EurekaLog 6.0.14 Application: ------------------------------------------------------- 1.1 Start Date : Tue, 17 Nov 2009 10:35:40 +0000 1.2 Name/Description: ModesXML.exe - (ModesXML) 1.3 Version Number : 1.2.0.152 1.4 Parameters : 1.5 Compilation Date: Mon, 9 Nov 2009 09:56:21 +0000 1.6 Up Time : 12 minutes, 39 seconds Exception: -------------------------------------------------------------------------------------------------------------- 2.1 Date : Tue, 17 Nov 2009 10:48:20 +0000 2.2 Address : 00404C0A 2.3 Module Name : ModesXML.exe - (ModesXML) 2.4 Module Version: 1.2.0.152 2.5 Type : EAccessViolation 2.6 Message : Access violation at address 00404C0A in module 'ModesXML.exe'. Read of address 0000010E. 2.7 ID : CD9E 2.8 Count : 1 2.9 Status : New 2.10 Note : User: ------------------------------------------------------- 3.1 ID : dmamw 3.2 Name : Norfolk County Council 3.3 Email : martin.warren@norfolk.gov.uk 3.4 Company : Norfolk County Council 3.5 Privileges: SeChangeNotifyPrivilege - ON SeShutdownPrivilege - OFF SeUndockPrivilege - ON SeCreateGlobalPrivilege - ON Active Controls: --------------------------------------------------------------------------------- 4.1 Form Class : TfrmMain.UnicodeClass 4.2 Form Text : ModesXML - [Application: Object records. File: Storage file] 4.3 Control Class: TModesStringGrid.UnicodeClass 4.4 Control Text : Computer: -------------------------------------------------------------------------------------- 5.1 Name : CS65392 5.2 Total Memory : 1014 Mb 5.3 Free Memory : 471 Mb 5.4 Total Disk : 74.5 Gb 5.5 Free Disk : 14.45 Gb 5.6 System Up Time: 1 hour, 4 minutes, 11 seconds 5.7 Processor : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz 5.8 Display Mode : 1280 x 1024, 32 bit 5.9 Display DPI : 96 5.10 Video Card : Intel(R) Q965/Q963 Express Chipset Family (driver 6.14.10.4642) 5.11 Printer : HP Color LaserJet 2500 PCL 6 (driver 4.14.0.18) Operating System: ------------------------------------ 6.1 Type : Microsoft Windows XP 6.2 Build # : 2600 6.3 Update : Service Pack 2 6.4 Language: English 6.5 Charset : 0 Network: --------------------------------- 7.1 IP Address: 010.108.162.067 7.2 Submask : 255.255.255.000 7.3 Gateway : 010.108.162.001 7.4 DNS 1 : 073.000.001.012 7.5 DNS 2 : 073.000.001.014 7.6 DHCP : ON Custom Information: --------------------------------------------------------------------------------------------------------------------- 8.1 Server Type : Remote 8.2 StyleSheetPath : \\ncu3mx02.norfolk.gov.uk\resources\stylesheets\ 8.3 ResourcePath : \\ncu3mx02.norfolk.gov.uk\resources\ 8.4 DataPath : \ 8.5 DTDPath : \\ncu3mx02.norfolk.gov.uk\resources\dtds\ 8.6 ServerName : ncu3mx02 8.7 ServerPort : 16000 8.8 AppDataFolder : C:\Documents and Settings\dmamw\Application Data\ModesXML\ 8.9 AppTempFolder : C:\Documents and Settings\dmamw\Application Data\ModesXML\Temp\ 8.10 Application : Object 8.11 FileName : Storage file 8.12 FileIndex : Identity number 8.13 SplitMode : False 8.14 EditMode : True 8.15 ActiveLeftTab : SRE 8.16 LeftTabStylesheet : N/A 8.17 ActiveRightTab : N/A 8.18 RightTabStylesheet : N/A 8.19 Transport : nxWinsockModes 8.20 Logged in user : dmamw 8.21 Server version : 2.0701 (ModesXML@ncu3mx02) 8.22 Uptime : 24.23:12:24 8.23 Sessions : 34 8.24 Databases : 43 8.25 Transaction Contexts : 43 8.26 Cursors : 255 8.27 Statements : 0 8.28 Folders : 6 8.29 Tables : 53 8.30 Block Cache Available (Recently / Frequently): 1,047,552 ( 1,045,556 / 1,996 ) kbyte 8.31 Block Cache Used (Recently / Frequently) : 1,047,468 ( 1,047,468 / 0 ) kbyte 8.32 Block Cache Tracked (Recently / Frequently) : 40 ( 40 / 0 ) kbyte 8.33 Block Cache Miss Recently Used : 2,507,372 8.34 Block Cache Miss Frequently Used : 0 8.35 Block Cache Hit Recently Used : 1,812,926,266 8.36 Block Cache Hit Frequently Used : 0 8.37 Block Cache Eviction Recently Used : 45 8.38 Block Cache Eviction Frequently Used : 0 8.39 Transaction Commit : 77,310 8.40 Transaction Commit Nested : 352,897 8.41 Transaction Rollback : 1,146 8.42 Transaction Rollback Nested : 46,344 8.43 Blocks Read : 2,507,368 8.44 Blocks Written : 3,598,561 8.45 Temporary Storage in use : 0 kbyte 8.46 Registered User Name : MX0083 8.47 Registered Institution : Norfolk Museums and Archaeology Service 8.48 Max. number of screens : 35 8.49 Number of users logged on : 4 8.50 User dmasj : 10.107.164.139 8.51 User administrator : 10.108.162.67 8.52 User dmamw : 10.108.162.67 8.53 User dmbjr : 10.107.164.139 Call Stack Information: ------------------------------------------------------------------------------------------------------------------- |Address |Module |Unit |Class |Procedure/Method |Line | ------------------------------------------------------------------------------------------------------------------- |Running Thread: ID=3828; Priority=0; Class=; [Main] | |-----------------------------------------------------------------------------------------------------------------| |00CC848F|ModesXML.exe|frXMLEditor.pas |TSre |AdjustTree |1497[3] | |00CC8454|ModesXML.exe|frXMLEditor.pas |TSre |AdjustTree |1494[0] | |00CCBE2B|ModesXML.exe|frXMLEditor.pas |TSre |actContractAllFormEntryExecute|3559[12] | |00CCBD9C|ModesXML.exe|frXMLEditor.pas |TSre |actContractAllFormEntryExecute|3547[0] | |00CD171E|ModesXML.exe|frXMLEditor.pas |TSre |actToggleFormEntryExecute |6630[2] | |00CD1710|ModesXML.exe|frXMLEditor.pas |TSre |actToggleFormEntryExecute |6628[0] | |00CB142E|ModesXML.exe|fdisplay.pas |TfrmDisplay |actToggleFormEntryExecute |8343[2] | |00CB1420|ModesXML.exe|fdisplay.pas |TfrmDisplay |actToggleFormEntryExecute |8341[0] | |00CDF005|ModesXML.exe|fmain.pas |TfrmMain |actToggleFormEntryExecute |3429[2] | |7E41F891|user32.dll | | |CallNextHookEx | | |7E41F658|user32.dll | | |CallWindowProcA | | |7E41F642|user32.dll | | |CallWindowProcA | | |0098118D|ModesXML.exe|TaskBarMenu.pas |TTaskBarMenu |AppWndProc |60[5] | |7E41F85B|user32.dll | | |CallNextHookEx | | |0089C339|ModesXML.exe|dxBar.pas | |dxBarWndProcHook |13542[30]| |7E42F3C7|user32.dll | | |SendMessageA | | |7E42F383|user32.dll | | |SendMessageA | | |00555038|ModesXML.exe|TntControls.pas |TWinControlTrap |WindowProc |672[19] | |7E41C660|user32.dll | | |CallWindowProcW | | |7E41C64A|user32.dll | | |CallWindowProcW | | |00554C8C|ModesXML.exe|TntControls.pas |TWinControlTrap |Win32Proc |560[12] | |7E41F85B|user32.dll | | |CallNextHookEx | | |0089C339|ModesXML.exe|dxBar.pas | |dxBarWndProcHook |13542[30]| |7E42F3C7|user32.dll | | |SendMessageA | | |7E42F383|user32.dll | | |SendMessageA | | |00CE17EC|ModesXML.exe|ModesXML.dpr | | |177[19] | |7C90E64C|ntdll.dll | | |NtSetInformationThread | | |-----------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=2796; Priority=0; Class= | |-----------------------------------------------------------------------------------------------------------------| |7C90E9A9|ntdll.dll | | |ZwWaitForMultipleObjects | | |7C90E787|ntdll.dll | | |ZwSetTimer | | |7C80952A|kernel32.dll| | |WaitForMultipleObjectsEx | | |7C80A070|kernel32.dll| | |WaitForMultipleObjects | | |7C80A05D|kernel32.dll| | |WaitForMultipleObjects | | |0060F79F|ModesXML.exe|nxsrFileImplWin32.pas |TnxFlushThread |Wait |1837[2] | |0060F78C|ModesXML.exe|nxsrFileImplWin32.pas |TnxFlushThread |Wait |1835[0] | |0060F6D6|ModesXML.exe|nxsrFileImplWin32.pas |TnxFlushThread |DoExecute |1811[29] | |0060F5B4|ModesXML.exe|nxsrFileImplWin32.pas |TnxFlushThread |DoExecute |1782[0] | |0060F3AB|ModesXML.exe|nxsrFileImplWin32.pas | |FlushThreadProc |1723[17] | |-----------------------------------------------------------------------------------------------------------------| |Calling Thread: ID=3828; Priority=0; Class=; [Main] | |-----------------------------------------------------------------------------------------------------------------| |00CE16AB|ModesXML.exe|ModesXML.dpr | | |158[0] | |7C90E64C|ntdll.dll | | |NtSetInformationThread | | |-----------------------------------------------------------------------------------------------------------------| | | |Running Thread: ID=3832; Priority=15; Class=TnxHeartbeatThread | |-----------------------------------------------------------------------------------------------------------------| |7C90E9BE|ntdll.dll | | |NtWaitForSingleObject | | |7C802540|kernel32.dll| | |WaitForSingleObjectEx | | |7C80252D|kernel32.dll| | |WaitForSingleObject | | |7C802520|kernel32.dll| | |WaitForSingleObject | | |006A71E1|ModesXML.exe|nxptBasePooledTransport.pas|TnxHeartbeatThread |InnerExecute |2218[3] | |005D7AF8|ModesXML.exe|nxllThread.pas |TnxInitThread |DoExecute |704[14] | |005D7915|ModesXML.exe|nxllThread.pas |TnxThread |Execute |507[3] | |-----------------------------------------------------------------------------------------------------------------| |Calling Thread: ID=3828; Priority=0; Class=; [Main] | |-----------------------------------------------------------------------------------------------------------------| |005D77FF|ModesXML.exe|nxllThread.pas |TnxThread |AfterConstruction |418[1] | |005D77FC|ModesXML.exe|nxllThread.pas |TnxThread |AfterConstruction |417[0] | |005D79FC|ModesXML.exe|nxllThread.pas |TnxInitThread |AfterConstruction |667[1] | |006A70DF|ModesXML.exe|nxptBasePooledTransport.pas|TnxHeartbeatThread |Create |2191[7] | |006A6FD4|ModesXML.exe|nxptBasePooledTransport.pas|TnxHeartbeatThread |Create |2184[0] | |006AAD12|ModesXML.exe|nxptBasePooledTransport.pas|TnxBasePooledTransport|scStarting |3914[30] | |006AAC20|ModesXML.exe|nxptBasePooledTransport.pas|TnxBasePooledTransport|scStarting |3884[0] | |006B3EE9|ModesXML.exe|nxtwWinsockTransport.pas |TnxWinsockTransport |scStarting |1612[1] | |004B7F6F|ModesXML.exe|nxllComponent.pas |TnxStateComponent |scSetState |1945[38] | |7C913229|ntdll.dll | | |LdrUnlockLoaderLock | | |004B8245|ModesXML.exe|nxllComponent.pas |TnxStateComponent |scShouldFollowTransition |1995[6] | |004B7C30|ModesXML.exe|nxllComponent.pas |TnxStateComponent |scDependentStateChange |1843[9] | |004B79BF|ModesXML.exe|nxllComponent.pas |TnxStateComponent |nxcNotification |1763[4] | |004B7978|ModesXML.exe|nxllComponent.pas |TnxStateComponent |nxcNotification |1759[0] | |006A3552|ModesXML.exe|nxllTransport.pas |TnxBaseTransport |nxcNotification |2019[1] | |006A353C|ModesXML.exe|nxllTransport.pas |TnxBaseTransport |nxcNotification |2018[0] | |006B3BCE|ModesXML.exe|nxtwWinsockTransport.pas |TnxWinsockTransport |nxcNotification |1561[1] | |004B6E63|ModesXML.exe|nxllComponent.pas |TnxComponent |nxcNotifyDependents |1314[10] | |004B8341|ModesXML.exe|nxllComponent.pas |TnxStateComponent |scStateChanging |2050[6] | |004B7E6B|ModesXML.exe|nxllComponent.pas |TnxStateComponent |scSetState |1921[14] | |7C901005|ntdll.dll | | |RtlEnterCriticalSection | | |7C9131D7|ntdll.dll | | |LdrLockLoaderLock | | |004926B0|ModesXML.exe|nxllUtils.pas | |nxCmpPtr |526[1] | |00490777|ModesXML.exe|nxllList.pas |TnxSortedList |slCompare |712[1] | |0049070A|ModesXML.exe|nxllList.pas |TnxSortedList |Find |689[7] | |00490527|ModesXML.exe|nxllList.pas |TnxSortedList |Add |645[5] | |0048F258|ModesXML.exe|nxllSync.pas |TnxPadlock |Unlock |372[1] | |00490AA6|ModesXML.exe|nxllList.pas |TnxListPadlock |EndWrite |878[1] | |004907B9|ModesXML.exe|nxllList.pas |TnxListSyncAccess |Add |724[4] | |00490780|ModesXML.exe|nxllList.pas |TnxListSyncAccess |Add |720[0] | |004B6A72|ModesXML.exe|nxllComponent.pas |TnxComponent |nxcAddDependent |1189[5] | |005EAF1F|ModesXML.exe|nxdb.pas |TnxBaseSession |nxcAddDependent |5135[4] | |004B6B00|ModesXML.exe|nxllComponent.pas |TnxComponent |nxcAddDependingOn |1198[5] | |004B7C5F|ModesXML.exe|nxllComponent.pas |TnxStateComponent |scSetActive |1867[2] | |008FEB33|ModesXML.exe|dmUser.pas |TuserDm |ConnectToServer |433[74] | |008FE598|ModesXML.exe|dmUser.pas |TuserDm |ConnectToServer |359[0] | |00901504|ModesXML.exe|dmUser.pas |TuserDm |Login |847[2] | |009014D4|ModesXML.exe|dmUser.pas |TuserDm |Login |845[0] | |00CE1768|ModesXML.exe|ModesXML.dpr | | |169[11] | |7C90E64C|ntdll.dll | | |NtSetInformationThread | | ------------------------------------------------------------------------------------------------------------------- Modules Information: ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00400000|ModesXML.exe |ModesXML |1.2.0.152 |12568576|2009-11-09 09:56:22|C:\Program Files\ModesXML\Client | |02C30000|ModesPDF.dll |WPViewPDF |1.4.1.0 |1108352 |2007-07-13 10:52:24|C:\Program Files\ModesXML\Client | |03320000|XfoInterface41.dll |XfoInterface |4.1.2007.704 |225280 |2007-07-04 13:04:30|C:\Program Files\ModesXML\Client\AHFO4_1 | |03360000|pthreadVSE2.dll | |2.2.0.0 |86071 |2005-04-08 15:27:02|C:\Program Files\ModesXML\Client\AHFO4_1 | |03380000|XfoFont41.dll |XfoFont |4.1.2007.704 |147456 |2007-07-04 12:53:46|C:\Program Files\ModesXML\Client\AHFO4_1 | |033B0000|XfoText41.dll |XfoText |4.1.2007.704 |86016 |2007-07-04 12:54:00|C:\Program Files\ModesXML\Client\AHFO4_1 | |037D0000|XfoHyphen41.dll |XfoHyphen |4.1.2007.704 |81920 |2007-07-04 13:00:22|C:\Program Files\ModesXML\Client\AHFO4_1 | |03890000|XfoTrans41.dll |XfoTrans |4.1.2007.704 |110592 |2007-07-04 13:02:52|C:\Program Files\ModesXML\Client\AHFO4_1 | |03950000|XfoEngine41.dll |XfoEngine |4.1.2007.704 |1523712 |2007-07-04 13:02:48|C:\Program Files\ModesXML\Client\AHFO4_1 | |03AD0000|XfoDMC41.dll |XfoDMC |4.1.2007.704 |360448 |2007-07-04 12:52:58|C:\Program Files\ModesXML\Client\AHFO4_1 | |03D30000|AHFont20.dll | | |987136 |2007-07-04 12:53:40|C:\Program Files\ModesXML\Client\AHFO4_1 | |03E30000|XfoCommon41.dll |XfoCommon |4.1.2007.704 |909312 |2007-07-04 12:53:32|C:\Program Files\ModesXML\Client\AHFO4_1 | |03F20000|XfoGraphic41.dll |XfoGraphic |4.1.2007.704 |1765376 |2007-07-04 13:00:14|C:\Program Files\ModesXML\Client\AHFO4_1 | |040E0000|PDFToolPage10.dll | | |749568 |2007-07-04 12:53:56|C:\Program Files\ModesXML\Client\AHFO4_1 | |041A0000|AHGraphic20.dll | | |811008 |2007-06-29 21:40:04|C:\Program Files\ModesXML\Client\AHFO4_1 | |04270000|PDFExplorer21.dll | | |1118208 |2007-07-04 12:54:06|C:\Program Files\ModesXML\Client\AHFO4_1 | |04390000|PDFRes10.dll | | |3731456 |2007-07-04 12:54:02|C:\Program Files\ModesXML\Client\AHFO4_1 | |04720000|XfoHyphenCH41.dll |XfoHyphenCH |4.1.2007.704 |835584 |2007-07-04 13:00:40|C:\Program Files\ModesXML\Client\AHFO4_1 | |047F0000|XfoGdiCtl41.dll |XfoGdiCtl |4.1.2007.704 |266240 |2007-07-04 13:04:22|C:\Program Files\ModesXML\Client\AHFO4_1 | |04840000|XfoRender41.dll |XfoRender |4.1.2007.704 |2420736 |2007-07-04 13:04:10|C:\Program Files\ModesXML\Client\AHFO4_1 | |04AA0000|PDFCreator25.dll | | |1253376 |2007-07-04 13:03:00|C:\Program Files\ModesXML\Client\AHFO4_1 | |04BE0000|PDFLinearizer11.dll| | |708608 |2007-07-04 13:03:02|C:\Program Files\ModesXML\Client\AHFO4_1 | |04CA0000|SVGCreator41.dll |SVGCreator |4.1.2007.704 |434176 |2007-07-04 13:03:06|C:\Program Files\ModesXML\Client\AHFO4_1 | |10000000|XfoComCtl41.dll |XfoComCtl |4.1.2007.704 |90112 |2007-07-04 13:04:32|C:\Program Files\ModesXML\Client\AHFO4_1 | |10100000|lgscroll.dll |Logitech Scroll Enabler (UNICODE) |3.15.231.0 |44544 |2006-10-25 16:13:44|C:\Program Files\Logitech\SetPoint | |20000000|xpsp2res.dll |Service Pack 2 Messages |5.1.2600.2180 |2897920 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |4A800000|icuuc34.dll |IBM ICU Common DLL |3.4.1.0 |819200 |2006-07-18 12:33:22|C:\Program Files\ModesXML\Client\AHFO4_1 | |4A900000|icuin34.dll |IBM ICU I18N DLL |3.4.1.0 |696320 |2006-07-18 12:33:20|C:\Program Files\ModesXML\Client\AHFO4_1 | |4AD00000|icudt34.dll |ICU Data DLL |3.4.1.0 |8876032 |2006-07-18 12:33:20|C:\Program Files\ModesXML\Client\AHFO4_1 | |4EC50000|gdiplus.dll |Microsoft GDI+ |5.1.3102.2180 |1712128 |2004-08-04 12:00:00|C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82 | |5AD70000|UxTheme.dll |Microsoft UxTheme Library |6.0.2900.2180 |218624 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |5B860000|NETAPI32.dll |Net Win32 API DLL |5.1.2600.3462 |332800 |2008-10-15 16:57:56|C:\WINDOWS\system32 | |5D090000|comctl32.dll |Common Controls Library |5.82.2900.2982 |617472 |2006-08-25 15:45:58|C:\WINDOWS\system32 | |5EDD0000|olepro32.dll | |5.1.2600.2180 |83456 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |662B0000|hnetcfg.dll |Home Networking Configuration Manager |5.1.2600.2180 |344064 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |69B10000|msxml4.dll |MSXML 4.0 SP 2 |4.20.9848.0 |1275392 |2007-05-08 14:03:04|C:\WINDOWS\system32 | |6FA00000|sophos_detoured.dll|Sophos Buffer Overrun Protection |1.0.0.4030 |195072 |2009-09-03 07:37:26|C:\Program Files\Sophos\Sophos Anti-Virus | |71A50000|mswsock.dll |Microsoft Windows Sockets 2.0 Service Provider |5.1.2600.2180 |245248 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |71A90000|wshtcpip.dll |Windows Sockets Helper DLL |5.1.2600.2180 |19968 |2004-08-04 12:00:00|C:\WINDOWS\System32 | |71AA0000|WS2HELP.dll |Windows Socket 2.0 Helper for Windows NT |5.1.2600.2180 |19968 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |71AB0000|WS2_32.dll |Windows Socket 2.0 32-Bit DLL |5.1.2600.2180 |82944 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |71AD0000|wsock32.dll |Windows Socket 32-Bit DLL |5.1.2600.2180 |22528 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |71B20000|mpr.dll |Multiple Provider Router DLL |5.1.2600.2180 |59904 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |71BF0000|SAMLIB.dll |SAM Library DLL |5.1.2600.2180 |64000 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |72D10000|msacm32.drv |Microsoft Sound Mapper |5.1.2600.0 |20480 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |72D20000|wdmaud.drv |WDM Audio driver mapper |5.1.2600.2180 |23552 |2004-08-03 23:56:58|C:\WINDOWS\system32 | |73000000|winspool.drv |Windows Spooler Driver |5.1.2600.2180 |146432 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |73B30000|mscms.dll |Microsoft Color Matching System DLL |5.1.2600.2709 |74240 |2005-06-29 01:46:00|C:\WINDOWS\system32 | |73B50000|avifil32.dll |Microsoft AVI File support library |5.1.2600.2180 |84992 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |73BC0000|DCIMAN32.DLL |DCI Manager |5.1.2600.2180 |8704 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |74720000|MSCTF.dll |MSCTF Server DLL |5.1.2600.2180 |294400 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |74C80000|oleacc.dll |Active Accessibility Core Component |4.2.5406.0 |163328 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |74D90000|USP10.dll |Uniscribe Unicode script processor |1.420.2600.2180 |406528 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |754D0000|CRYPTUI.dll |Microsoft Trust UI Provider |5.131.2600.2180 |512512 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |75A70000|MSVFW32.dll |Microsoft Video for Windows DLL |5.1.2600.2180 |120832 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |75E90000|SXS.DLL |Fusion 2.5 |5.1.2600.3019 |713216 |2006-10-19 13:56:32|C:\WINDOWS\system32 | |76080000|MSVCP60.dll |Microsoft (R) C++ Runtime Library |6.2.3104.0 |413696 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |76380000|msimg32.dll |GDIEXT Client DLL |5.1.2600.2180 |4608 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |763B0000|comdlg32.dll |Common Dialogs DLL |6.0.2900.2180 |276992 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |76B20000|ATL.DLL |ATL Module for Windows XP (Unicode) |3.5.2284.0 |58880 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |76B40000|winmm.dll |MCI API DLL |5.1.2600.2180 |176128 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |76BF0000|PSAPI.DLL |Process Status Helper |5.1.2600.2180 |23040 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |76C30000|WINTRUST.dll |Microsoft Trust Verification APIs |5.131.2600.2180 |176640 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |76C90000|IMAGEHLP.dll |Windows NT Image Helper |5.1.2600.2180 |144384 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |76F20000|DNSAPI.dll |DNS Client API DLL |5.1.2600.2938 |148480 |2006-06-26 17:37:10|C:\WINDOWS\system32 | |76F60000|WLDAP32.dll |Win32 LDAP API DLL |5.1.2600.2180 |172032 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |76FB0000|winrnr.dll |LDAP RnR Provider DLL |5.1.2600.2180 |16896 |2004-08-04 12:00:00|C:\WINDOWS\System32 | |76FC0000|rasadhlp.dll |Remote Access AutoDial Helper |5.1.2600.2938 |8192 |2006-06-26 17:37:10|C:\WINDOWS\system32 | |76FD0000|CLBCATQ.DLL | |2001.12.4414.308|498688 |2005-07-26 04:39:44|C:\WINDOWS\system32 | |77050000|COMRes.dll | |2001.12.4414.258|792064 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |77120000|oleaut32.dll | |5.1.2600.3139 |549376 |2007-05-17 11:28:06|C:\WINDOWS\system32 | |771B0000|wininet.dll |Internet Extensions for Win32 |6.0.2900.3164 |658944 |2007-06-26 14:09:10|C:\WINDOWS\system32 | |773D0000|comctl32.dll |User Experience Controls Library |6.0.2900.2982 |1054208 |2006-08-25 15:45:56|C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03| |774E0000|ole32.dll |Microsoft OLE for Windows |5.1.2600.2726 |1285120 |2005-07-26 04:39:48|C:\WINDOWS\system32 | |77690000|NTMARTA.DLL |Windows NT MARTA provider |5.1.2600.2180 |118784 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |77920000|SETUPAPI.dll |Windows Setup API |5.1.2600.2938 |985088 |2006-06-26 17:51:30|C:\WINDOWS\system32 | |77A80000|CRYPT32.dll |Crypto API32 |5.131.2600.2180 |597504 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |77B20000|MSASN1.dll |ASN.1 Runtime APIs |5.1.2600.2180 |57344 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |77BD0000|midimap.dll |Microsoft MIDI Mapper |5.1.2600.2180 |18944 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |77BE0000|MSACM32.dll |Microsoft ACM Audio Filter |5.1.2600.2180 |71680 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |77C00000|version.dll |Version Checking and File Installation Libraries|5.1.2600.2180 |18944 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |77C10000|msvcrt.dll |Windows NT CRT DLL |7.0.2600.2180 |343040 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |77DD0000|advapi32.dll |Advanced Windows 32 Base API |5.1.2600.2180 |616960 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |77E70000|RPCRT4.dll |Remote Procedure Call Runtime |5.1.2600.2180 |581120 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |77F10000|GDI32.dll |GDI Client DLL |5.1.2600.3159 |282112 |2007-06-19 13:31:20|C:\WINDOWS\system32 | |77F60000|SHLWAPI.dll |Shell Light-weight Utility Library |6.0.2900.3157 |474112 |2007-06-14 18:09:20|C:\WINDOWS\system32 | |77FE0000|Secur32.dll |Security Support Provider Interface |5.1.2600.2180 |55808 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |78130000|MSVCR80.dll |Microsoft® C Runtime Library |8.0.50727.163 |626688 |2006-06-05 13:14:28|C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb | |7C340000|MSVCR71.dll |Microsoft® C Runtime Library |7.10.3052.4 |348160 |2004-04-20 09:58:04|C:\Program Files\ModesXML\Client\AHFO4_1 | |7C420000|MSVCP80.dll |Microsoft® C++ Runtime Library |8.0.50727.163 |548864 |2006-06-05 13:14:28|C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb | |7C800000|kernel32.dll |Windows NT BASE API Client DLL |5.1.2600.3119 |984576 |2007-04-16 15:52:54|C:\WINDOWS\system32 | |7C900000|ntdll.dll |NT Layer DLL |5.1.2600.2180 |708096 |2004-08-04 12:00:00|C:\WINDOWS\system32 | |7C9C0000|shell32.dll |Windows Shell Common Dll |6.0.2900.3051 |8453632 |2006-12-19 21:52:18|C:\WINDOWS\system32 | |7E290000|shdocvw.dll |Shell Doc Object and Control Library |6.0.2900.3157 |1494528 |2007-06-14 18:09:20|C:\WINDOWS\system32 | |7E410000|user32.dll |Windows XP USER API Client DLL |5.1.2600.3099 |577536 |2007-03-08 15:36:28|C:\WINDOWS\system32 | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: ------------------------------------------------------------------------------------------------------------------------------------------------------------ |ID |Name |Description |Version |Memory |Priority|Threads|Path | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |132 |KHALMNPR.EXE |Logitech KHAL Main Process |3.1.206.0 |5124096 |Normal |15 |C:\Program Files\Common Files\Logitech\khalshared| |692 |svchost.exe |Generic Host Process for Win32 Services |5.1.2600.2180|3358720 |Normal |2 |C:\WINDOWS\System32 | |748 |svchost.exe |Generic Host Process for Win32 Services |5.1.2600.2180|3338240 |Normal |2 |C:\WINDOWS\System32 | |1516|ALMon.exe |Component to show AutoUpdate's GUI elements.|3.11.56.190 |962560 |Normal |5 |C:\Program Files\Sophos\AutoUpdate | |1868|ctfmon.exe |CTF Loader |5.1.2600.2180|4079616 |Normal |1 |C:\WINDOWS\system32 | |2188|SetPoint.exe |Logitech SetPoint Event Manager (UNICODE) |3.15.231.0 |9101312 |Normal |3 |C:\Program Files\Logitech\SetPoint | |2960|Explorer.EXE |Windows Explorer |6.0.2900.3156|19550208|Normal |10 |C:\WINDOWS | |3124|DrgToDsc.exe |Drag To Disc Application |9.0.0.53 |6316032 |Normal |4 |C:\Program Files\Roxio\Drag-to-Disc | |3256|smax4pnp.exe |SMax4PNP |6.0.0.61 |4173824 |Normal |3 |C:\Program Files\Analog Devices\Core | |3372|ModesAdmin.exe| |1.1.0.28 |14008320|Normal |5 |C:\Program Files\ModesXML\Admin | |3404|PNAMAIN.EXE |Citrix Applications |11.0.0.5357 |8163328 |Normal |5 |C:\Program Files\Citrix\ICA Client | |3596|SCFTray.exe |Sophos Client Firewall Tray icon |1.5.0.193 |4255744 |Normal |7 |C:\Program Files\Sophos\Sophos Client Firewall | |3812|ModesXML.exe |ModesXML |1.2.0.152 |40742912|Normal |11 |C:\Program Files\ModesXML\Client | |3856|hkcmd.exe |hkcmd Module |3.0.0.4642 |3362816 |Normal |2 |C:\WINDOWS\system32 | |3996|igfxpers.exe |persistence Module |3.0.0.4642 |3313664 |Normal |3 |C:\WINDOWS\system32 | |4032|PDVDDXSrv.exe |CyberLink PowerCinema Resident Program |4.5.0.0 |5885952 |Normal |2 |C:\Program Files\CyberLink\PowerDVD DX | ------------------------------------------------------------------------------------------------------------------------------------------------------------ Assembler Information: ------------------------------------------------- 00404BF3 mov eax, [eax] 00404BF5 call -$00000052 00404BFA mov eax, esi 00404BFC pop esi 00404BFD jnz +$06 00404BFF pop ecx 00404C00 jmp -$00001591 00404C05 ret 00404C06 mov eax, eax 00404C08 jmp +$02 00404C0A mov eax, [eax] ; <-- EXCEPTION 00404C0C cmp eax, edx 00404C0E jz +$08 00404C10 mov eax, [eax-$24] 00404C13 test eax, eax 00404C15 jnz -$0D 00404C17 ret Registers: ----------------------------- EAX: 0000010E EDI: 00000051 EBX: 7ED1E120 ESI: 009119EC ECX: 00000000 ESP: 0012F624 EDX: 009119EC EIP: 00404C0A Stack: Memory Dump: ------------------ --------------------------------------------------------------------------- 0012F624: 00404B7B 00404C0A: 8B 00 39 D0 74 08 8B 40 DC 85 C0 75 F3 C3 B0 01 ..9.t..@...u.... 0012F628: 00000000 00404C1A: C3 90 51 83 C0 C4 8B 00 89 04 24 8B 04 24 5A C3 ..Q.......$..$Z. 0012F62C: 7F9D1E30 00404C2A: 8B C0 B8 FF FF 00 80 C3 8B C0 C3 8D 40 00 C3 8D ............@... 0012F630: 00CC8494 00404C3A: 40 00 C3 8D 40 00 56 66 8B 32 66 09 F6 74 17 66 @...@.Vf.2f..t.f 0012F634: 7FB84560 00404C4A: 81 FE 00 C0 73 10 50 8B 00 E8 50 FF FF FF 58 74 ....s.P...P...Xt 0012F638: 00000031 00404C5A: 05 89 F1 5E FF E1 5E 8B 08 FF 61 F0 C3 90 53 56 ...^..^...a...SV 0012F63C: 00000051 00404C6A: 57 31 C9 31 FF 8A 1A EB 02 8B 00 8B 70 CC 85 F6 W1.1........p... 0012F640: 00000000 00404C7A: 74 15 66 8B 3E 83 C6 02 8A 4E 06 38 D9 74 15 66 t.f.>....N.8.t.f 0012F644: 0012F664 00404C8A: 8B 0E 01 CE 4F 75 F1 8B 40 DC 85 C0 75 DB EB 18 ....Ou..@...u... 0012F648: 00CCBE30 00404C9A: 8A 1A EB EB B5 00 8A 5C 31 06 32 1C 11 80 E3 DF .......\1.2..... 0012F64C: 0012F6C0 00404CAA: 75 EE 49 75 F1 8B 46 02 5F 5E 5B C3 8B C0 53 56 u.Iu..F._^[...SV 0012F650: 004051A8 00404CBA: 57 89 CF 31 DB 31 C9 EB 02 8B 00 8B 70 CC 85 F6 W..1.1......p... 0012F654: 0012F664 00404CCA: 74 13 66 8B 0E 83 C6 02 3B 56 02 74 13 66 8B 1E t.f.....;V.t.f.. 0012F658: 00522D90 00404CDA: 01 DE 49 75 F3 8B 40 DC 85 C0 75 DD 88 07 EB 0A ..Iu..@...u..... 0012F65C: 7FA60930 00404CEA: 83 C6 06 31 C9 8A 0E 41 F3 A4 5F 5E 5B C3 53 56 ...1...A.._^[.SV 0012F660: 7F9D1E30 00404CFA: 57 31 C9 31 FF 8A 1A 50 8B 00 8B 70 C8 85 F6 74 W1.1...P...p...t