifyRoutine 00000246 15:31:56 FullImageName = \SystemRoot\System32\ntdll.dll 00000247 15:31:56 ProcessId = 5264 00000248 15:31:56 ImageInfo->SystemModeImage = 0 00000249 15:31:56 ImageInfo->ImageBase = 7c920000 00000250 15:31:56 ImageInfo->ImageSize = 614400 00000251 15:31:56 LoadImageNotifyRoutine 00000252 15:31:56 FullImageName = \WINDOWS\system32\kernel32.dll 00000253 15:31:56 ProcessId = 5264 00000254 15:31:56 ImageInfo->SystemModeImage = 0 00000255 15:31:56 ImageInfo->ImageBase = 7c800000 00000256 15:31:56 ImageInfo->ImageSize = 1171456 00000257 15:31:56 LoadImageNotifyRoutine 00000258 15:31:56 FullImageName = \WINDOWS\system32\comdlg32.dll 00000259 15:31:56 ProcessId = 5264 00000260 15:31:56 ImageInfo->SystemModeImage = 0 00000261 15:31:56 ImageInfo->ImageBase = 76320000 00000262 15:31:56 ImageInfo->ImageSize = 290816 00000263 15:31:56 LoadImageNotifyRoutine 00000264 15:31:56 FullImageName = \WINDOWS\system32\advapi32.dll 00000265 15:31:56 ProcessId = 5264 00000266 15:31:56 ImageInfo->SystemModeImage = 0 00000267 15:31:56 ImageInfo->ImageBase = 77da0000 00000268 15:31:56 ImageInfo->ImageSize = 692224 00000269 15:31:56 LoadImageNotifyRoutine 00000270 15:31:56 FullImageName = \WINDOWS\system32\rpcrt4.dll 00000271 15:31:56 ProcessId = 5264 00000272 15:31:56 ImageInfo->SystemModeImage = 0 00000273 15:31:56 ImageInfo->ImageBase = 77e50000 00000274 15:31:56 ImageInfo->ImageSize = 602112 00000275 15:31:56 LoadImageNotifyRoutine 00000276 15:31:56 FullImageName = \WINDOWS\system32\secur32.dll 00000277 15:31:56 ProcessId = 5264 00000278 15:31:56 ImageInfo->SystemModeImage = 0 00000279 15:31:56 ImageInfo->ImageBase = 77fc0000 00000280 15:31:56 ImageInfo->ImageSize = 69632 00000281 15:31:56 LoadImageNotifyRoutine 00000282 15:31:56 FullImageName = \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 00000283 15:31:56 ProcessId = 5264 00000284 15:31:56 ImageInfo->SystemModeImage = 0 00000285 15:31:56 ImageInfo->ImageBase = 77180000 00000286 15:31:56 ImageInfo->ImageSize = 1060864 00000287 15:31:56 LoadImageNotifyRoutine 00000288 15:31:56 FullImageName = \WINDOWS\system32\msvcrt.dll 00000289 15:31:56 ProcessId = 5264 00000290 15:31:56 ImageInfo->SystemModeImage = 0 00000291 15:31:56 ImageInfo->ImageBase = 77be0000 00000292 15:31:56 ImageInfo->ImageSize = 360448 00000293 15:31:56 LoadImageNotifyRoutine 00000294 15:31:56 FullImageName = \WINDOWS\system32\gdi32.dll 00000295 15:31:56 ProcessId = 5264 00000296 15:31:56 ImageInfo->SystemModeImage = 0 00000297 15:31:56 ImageInfo->ImageBase = 77ef0000 00000298 15:31:56 ImageInfo->ImageSize = 299008 00000299 15:31:56 LoadImageNotifyRoutine 00000300 15:31:56 FullImageName = \WINDOWS\system32\user32.dll 00000301 15:31:56 ProcessId = 5264 00000302 15:31:56 ImageInfo->SystemModeImage = 0 00000303 15:31:56 ImageInfo->ImageBase = 77d10000 00000304 15:31:56 ImageInfo->ImageSize = 589824 00000305 15:31:56 LoadImageNotifyRoutine 00000306 15:31:56 FullImageName = \WINDOWS\system32\shlwapi.dll 00000307 15:31:56 ProcessId = 5264 00000308 15:31:56 ImageInfo->SystemModeImage = 0 00000309 15:31:56 ImageInfo->ImageBase = 77f40000 00000310 15:31:56 ImageInfo->ImageSize = 483328 00000311 15:31:56 LoadImageNotifyRoutine 00000312 15:31:56 FullImageName = \WINDOWS\system32\shell32.dll 00000313 15:31:56 ProcessId = 5264 00000314 15:31:56 ImageInfo->SystemModeImage = 0 00000315 15:31:56 ImageInfo->ImageBase = 7d590000 00000316 15:31:56 ImageInfo->ImageSize = 8339456 00000317 15:31:56 LoadImageNotifyRoutine 00000318 15:31:56 FullImageName = \WINDOWS\system32\winspool.drv 00000319 15:31:56 ProcessId = 5264 00000320 15:31:56 ImageInfo->SystemModeImage = 0 00000321 15:31:56 ImageInfo->ImageBase = 72f70000 00000322 15:31:56 ImageInfo->ImageSize = 155648 00000323 15:31:56 LoadImageNotifyRoutine 00000324 15:31:56 FullImageName = \WINDOWS\system32\shimeng.dll 00000325 15:31:56 ProcessId = 5264 00000326 15:31:56 ImageInfo->SystemModeImage = 0 00000327 15:31:56 ImageInfo->ImageBase = 5cc30000 00000328 15:31:56 ImageInfo->ImageSize = 155648 00000329 15:31:56 LoadImageNotifyRoutine 00000330 15:31:56 FullImageName = \WINDOWS\AppPatch\AcGenral.dll 00000331 15:31:56 ProcessId = 5264 00000332 15:31:56 ImageInfo->SystemModeImage = 0 00000333 15:31:56 ImageInfo->ImageBase = 58fb0000 00000334 15:31:56 ImageInfo->ImageSize = 1875968 00000335 15:31:56 LoadImageNotifyRoutine 00000336 15:31:56 FullImageName = \WINDOWS\system32\winmm.dll 00000337 15:31:56 ProcessId = 5264 00000338 15:31:56 ImageInfo->SystemModeImage = 0 00000339 15:31:56 ImageInfo->ImageBase = 76b10000 00000340 15:31:56 ImageInfo->ImageSize = 172032 00000341 15:31:56 LoadImageNotifyRoutine 00000342 15:31:56 FullImageName = \WINDOWS\system32\ole32.dll 00000343 15:31:56 ProcessId = 5264 00000344 15:31:56 ImageInfo->SystemModeImage = 0 00000345 15:31:56 ImageInfo->ImageBase = 76990000 00000346 15:31:56 ImageInfo->ImageSize = 1302528 00000347 15:31:56 LoadImageNotifyRoutine 00000348 15:31:56 FullImageName = \WINDOWS\system32\oleaut32.dll 00000349 15:31:56 ProcessId = 5264 00000350 15:31:56 ImageInfo->SystemModeImage = 0 00000351 15:31:56 ImageInfo->ImageBase = 770f0000 00000352 15:31:56 ImageInfo->ImageSize = 569344 00000353 15:31:56 LoadImageNotifyRoutine 00000354 15:31:56 FullImageName = \WINDOWS\system32\msacm32.dll 00000355 15:31:56 ProcessId = 5264 00000356 15:31:56 ImageInfo->SystemModeImage = 0 00000357 15:31:56 ImageInfo->ImageBase = 77bb0000 00000358 15:31:56 ImageInfo->ImageSize = 86016 00000359 15:31:56 LoadImageNotifyRoutine 00000360 15:31:56 FullImageName = \WINDOWS\system32\version.dll 00000361 15:31:56 ProcessId = 5264 00000362 15:31:56 ImageInfo->SystemModeImage = 0 00000363 15:31:56 ImageInfo->ImageBase = 77bd0000 00000364 15:31:56 ImageInfo->ImageSize = 32768 00000365 15:31:56 LoadImageNotifyRoutine 00000366 15:31:56 FullImageName = \WINDOWS\system32\userenv.dll 00000367 15:31:56 ProcessId = 5264 00000368 15:31:56 ImageInfo->SystemModeImage = 0 00000369 15:31:56 ImageInfo->ImageBase = 759d0000 00000370 15:31:56 ImageInfo->ImageSize = 716800 00000371 15:31:56 LoadImageNotifyRoutine 00000372 15:31:56 FullImageName = \WINDOWS\system32\uxtheme.dll 00000373 15:31:56 ProcessId = 5264 00000374 15:31:56 ImageInfo->SystemModeImage = 0 00000375 15:31:56 ImageInfo->ImageBase = 5adc0000 00000376 15:31:56 ImageInfo->ImageSize = 225280 00000377 15:31:56 LoadImageNotifyRoutine 00000378 15:31:56 FullImageName = \WINDOWS\system32\imm32.dll 00000379 15:31:56 ProcessId = 5264 00000380 15:31:56 ImageInfo->SystemModeImage = 0 00000381 15:31:56 ImageInfo->ImageBase = 76300000 00000382 15:31:56 ImageInfo->ImageSize = 118784 00000383 15:31:56 LoadImageNotifyRoutine 00000384 15:31:56 FullImageName = \WINDOWS\system32\lpk.dll 00000385 15:31:56 ProcessId = 5264 00000386 15:31:56 ImageInfo->SystemModeImage = 0 00000387 15:31:56 ImageInfo->ImageBase = 62c20000 00000388 15:31:56 ImageInfo->ImageSize = 36864 00000389 15:31:56 LoadImageNotifyRoutine 00000390 15:31:56 FullImageName = \WINDOWS\system32\usp10.dll 00000391 15:31:56 ProcessId = 5264 00000392 15:31:56 ImageInfo->SystemModeImage = 0 00000393 15:31:56 ImageInfo->ImageBase = 73fa0000 00000394 15:31:56 ImageInfo->ImageSize = 438272 00000395 15:31:56 LoadImageNotifyRoutine 00000396 15:31:56 FullImageName = \Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT 00000397 15:31:56 ProcessId = 5264 00000398 15:31:56 ImageInfo->SystemModeImage = 0 00000399 15:31:56 ImageInfo->ImageBase = 10000000 00000400 15:31:56 ImageInfo->ImageSize = 380928 00000401 15:31:56 LoadImageNotifyRoutine 00000402 15:31:56 FullImageName = \WINDOWS\system32\psapi.dll 00000403 15:31:56 ProcessId = 5264 00000404 15:31:56 ImageInfo->SystemModeImage = 0 00000405 15:31:56 ImageInfo->ImageBase = 76bc0000 00000406 15:31:56 ImageInfo->ImageSize = 45056 00000407 15:31:56 LoadImageNotifyRoutine 00000408 15:31:56 FullImageName = \WINDOWS\system32\wininet.dll 00000409 15:31:56 ProcessId = 5264 00000410 15:31:56 ImageInfo->SystemModeImage = 0 00000411 15:31:56 ImageInfo->ImageBase = 3e410000 00000412 15:31:56 ImageInfo->ImageSize = 942080 00000413 15:31:56 LoadImageNotifyRoutine 00000414 15:31:56 FullImageName = \WINDOWS\system32\normaliz.dll 00000415 15:31:56 ProcessId = 5264 00000416 15:31:56 ImageInfo->SystemModeImage = 0 00000417 15:31:56 ImageInfo->ImageBase = 00970000 00000418 15:31:56 ImageInfo->ImageSize = 36864 00000419 15:31:56 LoadImageNotifyRoutine 00000420 15:31:56 FullImageName = \WINDOWS\system32\urlmon.dll 00000421 15:31:56 ProcessId = 5264 00000422 15:31:56 ImageInfo->SystemModeImage = 0 00000423 15:31:56 ImageInfo->ImageBase = 43ce0000 00000424 15:31:56 ImageInfo->ImageSize = 1257472 00000425 15:31:56 LoadImageNotifyRoutine 00000426 15:31:56 FullImageName = \WINDOWS\system32\iertutil.dll 00000427 15:31:56 ProcessId = 5264 00000428 15:31:56 ImageInfo->SystemModeImage = 0 00000429 15:31:56 ImageInfo->ImageBase = 3eab0000 00000430 15:31:56 ImageInfo->ImageSize = 2011136 00000431 15:31:56 LoadImageNotifyRoutine 00000432 15:31:56 FullImageName = \WINDOWS\system32\ws2_32.dll 00000433 15:31:56 ProcessId = 5264 00000434 15:31:56 ImageInfo->SystemModeImage = 0 00000435 15:31:56 ImageInfo->ImageBase = 71a20000 00000436 15:31:56 ImageInfo->ImageSize = 94208 00000437 15:31:56 LoadImageNotifyRoutine 00000438 15:31:56 FullImageName = \WINDOWS\system32\ws2help.dll 00000439 15:31:56 ProcessId = 5264 00000440 15:31:56 ImageInfo->SystemModeImage = 0 00000441 15:31:56 ImageInfo->ImageBase = 71a10000 00000442 15:31:56 ImageInfo->ImageSize = 32768 00000443 15:31:56 LoadImageNotifyRoutine 00000444 15:31:56 FullImageName = \WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll 00000445 15:31:56 ProcessId = 5264 00000446 15:31:56 ImageInfo->SystemModeImage = 0 00000447 15:31:56 ImageInfo->ImageBase = 7c420000 00000448 15:31:56 ImageInfo->ImageSize = 552960 00000449 15:31:56 LoadImageNotifyRoutine 00000450 15:31:56 FullImageName = \WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll 00000451 15:31:56 ProcessId = 5264 00000452 15:31:56 ImageInfo->SystemModeImage = 0 00000453 15:31:56 ImageInfo->ImageBase = 78130000 00000454 15:31:56 ImageInfo->ImageSize = 634880 00000455 15:31:56 LoadImageNotifyRoutine 00000456 15:31:56 FullImageName = \WINDOWS\system32\MSCTF.dll 00000457 15:31:56 ProcessId = 5264 00000458 15:31:56 ImageInfo->SystemModeImage = 0 00000459 15:31:56 ImageInfo->ImageBase = 74680000 00000460 15:31:56 ImageInfo->ImageSize = 311296 00000461 15:31:56 LoadImageNotifyRoutine 00000462 15:31:56 FullImageName = \WINDOWS\system32\igfxdo.dll 00000463 15:31:56 ProcessId = 5264 00000464 15:31:56 ImageInfo->SystemModeImage = 0 00000465 15:31:56 ImageInfo->ImageBase = 00cc0000 00000466 15:31:56 ImageInfo->ImageSize = 147456 00000467 15:31:56 LoadImageNotifyRoutine 00000468 15:31:56 FullImageName = \WINDOWS\system32\msctfime.ime 00000469 15:31:56 ProcessId = 5264 00000470 15:31:56 ImageInfo->SystemModeImage = 0 00000471 15:31:56 ImageInfo->ImageBase = 73640000 00000472 15:31:56 ImageInfo->ImageSize = 188416 00000473 15:31:56 LoadImageNotifyRoutine 00000474 15:31:56 FullImageName = \Program Files\Tencent\RTXC\RTXOLAss.dll 00000475 15:31:56 ProcessId = 5264 00000476 15:31:56 ImageInfo->SystemModeImage = 0 00000477 15:31:56 ImageInfo->ImageBase = 00e20000 00000478 15:31:56 ImageInfo->ImageSize = 348160 00000479 15:31:56 LoadImageNotifyRoutine 00000480 15:31:56 FullImageName = \WINDOWS\system32\olepro32.dll 00000481 15:31:56 ProcessId = 5264 00000482 15:31:56 ImageInfo->SystemModeImage = 0 00000483 15:31:56 ImageInfo->ImageBase = 5efe0000 00000484 15:31:56 ImageInfo->ImageSize = 94208