EurekaLog 6.1.05 RC 3 Application: ------------------------------------------------------- 1.1 Start Date : Sat, 21 Sep 2013 10:43:07 +0400 1.2 Name/Description: SASPlanet.exe 1.3 Version Number : 13.9.21.7503 1.4 Parameters : 1.5 Compilation Date: Wed, 28 Aug 2013 23:31:38 +0400 1.6 Up Time : 3 minutes, 33 seconds Exception: ----------------------------------------------------- 2.1 Date : Sat, 21 Sep 2013 10:46:40 +0400 2.2 Address : 08A5F0AA 2.3 Module Name : libge.dll 2.4 Module Version: 1.0.0.0 2.5 Type : EMemoryOverrun 2.6 Message : Memory Overrun leak. 2.7 ID : AEE0 2.8 Count : 13 User: ------------------------------------------------------- 3.1 ID : aantuch 3.2 Name : aantuch 3.3 Email : 3.4 Company : 3.5 Privileges: SeIncreaseQuotaPrivilege - OFF SeSecurityPrivilege - OFF SeTakeOwnershipPrivilege - OFF SeLoadDriverPrivilege - OFF SeSystemProfilePrivilege - OFF SeSystemtimePrivilege - OFF SeProfileSingleProcessPrivilege - OFF SeIncreaseBasePriorityPrivilege - OFF SeCreatePagefilePrivilege - OFF SeBackupPrivilege - OFF SeRestorePrivilege - OFF SeShutdownPrivilege - OFF SeDebugPrivilege - OFF SeSystemEnvironmentPrivilege - OFF SeChangeNotifyPrivilege - ON SeRemoteShutdownPrivilege - OFF SeUndockPrivilege - OFF SeManageVolumePrivilege - OFF SeImpersonatePrivilege - ON SeCreateGlobalPrivilege - ON SeIncreaseWorkingSetPrivilege - OFF SeTimeZonePrivilege - OFF SeCreateSymbolicLinkPrivilege - OFF Active Controls: --------------------------------------------------- 4.1 Form Class : TfrmMain 4.2 Form Text : SAS.Planet 130921.7503 Nightly 4.3 Control Class: TfrmMain 4.4 Control Text : SAS.Planet 130921.7503 Nightly Computer: ----------------------------------------------------------------------------------- 5.1 Name : TOLIK-HP6560B 5.2 Total Memory : 3014 Mb 5.3 Free Memory : 1439 Mb 5.4 Total Disk : 58.59 Gb 5.5 Free Disk : 2.16 Gb 5.6 System Up Time: 6 days, 13 hours, 38 minutes, 50 seconds 5.7 Processor : Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz 5.8 Display Mode : 1600 x 900, 32 bit 5.9 Display DPI : 120 5.10 Video Card : Intel(R) HD Graphics 3000 (driver 9.17.10.2932 - RAM 1283 MB) 5.11 Printer : HP LaserJet 6L (driver 6.1.7601.17514) Operating System: ----------------------------------- 6.1 Type : Microsoft Windows 7 6.2 Build # : 7601 6.3 Update : Service Pack 1 6.4 Language: Russian 6.5 Charset : 204 Network: --------------------------------------------------------------------------------------- 7.1 IP Address: 192.168.001.159 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.2 Submask : 255.255.255.000 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.3 Gateway : 192.168.001.001 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.4 DNS 1 : 192.168.001.001 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.5 DNS 2 : 000.000.000.000 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.6 DHCP : ON - ON - ON - ON Call Stack Information: -------------------------------------------------------------------------------------------------------------------- |Address |Module |Unit |Class |Procedure/Method |Line | -------------------------------------------------------------------------------------------------------------------- |*Exception Thread: ID=3536; Priority=1; Class=; [Main] | |------------------------------------------------------------------------------------------------------------------| |08A5F0AA|libge.dll | | | | | |08A6E980|libge.dll |u_GoogleEarthTileInfoList.pas |TGoogleEarthTileInfoList |Add |75[13] | |08A76122|libge.dll |u_GoogleEarthCacheProvider.pas|TGoogleEarthCacheProvider|GetListOfTileVersions |301[21]| |774D3499|ntdll.dll | | |RtlMultiByteToUnicodeN | | |774D2C73|ntdll.dll | | |RtlFreeHeap | | |774D2BFA|ntdll.dll | | |RtlFreeHeap | | |774D5677|ntdll.dll | | |RtlDeleteBoundaryDescriptor| | |763ECDAB|USER32.dll | | |OffsetRect | | |774C76E0|ntdll.dll | | |RtlLeaveCriticalSection | | |763DBB6B|USER32.dll | | |DefWindowProcA | | |76402BE9|USER32.dll | | |CallWindowProcA | | |76402BD3|USER32.dll | | |CallWindowProcA | | |763DAC19|USER32.dll | | |CallNextHookEx | | |76402B84|USER32.dll | | |GetPropA | | |76402B61|USER32.dll | | |GetPropA | | |763E2E3C|USER32.dll | | |DispatchMessageA | | |763E2E32|USER32.dll | | |DispatchMessageA | | |771EED6A|kernel32.dll| | |GetDriveTypeW | | -------------------------------------------------------------------------------------------------------------------- Modules Information: ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00200000|zlib1.dll |zlib data compression library |1.2.7.0 |66048 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |00310000|UnlockerHook.dll| | |4608 |2010-07-05 01:32:36|C:\Program Files\Unlocker | |00360000|btmmhook.dll |Multimedia Keys Hook DLL |6.3.0.8200 |226592 |2011-03-25 16:26:00|C:\Program Files\WIDCOMM\Bluetooth Software | |00400000|SASPlanet.exe | |13.9.21.7503 |4953088 |2013-09-21 04:02:48|C:\ut\SASPlanet.Nightly | |02120000|f1ct.dll | | |127488 |2012-11-03 19:25:20|C:\ut\SASPlanet.Nightly | |06E60000|TimeZone.dll |Used tzdata.2012j (2012-11-13) and tz_world_mp (2012-10-08)|1.0.1.1 |17019904|2012-11-24 16:53:04|C:\ut\SASPlanet.Nightly | |089F0000|libge.dll | |1.0.0.0 |720896 |2013-08-28 22:31:36|C:\ut\SASPlanet.Nightly | |09130000|libdb51.dll |Berkeley DB 5.1 DLL |5.0.1.29 |1088000 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |10000000|FreeImage.dll |FreeImage library |3.15.3.0 |322560 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |60F50000|leveldb.dll |LevelDB 1.12.0 for win32 |1.12.0.0 |221184 |2013-07-22 18:01:24|C:\ut\SASPlanet.Nightly | |60F90000|jpeg62.dll | | |244736 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |611F0000|libpng15.dll |PNG image compression library |1.5.12.0 |135680 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |66BB0000|pshook.dll |Punto Switcher hook module |3.2.9.240 |25424 |2013-07-09 13:32:34|C:\Program Files\Yandex\Punto Switcher | |675C0000|MSVCP90.dll |Microsoft® C++ Runtime Library |9.0.30729.5570 |569680 |2012-06-03 21:38:10|C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a | |69100000|ieframe.dll |Internet Browser |8.0.7601.18126 |11020800|2013-04-10 09:02:58|C:\Windows\System32 | |6A000000|mshtml.dll |Microsoft (R) HTML Viewer |8.0.7601.18129 |6033408 |2013-05-06 17:04:22|C:\Windows\System32 | |6AD50000|mlang.dll |Multi Language Support DLL |6.1.7600.16385 |177664 |2009-07-14 05:15:42|C:\Windows\system32 | |6ADB0000|olepro32.dll | |6.1.7601.17514 |90112 |2010-11-20 16:20:50|C:\Windows\system32 | |6C3E0000|sensapi.dll |SENS Connectivity API DLL |6.1.7600.16385 |10752 |2009-07-14 05:16:14|C:\Windows\system32 | |6C700000|MSVCR90.dll |Microsoft® C Runtime Library |9.0.30729.5570 |653136 |2012-06-03 21:38:10|C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a | |6D190000|msls31.dll |Microsoft Line Services library file |3.10.349.0 |157184 |2009-07-14 05:15:46|C:\Windows\System32 | |708D0000|rasadhlp.dll |Remote Access AutoDial Helper |6.1.7600.16385 |11776 |2009-07-14 05:16:14|C:\Windows\system32 | |70E50000|winmm.dll |MCI API DLL |6.1.7601.17514 |194048 |2010-11-20 16:21:38|C:\Windows\system32 | |71A90000|fwpuclnt.dll |FWP/IPsec User-Mode API |6.1.7601.17514 |216576 |2010-11-20 16:19:04|C:\Windows\System32 | |71B30000|CityHash.dll | | |14336 |2013-08-12 04:01:10|C:\ut\SASPlanet.Nightly | |71F50000|WINNSI.DLL |Network Store Information RPC interface |6.1.7600.16385 |16896 |2009-07-14 05:16:20|C:\Windows\system32 | |71F60000|iphlpapi.DLL |IP Helper API |6.1.7601.17514 |103936 |2010-11-20 16:19:24|C:\Windows\system32 | |732F0000|msimg32.dll |GDIEXT Client DLL |6.1.7600.16385 |4608 |2009-07-14 05:15:46|C:\Windows\system32 | |73390000|OLEACC.dll |Active Accessibility Core Component |7.0.0.0 |233472 |2011-08-27 08:26:28|C:\Windows\System32 | |733D0000|wsock32.dll |Windows Socket 32-Bit DLL |6.1.7600.16385 |15360 |2009-07-14 05:16:22|C:\Windows\system32 | |73490000|rtutils.dll |Routing Utilities |6.1.7601.17514 |37376 |2010-11-20 16:21:04|C:\Windows\system32 | |734A0000|rasman.dll |Remote Access Connection Manager |6.1.7600.16385 |76800 |2009-07-14 05:16:14|C:\Windows\system32 | |734C0000|RASAPI32.dll |Remote Access API |6.1.7600.16385 |325120 |2009-07-14 05:16:14|C:\Windows\system32 | |73B50000|NLAapi.dll |Network Location Awareness 2 |6.1.7601.17964 |52224 |2012-10-03 20:42:28|C:\Windows\system32 | |73D10000|ntmarta.dll |Windows NT MARTA provider |6.1.7600.16385 |121856 |2009-07-14 05:16:12|C:\Windows\system32 | |73F50000|uxtheme.dll |Microsoft UxTheme Library |6.1.7600.16385 |249856 |2009-07-14 05:16:18|C:\Windows\system32 | |74520000|wshtcpip.dll |Winsock2 Helper DLL (TL/IPv4) |6.1.7600.16385 |9216 |2009-07-14 05:16:22|C:\Windows\System32 | |74610000|version.dll |Version Checking and File Installation Libraries |6.1.7600.16385 |21504 |2009-07-14 05:16:18|C:\Windows\system32 | |74650000|winspool.drv |Windows Spooler Driver |6.1.7601.17514 |320000 |2010-11-20 16:16:52|C:\Windows\system32 | |74C70000|dnsapi.DLL |DNS Client API DLL |6.1.7601.17570 |270336 |2011-03-03 09:38:02|C:\Windows\system32 | |74DA0000|mswsock.dll |Microsoft Windows Sockets 2.0 Service Provider |6.1.7601.17514 |232448 |2010-11-20 16:19:58|C:\Windows\system32 | |74E80000|wship6.dll |Winsock2 Helper DLL (TL/IPv6) |6.1.7600.16385 |10752 |2009-07-14 05:16:22|C:\Windows\System32 | |74F80000|dwmapi.dll |Microsoft Desktop Window Manager API |6.1.7600.16385 |67072 |2009-07-14 05:15:14|C:\Windows\system32 | |75090000|comctl32.dll |User Experience Controls Library |6.10.7601.17514 |1680896 |2010-11-20 15:55:10|C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2| |754E0000|SspiCli.dll |Security Support Provider Interface |6.1.7601.17725 |100352 |2011-11-17 09:34:56|C:\Windows\system32 | |75500000|apphelp.dll |Application Compatibility Client Library |6.1.7601.17514 |295936 |2010-11-20 16:18:04|C:\Windows\system32 | |75550000|CRYPTBASE.dll |Base cryptographic API DLL |6.1.7600.16385 |36864 |2009-07-14 05:15:08|C:\Windows\system32 | |75560000|SXS.DLL |Fusion 2.5 |6.1.7601.17514 |380416 |2010-11-20 16:21:28|C:\Windows\system32 | |755D0000|profapi.dll |User Profile Basic API |6.1.7600.16385 |31744 |2009-07-14 05:16:14|C:\Windows\system32 | |75640000|MSASN1.dll |ASN.1 Runtime APIs |6.1.7601.17514 |34304 |2010-11-20 16:19:46|C:\Windows\system32 | |75730000|KERNELBASE.dll |Windows NT BASE API Client DLL |6.1.7601.18015 |293376 |2012-11-30 08:47:46|C:\Windows\system32 | |75780000|CRYPT32.dll |Crypto API32 |6.1.7601.17856 |1159680 |2012-06-02 08:36:30|C:\Windows\system32 | |758D0000|MSCTF.dll |MSCTF Server DLL |6.1.7600.16385 |828928 |2009-07-14 05:15:44|C:\Windows\system32 | |759A0000|advapi32.dll |Advanced Windows 32 Base API |6.1.7601.17514 |640512 |2010-11-20 16:18:04|C:\Windows\system32 | |75A40000|RPCRT4.dll |Remote Procedure Call Runtime |6.1.7601.17514 |653312 |2010-11-20 16:21:04|C:\Windows\system32 | |75AF0000|URLMON.DLL |OLE32 Extensions for Win32 |8.0.7601.18126 |1231872 |2013-04-10 09:08:00|C:\Windows\system32 | |75C30000|USP10.dll |Uniscribe Unicode script processor |1.626.7601.18009 |626688 |2012-11-22 08:45:04|C:\Windows\system32 | |75CD0000|SHLWAPI.dll |Shell Light-weight Utility Library |6.1.7601.17514 |350208 |2010-11-20 16:21:20|C:\Windows\system32 | |75D30000|WININET.dll |Internet Extensions for Win32 |8.0.7601.18126 |981504 |2013-04-10 09:08:14|C:\Windows\system32 | |75E30000|GDI32.dll |GDI Client DLL |6.1.7601.17514 |304640 |2010-11-20 16:19:06|C:\Windows\system32 | |75E80000|CLBCatQ.DLL |COM+ Configuration Catalog |2001.12.8530.16385|522240 |2009-07-14 05:15:04|C:\Windows\system32 | |75F10000|sechost.dll |Host for SCM/SDDL/LSA Lookup APIs |6.1.7600.16385 |92160 |2009-07-14 05:16:14|C:\Windows\SYSTEM32 | |75F30000|ole32.dll |Microsoft OLE for Windows |6.1.7601.17514 |1414144 |2010-11-20 16:20:50|C:\Windows\system32 | |76230000|LPK.dll |Language Pack |6.1.7600.16385 |26624 |2009-07-14 05:15:38|C:\Windows\system32 | |76240000|ws2_32.DLL |Windows Socket 2.0 32-Bit DLL |6.1.7601.17514 |206848 |2010-11-20 16:21:40|C:\Windows\system32 | |762E0000|WLDAP32.dll |Win32 LDAP API DLL |6.1.7601.17514 |269824 |2010-11-20 16:21:38|C:\Windows\system32 | |76330000|Normaliz.dll |Unicode Normalization DLL |6.1.7600.16385 |2048 |2009-07-14 05:09:02|C:\Windows\system32 | |76340000|oleaut32.dll | |6.1.7601.17676 |571904 |2011-08-27 08:26:28|C:\Windows\system32 | |763D0000|USER32.dll |Multi-User Windows USER API Client DLL |6.1.7601.17514 |811520 |2010-11-20 16:21:34|C:\Windows\system32 | |764A0000|shell32.dll |Windows Shell Common Dll |6.1.7601.18103 |12872704|2013-02-27 08:55:06|C:\Windows\system32 | |770F0000|msvcrt.dll |Windows NT CRT DLL |7.0.7601.17744 |690688 |2011-12-16 11:53:00|C:\Windows\system32 | |771A0000|kernel32.dll |Windows NT BASE API Client DLL |6.1.7601.18015 |868352 |2012-11-30 08:47:46|C:\Windows\system32 | |77280000|iertutil.dll |Run time utility for Internet Explorer |8.0.7601.18126 |2078208 |2013-04-10 09:03:00|C:\Windows\system32 | |77480000|ntdll.dll |NT Layer DLL |6.1.7601.17725 |1288472 |2011-11-17 09:38:40|C:\Windows\SYSTEM32 | |775C0000|imm32.dll |Multi-User Windows IMM32 API Client DLL |6.1.7601.17514 |118272 |2010-11-20 16:19:24|C:\Windows\system32 | |775E0000|PSAPI.DLL |Process Status Helper |6.1.7600.16385 |6144 |2009-07-14 05:16:14|C:\Windows\system32 | |775F0000|NSI.dll |NSI User-mode interface DLL |6.1.7600.16385 |8704 |2009-07-14 05:16:12|C:\Windows\system32 | |77600000|comdlg32.dll |Common Dialogs DLL |6.1.7601.17514 |485888 |2010-11-20 16:18:24|C:\Windows\system32 | |77680000|imagehlp.dll |Windows NT Image Helper |6.1.7601.17787 |159232 |2012-03-01 09:33:24|C:\Windows\system32 | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |ID |Name |Description |Version |Memory|Priority |Threads|Path | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |0 |[System Process] | | |0 | |4 | | |4 |System | | |0 |Normal |181 | | |116 |c2c_service.exe | | |0 |Normal |7 | | |120 |hasplms.exe |Sentinel HASP License Manager Service |12.50.1.16926 |0 |Normal |12 | | |356 |smss.exe |Windows Session Manager |6.1.7601.18113|0 |Above-Normal|2 | | |412 |HPDrvMntSvc.exe | | |0 |Normal |4 | | |440 |hpHotkeyMonitor.exe | | |0 |Normal |6 | | |480 |iked.exe | | |0 |Normal |7 | | |560 |csrss.exe |Client Server Runtime Process |6.1.7600.16385|0 |High |11 | | |564 |ipsecd.exe | | |0 |Normal |8 | | |612 |wininit.exe |Windows Start-Up Application |6.1.7600.16385|0 |High |3 | | |620 |csrss.exe |Client Server Runtime Process |6.1.7600.16385|0 |High |11 | | |668 |services.exe |Services and Controller app |6.1.7600.16385|0 |Normal |13 | | |692 |TOTALCMD.EXE |Total Commander 32 bit |7.5.7.1 |0 |Normal |12 |C:\ut\totalcmd | |700 |lsass.exe |Local Security Authority Process |6.1.7601.17725|0 |Normal |7 | | |708 |lsm.exe |Local Session Manager Service |6.1.7601.17514|0 |Normal |10 | | |788 |winlogon.exe |Windows Logon Application |6.1.7601.17514|0 |High |3 | | |820 |PNXSERVR.exe | | |0 |Normal |20 | | |880 |svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |12 | | |956 |svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |10 | | |1040|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |23 | | |1096|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |25 | | |1124|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |20 | | |1136|pdisrvc.exe | | |0 |Normal |3 | | |1156|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |46 | | |1220|audiodg.exe |Windows Audio Device Graph Isolation |6.1.7601.17514|0 |Normal |5 | | |1248|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |5 | | |1344|hpservice.exe |HpService |4.2.2.1 |0 |Normal |4 | | |1372|PMBDeviceInfoProvider.exe | | |0 |Normal |3 | | |1388|vcsFPService.exe |Validity Sensors Fingerprint Service |4.3.216.0 |0 |Normal |8 | | |1396|punto.exe |Punto Switcher |3.2.9.240 |0 |Normal |6 |C:\Program Files\Yandex\Punto Switcher | |1512|ngvpnmgr.exe |VPN Tunnel Manager |10.5.6.93 |0 |Normal |12 | | |1528|BTHSSecurityMgr.exe | | |0 |Normal |8 | | |1572|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |24 | | |1684|spoolsv.exe |Spooler SubSystem App |6.1.7601.17777|0 |Normal |18 | | |1716|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |18 | | |1808|pg_ctl.exe | | |0 |Normal |4 | | |1836|schedul2.exe | | |0 |Normal |8 | | |1880|afcdpsrv.exe | | |0 |Low |14 | | |1976|btwdins.exe |Bluetooth Support Server |6.3.0.8200 |0 |Normal |6 | | |2076|postgres.exe | | |0 |Normal |4 | | |2084|conhost.exe |Console Window Host |6.1.7601.18015|0 |Normal |2 | | |2124|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |6 | | |2296|QLBController.exe |QLBController |4.0.20.1 |0 |Normal |18 |C:\Program Files\Hewlett-Packard\HP HotKey Support| |2460|postgres.exe | | |0 |Normal |3 | | |2508|hpCaslNotification.exe |hpCaslNotification |4.1.13.1 |0 |Normal |7 |C:\Program Files\Hewlett-Packard\Shared | |2552|postgres.exe | | |0 |Normal |2 | | |2560|postgres.exe | | |0 |Normal |2 | | |2568|postgres.exe | | |0 |Normal |2 | | |2576|postgres.exe | | |0 |Normal |2 | | |2584|postgres.exe | | |0 |Normal |2 | | |2692|Dwm.exe |Desktop Window Manager |6.1.7600.16385|0 |High |5 |C:\Windows\system32 | |2740|TiE.exe | | |0 |Normal |2 |C:\Program Files\Type it Easy | |2772|TrueImageMonitor.exe |Acronis True Image Monitor |14.0.0.6942 |0 |Normal |24 |C:\Program Files\Acronis\TrueImageHome | |2792|PNXKERNL.exe | | |0 |Normal |6 | | |2800|taskhost.exe |Host Process for Windows Tasks |6.1.7601.18010|0 |Normal |9 |C:\Windows\system32 | |2980|Explorer.EXE |Windows Explorer |6.1.7601.17567|0 |Normal |35 |C:\Windows | |2996|hpqWmiEx.exe | | |0 |Normal |9 | | |3084|UnlockerAssistant.exe | | |0 |Normal |2 |C:\Program Files\Unlocker | |3096|HPPA_Service.exe | | |0 |Normal |20 | | |3140|TortoiseHgOverlayServer.exe|TortoiseHg Overlay Icon Server |1.1.10.0 |0 |Normal |4 |C:\Program Files\TortoiseHg | |3228|PMBVolumeWatcher.exe |Media Check Tool |6.3.0.4221 |0 |Normal |3 |C:\Program Files\Sony\PlayMemories Home | |3240|hkcmd.exe |hkcmd Module |8.15.10.2932 |0 |Normal |3 |C:\Windows\System32 | |3248|SynTPEnh.exe |Synaptics TouchPad Enhancements |16.3.9.0 |0 |Above-Normal|12 |C:\Program Files\Synaptics\SynTP | |3324|BTTray.exe |Bluetooth Tray Application |6.3.0.8200 |0 |Normal |11 |C:\Program Files\WIDCOMM\Bluetooth Software | |3328|SYNTPHELPER.EXE |Synaptics Pointing Device Helper |16.3.9.0 |0 |Above-Normal|2 |C:\PROGRAM FILES\SYNAPTICS\SYNTP | |3400|sidebar.exe |Windows Desktop Gadgets |6.1.7601.17514|0 |Normal |16 |C:\Program Files\Windows Sidebar | |3436|jusched.exe |Java(TM) Update Scheduler |2.1.9.4 |0 |Normal |6 |C:\Program Files\Common Files\Java\Java Update | |3528|DTLite.exe |DAEMON Tools Lite |4.45.4.314 |0 |Normal |6 |C:\Program Files\DAEMON Tools Lite | |3548|qip.exe |QIP 2012 |4.0.0.7221 |0 |Normal |79 |C:\Program Files\QIP 2012 | |3556|thunderbird.exe |Thunderbird |11.0.0.4469 |0 |Normal |28 |C:\Program Files\Mozilla Thunderbird | |3644|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |8 | | |3736|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |18 | | |3840|FSCapture.exe |FastStone Capture |6.5.0.0 |0 |Normal |2 |C:\Program Files\FastStone Capture | |4024|unsecapp.exe |Sink to receive asynchronous callbacks for WMI client application|6.1.7600.16385|0 |Normal |4 | | |4084|WmiPrvSE.exe |WMI Provider Host |6.1.7601.17514|0 |Normal |9 | | |4448|BTHSAmpPalService.exe | | |0 |Normal |8 | | |4756|wmpnetwk.exe | | |0 |Normal |11 | | |4804|firefox.exe |Firefox |23.0.1.4974 |0 |Normal |49 |C:\Program Files\Mozilla Firefox | |5644|BtStackServer.exe |Bluetooth Stack COM Server |6.3.0.8200 |0 |Normal |21 |C:\Program Files\WIDCOMM\Bluetooth Software | |5816|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |13 | | |6624|pidgin.exe |Pidgin |2.10.7.0 |0 |Normal |9 |C:\Program Files\Pidgin | |7724|Vitrite.exe | | |0 |Normal |2 |C:\ut\Vitrite | |8004|SASPlanet.exe | |13.9.21.7503 |0 |Normal |18 |C:\ut\SASPlanet.Nightly | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Assembler Information: ------------------------------------------------------------------ 08A5F091 imul ebp, [edi+$6E], $0000002E ; ''... 08A5F098 mov ecx, [$8A81514] 08A5F09E mov dl, $01 08A5F0A0 mov eax, dword ptr [EMemoryOverrun] 08A5F0A5 call -$0005FAC2 08A5F0AA call -$0006A747 ; <-- EXCEPTION 08A5F0AF ret Registers: ----------------------------- EAX: 0D4DB140 EDI: 00000003 EBX: 0D4DB560 ESI: 00000038 ECX: 0000002B ESP: 0012F1E4 EDX: 08A5F0AF EIP: 08A5F0AA Stack: Memory Dump: ------------------ --------------------------------------------------------------------------- 0012F1E4: 089F861E 0AF12740: E8 B9 58 F9 FF C3 8B 0D 10 15 A8 08 B2 01 A1 DC ..X............. 0012F1E8: 0012F204 0AF12750: 66 A3 08 E8 26 05 FA FF E8 A1 58 F9 FF C3 68 78 f...&.....X...hx 0012F1EC: 089F8727 0AF12760: CD A8 08 E8 C2 84 F9 FF C3 90 55 8B EC 6A 00 33 ..........U..j.3 0012F1F0: 00000000 0AF12770: C0 55 68 5B F1 A5 08 64 FF 30 64 89 20 A1 A0 47 .Uh[...d.0d. ..G 0012F1F4: 0D4DB560 0AF12780: A8 08 C7 00 D8 E7 A5 08 A1 7C 47 A8 08 C7 00 58 .........|G....X 0012F1F8: 01E3A740 0AF12790: EA A5 08 A1 D8 47 A8 08 C7 00 DC EB A5 08 A1 C0 .....G.......... 0012F1FC: 0D4DB560 0AF127A0: 47 A8 08 C7 00 98 F0 A5 08 A1 B0 48 A8 08 C7 00 G..........H.... 0012F200: 0D4DB430 0AF127B0: B0 F0 A5 08 8D 45 FC E8 66 10 FE FF 8B 45 FC E8 .....E..f....E.. 0012F204: 0012F240 0AF127C0: FA 63 F9 FF 8B D0 B8 78 CD A8 08 E8 C6 CC F9 FF .c.....x........ 0012F208: 089F2F03 0AF127D0: A1 6C 49 A8 08 C7 00 C8 F0 A5 08 33 C0 5A 59 59 .lI........3.ZYY 0012F20C: 0012F220 0AF127E0: 64 89 10 68 62 F1 A5 08 8D 45 FC E8 22 5F F9 FF d..hb....E.."_.. 0012F210: 089F658B 0AF127F0: C3 E9 64 56 F9 FF EB F0 59 5D C3 8D 40 00 55 8B ..dV....Y]..@.U. 0012F214: 05B5DB20 0AF12800: EC 33 C9 51 51 51 51 51 53 56 8B 75 08 33 C0 55 .3.QQQQQSV.u.3.U 0012F218: 0012F42C 0AF12810: 68 92 F2 A5 08 64 FF 30 64 89 20 E8 56 E5 FF FF h....d.0d. .V... 0012F21C: 08A6EC28 0AF12820: 84 C0 0F 84 DC 00 00 00 E8 25 E2 FF FF 84 C0 0F .........%...... 0012F220: 0D4DB560 0AF12830: 84 CF 00 00 00 C6 05 8C CA A8 08 01 33 DB E8 03 ............3... EurekaLog 6.1.05 RC 3 Application: ------------------------------------------------------- 1.1 Start Date : Sat, 21 Sep 2013 10:43:07 +0400 1.2 Name/Description: SASPlanet.exe 1.3 Version Number : 13.9.21.7503 1.4 Parameters : 1.5 Compilation Date: Wed, 28 Aug 2013 23:31:38 +0400 1.6 Up Time : 3 minutes, 38 seconds Exception: ----------------------------------------------------- 2.1 Date : Sat, 21 Sep 2013 10:46:46 +0400 2.2 Address : 08A76125 2.3 Module Name : libge.dll 2.4 Module Version: 1.0.0.0 2.5 Type : ESafecallException 2.6 Message : Exception in safecall method. 2.7 ID : EF1D 2.8 Count : 1 2.9 Status : New 2.10 Note : User: ------------------------------------------------------- 3.1 ID : aantuch 3.2 Name : aantuch 3.3 Email : 3.4 Company : 3.5 Privileges: SeIncreaseQuotaPrivilege - OFF SeSecurityPrivilege - OFF SeTakeOwnershipPrivilege - OFF SeLoadDriverPrivilege - OFF SeSystemProfilePrivilege - OFF SeSystemtimePrivilege - OFF SeProfileSingleProcessPrivilege - OFF SeIncreaseBasePriorityPrivilege - OFF SeCreatePagefilePrivilege - OFF SeBackupPrivilege - OFF SeRestorePrivilege - OFF SeShutdownPrivilege - OFF SeDebugPrivilege - OFF SeSystemEnvironmentPrivilege - OFF SeChangeNotifyPrivilege - ON SeRemoteShutdownPrivilege - OFF SeUndockPrivilege - OFF SeManageVolumePrivilege - OFF SeImpersonatePrivilege - ON SeCreateGlobalPrivilege - ON SeIncreaseWorkingSetPrivilege - OFF SeTimeZonePrivilege - OFF SeCreateSymbolicLinkPrivilege - OFF Active Controls: --------------------------------------------------- 4.1 Form Class : TfrmMain 4.2 Form Text : SAS.Planet 130921.7503 Nightly 4.3 Control Class: TImage32 4.4 Control Text : Computer: ----------------------------------------------------------------------------------- 5.1 Name : TOLIK-HP6560B 5.2 Total Memory : 3014 Mb 5.3 Free Memory : 1438 Mb 5.4 Total Disk : 58.59 Gb 5.5 Free Disk : 2.16 Gb 5.6 System Up Time: 6 days, 13 hours, 38 minutes, 55 seconds 5.7 Processor : Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz 5.8 Display Mode : 1600 x 900, 32 bit 5.9 Display DPI : 120 5.10 Video Card : Intel(R) HD Graphics 3000 (driver 9.17.10.2932 - RAM 1283 MB) 5.11 Printer : HP LaserJet 6L (driver 6.1.7601.17514) Operating System: ----------------------------------- 6.1 Type : Microsoft Windows 7 6.2 Build # : 7601 6.3 Update : Service Pack 1 6.4 Language: Russian 6.5 Charset : 204 Network: --------------------------------------------------------------------------------------- 7.1 IP Address: 192.168.001.159 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.2 Submask : 255.255.255.000 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.3 Gateway : 192.168.001.001 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.4 DNS 1 : 192.168.001.001 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.5 DNS 2 : 000.000.000.000 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.6 DHCP : ON - ON - ON - ON Call Stack Information: -------------------------------------------------------------------------------------------------------------------- |Address |Module |Unit |Class |Procedure/Method |Line | -------------------------------------------------------------------------------------------------------------------- |Running Thread: ID=3536; Priority=1; Class=; [Main] | |------------------------------------------------------------------------------------------------------------------| |08A76125|libge.dll |u_GoogleEarthCacheProvider.pas|TGoogleEarthCacheProvider|GetListOfTileVersions |301[21]| |774D3499|ntdll.dll | | |RtlMultiByteToUnicodeN | | |774D2C73|ntdll.dll | | |RtlFreeHeap | | |774D2BFA|ntdll.dll | | |RtlFreeHeap | | |774D5677|ntdll.dll | | |RtlDeleteBoundaryDescriptor| | |763ECDAB|USER32.dll | | |OffsetRect | | |774C76E0|ntdll.dll | | |RtlLeaveCriticalSection | | |763DBB6B|USER32.dll | | |DefWindowProcA | | |76402BE9|USER32.dll | | |CallWindowProcA | | |76402BD3|USER32.dll | | |CallWindowProcA | | |763DAC19|USER32.dll | | |CallNextHookEx | | |76402B84|USER32.dll | | |GetPropA | | |76402B61|USER32.dll | | |GetPropA | | |763E2E3C|USER32.dll | | |DispatchMessageA | | |763E2E32|USER32.dll | | |DispatchMessageA | | |771EED6A|kernel32.dll| | |GetDriveTypeW | | -------------------------------------------------------------------------------------------------------------------- Modules Information: ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00200000|zlib1.dll |zlib data compression library |1.2.7.0 |66048 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |00310000|UnlockerHook.dll| | |4608 |2010-07-05 01:32:36|C:\Program Files\Unlocker | |00360000|btmmhook.dll |Multimedia Keys Hook DLL |6.3.0.8200 |226592 |2011-03-25 16:26:00|C:\Program Files\WIDCOMM\Bluetooth Software | |00400000|SASPlanet.exe | |13.9.21.7503 |4953088 |2013-09-21 04:02:48|C:\ut\SASPlanet.Nightly | |02120000|f1ct.dll | | |127488 |2012-11-03 19:25:20|C:\ut\SASPlanet.Nightly | |06E60000|TimeZone.dll |Used tzdata.2012j (2012-11-13) and tz_world_mp (2012-10-08)|1.0.1.1 |17019904|2012-11-24 16:53:04|C:\ut\SASPlanet.Nightly | |089F0000|libge.dll | |1.0.0.0 |720896 |2013-08-28 22:31:36|C:\ut\SASPlanet.Nightly | |09130000|libdb51.dll |Berkeley DB 5.1 DLL |5.0.1.29 |1088000 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |10000000|FreeImage.dll |FreeImage library |3.15.3.0 |322560 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |60F50000|leveldb.dll |LevelDB 1.12.0 for win32 |1.12.0.0 |221184 |2013-07-22 18:01:24|C:\ut\SASPlanet.Nightly | |60F90000|jpeg62.dll | | |244736 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |611F0000|libpng15.dll |PNG image compression library |1.5.12.0 |135680 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |66BB0000|pshook.dll |Punto Switcher hook module |3.2.9.240 |25424 |2013-07-09 13:32:34|C:\Program Files\Yandex\Punto Switcher | |675C0000|MSVCP90.dll |Microsoft® C++ Runtime Library |9.0.30729.5570 |569680 |2012-06-03 21:38:10|C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a | |69100000|ieframe.dll |Internet Browser |8.0.7601.18126 |11020800|2013-04-10 09:02:58|C:\Windows\System32 | |6A000000|mshtml.dll |Microsoft (R) HTML Viewer |8.0.7601.18129 |6033408 |2013-05-06 17:04:22|C:\Windows\System32 | |6AD50000|mlang.dll |Multi Language Support DLL |6.1.7600.16385 |177664 |2009-07-14 05:15:42|C:\Windows\system32 | |6ADB0000|olepro32.dll | |6.1.7601.17514 |90112 |2010-11-20 16:20:50|C:\Windows\system32 | |6C3E0000|sensapi.dll |SENS Connectivity API DLL |6.1.7600.16385 |10752 |2009-07-14 05:16:14|C:\Windows\system32 | |6C700000|MSVCR90.dll |Microsoft® C Runtime Library |9.0.30729.5570 |653136 |2012-06-03 21:38:10|C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a | |6D190000|msls31.dll |Microsoft Line Services library file |3.10.349.0 |157184 |2009-07-14 05:15:46|C:\Windows\System32 | |708D0000|rasadhlp.dll |Remote Access AutoDial Helper |6.1.7600.16385 |11776 |2009-07-14 05:16:14|C:\Windows\system32 | |70E50000|winmm.dll |MCI API DLL |6.1.7601.17514 |194048 |2010-11-20 16:21:38|C:\Windows\system32 | |71A50000|dhcpcsvc6.DLL |DHCPv6 Client |6.1.7601.17970 |44032 |2012-10-09 21:40:32|C:\Windows\system32 | |71A60000|dhcpcsvc.DLL |DHCP Client Service |6.1.7600.16385 |61952 |2009-07-14 05:15:12|C:\Windows\system32 | |71A90000|fwpuclnt.dll |FWP/IPsec User-Mode API |6.1.7601.17514 |216576 |2010-11-20 16:19:04|C:\Windows\System32 | |71B30000|CityHash.dll | | |14336 |2013-08-12 04:01:10|C:\ut\SASPlanet.Nightly | |71F50000|WINNSI.DLL |Network Store Information RPC interface |6.1.7600.16385 |16896 |2009-07-14 05:16:20|C:\Windows\system32 | |71F60000|iphlpapi.DLL |IP Helper API |6.1.7601.17514 |103936 |2010-11-20 16:19:24|C:\Windows\system32 | |732F0000|msimg32.dll |GDIEXT Client DLL |6.1.7600.16385 |4608 |2009-07-14 05:15:46|C:\Windows\system32 | |73390000|OLEACC.dll |Active Accessibility Core Component |7.0.0.0 |233472 |2011-08-27 08:26:28|C:\Windows\System32 | |733D0000|wsock32.dll |Windows Socket 32-Bit DLL |6.1.7600.16385 |15360 |2009-07-14 05:16:22|C:\Windows\system32 | |73490000|rtutils.dll |Routing Utilities |6.1.7601.17514 |37376 |2010-11-20 16:21:04|C:\Windows\system32 | |734A0000|rasman.dll |Remote Access Connection Manager |6.1.7600.16385 |76800 |2009-07-14 05:16:14|C:\Windows\system32 | |734C0000|RASAPI32.dll |Remote Access API |6.1.7600.16385 |325120 |2009-07-14 05:16:14|C:\Windows\system32 | |73B50000|NLAapi.dll |Network Location Awareness 2 |6.1.7601.17964 |52224 |2012-10-03 20:42:28|C:\Windows\system32 | |73D10000|ntmarta.dll |Windows NT MARTA provider |6.1.7600.16385 |121856 |2009-07-14 05:16:12|C:\Windows\system32 | |73F50000|uxtheme.dll |Microsoft UxTheme Library |6.1.7600.16385 |249856 |2009-07-14 05:16:18|C:\Windows\system32 | |74520000|wshtcpip.dll |Winsock2 Helper DLL (TL/IPv4) |6.1.7600.16385 |9216 |2009-07-14 05:16:22|C:\Windows\System32 | |74610000|version.dll |Version Checking and File Installation Libraries |6.1.7600.16385 |21504 |2009-07-14 05:16:18|C:\Windows\system32 | |74650000|winspool.drv |Windows Spooler Driver |6.1.7601.17514 |320000 |2010-11-20 16:16:52|C:\Windows\system32 | |74C70000|dnsapi.DLL |DNS Client API DLL |6.1.7601.17570 |270336 |2011-03-03 09:38:02|C:\Windows\system32 | |74DA0000|mswsock.dll |Microsoft Windows Sockets 2.0 Service Provider |6.1.7601.17514 |232448 |2010-11-20 16:19:58|C:\Windows\system32 | |74E80000|wship6.dll |Winsock2 Helper DLL (TL/IPv6) |6.1.7600.16385 |10752 |2009-07-14 05:16:22|C:\Windows\System32 | |74F80000|dwmapi.dll |Microsoft Desktop Window Manager API |6.1.7600.16385 |67072 |2009-07-14 05:15:14|C:\Windows\system32 | |75090000|comctl32.dll |User Experience Controls Library |6.10.7601.17514 |1680896 |2010-11-20 15:55:10|C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2| |754E0000|SspiCli.dll |Security Support Provider Interface |6.1.7601.17725 |100352 |2011-11-17 09:34:56|C:\Windows\system32 | |75500000|apphelp.dll |Application Compatibility Client Library |6.1.7601.17514 |295936 |2010-11-20 16:18:04|C:\Windows\system32 | |75550000|CRYPTBASE.dll |Base cryptographic API DLL |6.1.7600.16385 |36864 |2009-07-14 05:15:08|C:\Windows\system32 | |75560000|SXS.DLL |Fusion 2.5 |6.1.7601.17514 |380416 |2010-11-20 16:21:28|C:\Windows\system32 | |755D0000|profapi.dll |User Profile Basic API |6.1.7600.16385 |31744 |2009-07-14 05:16:14|C:\Windows\system32 | |75640000|MSASN1.dll |ASN.1 Runtime APIs |6.1.7601.17514 |34304 |2010-11-20 16:19:46|C:\Windows\system32 | |75730000|KERNELBASE.dll |Windows NT BASE API Client DLL |6.1.7601.18015 |293376 |2012-11-30 08:47:46|C:\Windows\system32 | |75780000|CRYPT32.dll |Crypto API32 |6.1.7601.17856 |1159680 |2012-06-02 08:36:30|C:\Windows\system32 | |758D0000|MSCTF.dll |MSCTF Server DLL |6.1.7600.16385 |828928 |2009-07-14 05:15:44|C:\Windows\system32 | |759A0000|advapi32.dll |Advanced Windows 32 Base API |6.1.7601.17514 |640512 |2010-11-20 16:18:04|C:\Windows\system32 | |75A40000|RPCRT4.dll |Remote Procedure Call Runtime |6.1.7601.17514 |653312 |2010-11-20 16:21:04|C:\Windows\system32 | |75AF0000|URLMON.DLL |OLE32 Extensions for Win32 |8.0.7601.18126 |1231872 |2013-04-10 09:08:00|C:\Windows\system32 | |75C30000|USP10.dll |Uniscribe Unicode script processor |1.626.7601.18009 |626688 |2012-11-22 08:45:04|C:\Windows\system32 | |75CD0000|SHLWAPI.dll |Shell Light-weight Utility Library |6.1.7601.17514 |350208 |2010-11-20 16:21:20|C:\Windows\system32 | |75D30000|WININET.dll |Internet Extensions for Win32 |8.0.7601.18126 |981504 |2013-04-10 09:08:14|C:\Windows\system32 | |75E30000|GDI32.dll |GDI Client DLL |6.1.7601.17514 |304640 |2010-11-20 16:19:06|C:\Windows\system32 | |75E80000|CLBCatQ.DLL |COM+ Configuration Catalog |2001.12.8530.16385|522240 |2009-07-14 05:15:04|C:\Windows\system32 | |75F10000|sechost.dll |Host for SCM/SDDL/LSA Lookup APIs |6.1.7600.16385 |92160 |2009-07-14 05:16:14|C:\Windows\SYSTEM32 | |75F30000|ole32.dll |Microsoft OLE for Windows |6.1.7601.17514 |1414144 |2010-11-20 16:20:50|C:\Windows\system32 | |76230000|LPK.dll |Language Pack |6.1.7600.16385 |26624 |2009-07-14 05:15:38|C:\Windows\system32 | |76240000|ws2_32.DLL |Windows Socket 2.0 32-Bit DLL |6.1.7601.17514 |206848 |2010-11-20 16:21:40|C:\Windows\system32 | |762E0000|WLDAP32.dll |Win32 LDAP API DLL |6.1.7601.17514 |269824 |2010-11-20 16:21:38|C:\Windows\system32 | |76330000|Normaliz.dll |Unicode Normalization DLL |6.1.7600.16385 |2048 |2009-07-14 05:09:02|C:\Windows\system32 | |76340000|oleaut32.dll | |6.1.7601.17676 |571904 |2011-08-27 08:26:28|C:\Windows\system32 | |763D0000|USER32.dll |Multi-User Windows USER API Client DLL |6.1.7601.17514 |811520 |2010-11-20 16:21:34|C:\Windows\system32 | |764A0000|shell32.dll |Windows Shell Common Dll |6.1.7601.18103 |12872704|2013-02-27 08:55:06|C:\Windows\system32 | |770F0000|msvcrt.dll |Windows NT CRT DLL |7.0.7601.17744 |690688 |2011-12-16 11:53:00|C:\Windows\system32 | |771A0000|kernel32.dll |Windows NT BASE API Client DLL |6.1.7601.18015 |868352 |2012-11-30 08:47:46|C:\Windows\system32 | |77280000|iertutil.dll |Run time utility for Internet Explorer |8.0.7601.18126 |2078208 |2013-04-10 09:03:00|C:\Windows\system32 | |77480000|ntdll.dll |NT Layer DLL |6.1.7601.17725 |1288472 |2011-11-17 09:38:40|C:\Windows\SYSTEM32 | |775C0000|imm32.dll |Multi-User Windows IMM32 API Client DLL |6.1.7601.17514 |118272 |2010-11-20 16:19:24|C:\Windows\system32 | |775E0000|PSAPI.DLL |Process Status Helper |6.1.7600.16385 |6144 |2009-07-14 05:16:14|C:\Windows\system32 | |775F0000|NSI.dll |NSI User-mode interface DLL |6.1.7600.16385 |8704 |2009-07-14 05:16:12|C:\Windows\system32 | |77600000|comdlg32.dll |Common Dialogs DLL |6.1.7601.17514 |485888 |2010-11-20 16:18:24|C:\Windows\system32 | |77680000|imagehlp.dll |Windows NT Image Helper |6.1.7601.17787 |159232 |2012-03-01 09:33:24|C:\Windows\system32 | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |ID |Name |Description |Version |Memory|Priority |Threads|Path | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |0 |[System Process] | | |0 | |4 | | |4 |System | | |0 |Normal |181 | | |116 |c2c_service.exe | | |0 |Normal |7 | | |120 |hasplms.exe |Sentinel HASP License Manager Service |12.50.1.16926 |0 |Normal |12 | | |356 |smss.exe |Windows Session Manager |6.1.7601.18113|0 |Above-Normal|2 | | |412 |HPDrvMntSvc.exe | | |0 |Normal |4 | | |440 |hpHotkeyMonitor.exe | | |0 |Normal |6 | | |480 |iked.exe | | |0 |Normal |7 | | |560 |csrss.exe |Client Server Runtime Process |6.1.7600.16385|0 |High |11 | | |564 |ipsecd.exe | | |0 |Normal |8 | | |612 |wininit.exe |Windows Start-Up Application |6.1.7600.16385|0 |High |3 | | |620 |csrss.exe |Client Server Runtime Process |6.1.7600.16385|0 |High |11 | | |668 |services.exe |Services and Controller app |6.1.7600.16385|0 |Normal |13 | | |692 |TOTALCMD.EXE |Total Commander 32 bit |7.5.7.1 |0 |Normal |12 |C:\ut\totalcmd | |700 |lsass.exe |Local Security Authority Process |6.1.7601.17725|0 |Normal |7 | | |708 |lsm.exe |Local Session Manager Service |6.1.7601.17514|0 |Normal |10 | | |788 |winlogon.exe |Windows Logon Application |6.1.7601.17514|0 |High |3 | | |820 |PNXSERVR.exe | | |0 |Normal |20 | | |880 |svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |12 | | |956 |svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |10 | | |1040|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |23 | | |1096|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |25 | | |1124|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |20 | | |1136|pdisrvc.exe | | |0 |Normal |3 | | |1156|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |46 | | |1220|audiodg.exe |Windows Audio Device Graph Isolation |6.1.7601.17514|0 |Normal |5 | | |1248|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |5 | | |1344|hpservice.exe |HpService |4.2.2.1 |0 |Normal |4 | | |1372|PMBDeviceInfoProvider.exe | | |0 |Normal |3 | | |1388|vcsFPService.exe |Validity Sensors Fingerprint Service |4.3.216.0 |0 |Normal |8 | | |1396|punto.exe |Punto Switcher |3.2.9.240 |0 |Normal |6 |C:\Program Files\Yandex\Punto Switcher | |1512|ngvpnmgr.exe |VPN Tunnel Manager |10.5.6.93 |0 |Normal |12 | | |1528|BTHSSecurityMgr.exe | | |0 |Normal |8 | | |1572|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |24 | | |1684|spoolsv.exe |Spooler SubSystem App |6.1.7601.17777|0 |Normal |18 | | |1716|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |18 | | |1808|pg_ctl.exe | | |0 |Normal |4 | | |1836|schedul2.exe | | |0 |Normal |8 | | |1880|afcdpsrv.exe | | |0 |Low |14 | | |1976|btwdins.exe |Bluetooth Support Server |6.3.0.8200 |0 |Normal |6 | | |2076|postgres.exe | | |0 |Normal |4 | | |2084|conhost.exe |Console Window Host |6.1.7601.18015|0 |Normal |2 | | |2124|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |6 | | |2296|QLBController.exe |QLBController |4.0.20.1 |0 |Normal |18 |C:\Program Files\Hewlett-Packard\HP HotKey Support| |2460|postgres.exe | | |0 |Normal |3 | | |2508|hpCaslNotification.exe |hpCaslNotification |4.1.13.1 |0 |Normal |7 |C:\Program Files\Hewlett-Packard\Shared | |2552|postgres.exe | | |0 |Normal |2 | | |2560|postgres.exe | | |0 |Normal |2 | | |2568|postgres.exe | | |0 |Normal |2 | | |2576|postgres.exe | | |0 |Normal |2 | | |2584|postgres.exe | | |0 |Normal |2 | | |2692|Dwm.exe |Desktop Window Manager |6.1.7600.16385|0 |High |5 |C:\Windows\system32 | |2740|TiE.exe | | |0 |Normal |2 |C:\Program Files\Type it Easy | |2772|TrueImageMonitor.exe |Acronis True Image Monitor |14.0.0.6942 |0 |Normal |24 |C:\Program Files\Acronis\TrueImageHome | |2792|PNXKERNL.exe | | |0 |Normal |6 | | |2800|taskhost.exe |Host Process for Windows Tasks |6.1.7601.18010|0 |Normal |10 |C:\Windows\system32 | |2980|Explorer.EXE |Windows Explorer |6.1.7601.17567|0 |Normal |35 |C:\Windows | |2996|hpqWmiEx.exe | | |0 |Normal |9 | | |3084|UnlockerAssistant.exe | | |0 |Normal |2 |C:\Program Files\Unlocker | |3096|HPPA_Service.exe | | |0 |Normal |20 | | |3140|TortoiseHgOverlayServer.exe|TortoiseHg Overlay Icon Server |1.1.10.0 |0 |Normal |4 |C:\Program Files\TortoiseHg | |3228|PMBVolumeWatcher.exe |Media Check Tool |6.3.0.4221 |0 |Normal |3 |C:\Program Files\Sony\PlayMemories Home | |3240|hkcmd.exe |hkcmd Module |8.15.10.2932 |0 |Normal |3 |C:\Windows\System32 | |3248|SynTPEnh.exe |Synaptics TouchPad Enhancements |16.3.9.0 |0 |Above-Normal|12 |C:\Program Files\Synaptics\SynTP | |3324|BTTray.exe |Bluetooth Tray Application |6.3.0.8200 |0 |Normal |11 |C:\Program Files\WIDCOMM\Bluetooth Software | |3328|SYNTPHELPER.EXE |Synaptics Pointing Device Helper |16.3.9.0 |0 |Above-Normal|2 |C:\PROGRAM FILES\SYNAPTICS\SYNTP | |3400|sidebar.exe |Windows Desktop Gadgets |6.1.7601.17514|0 |Normal |16 |C:\Program Files\Windows Sidebar | |3436|jusched.exe |Java(TM) Update Scheduler |2.1.9.4 |0 |Normal |6 |C:\Program Files\Common Files\Java\Java Update | |3528|DTLite.exe |DAEMON Tools Lite |4.45.4.314 |0 |Normal |6 |C:\Program Files\DAEMON Tools Lite | |3548|qip.exe |QIP 2012 |4.0.0.7221 |0 |Normal |79 |C:\Program Files\QIP 2012 | |3556|thunderbird.exe |Thunderbird |11.0.0.4469 |0 |Normal |28 |C:\Program Files\Mozilla Thunderbird | |3644|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |8 | | |3736|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |18 | | |3840|FSCapture.exe |FastStone Capture |6.5.0.0 |0 |Normal |2 |C:\Program Files\FastStone Capture | |4024|unsecapp.exe |Sink to receive asynchronous callbacks for WMI client application|6.1.7600.16385|0 |Normal |4 | | |4084|WmiPrvSE.exe |WMI Provider Host |6.1.7601.17514|0 |Normal |8 | | |4448|BTHSAmpPalService.exe | | |0 |Normal |8 | | |4756|wmpnetwk.exe | | |0 |Normal |11 | | |4804|firefox.exe |Firefox |23.0.1.4974 |0 |Normal |49 |C:\Program Files\Mozilla Firefox | |5644|BtStackServer.exe |Bluetooth Stack COM Server |6.3.0.8200 |0 |Normal |21 |C:\Program Files\WIDCOMM\Bluetooth Software | |5816|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |13 | | |6624|pidgin.exe |Pidgin |2.10.7.0 |0 |Normal |9 |C:\Program Files\Pidgin | |7724|Vitrite.exe | | |0 |Normal |2 |C:\ut\Vitrite | |8004|SASPlanet.exe | |13.9.21.7503 |0 |Normal |19 |C:\ut\SASPlanet.Nightly | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Assembler Information: ------------------------------------------------------------------------------------------------------------------------ ; u_GoogleEarthCacheProvider.TGoogleEarthCacheProvider.GetListOfTileVersions (Line=301 - Offset=21) ; ------------------------------------------------------------------------------------------------- 08A7610E push dword ptr [ebp-$18] 08A76111 mov ax, word ptr [ebp-$0A] 08A76115 push eax 08A76116 mov eax, [ebp-$1C] 08A76119 push eax 08A7611A mov eax, [ebp+$20] 08A7611D mov eax, [eax] 08A7611F push eax 08A76120 mov eax, [eax] 08A76122 call dword ptr [eax+$0C] 08A76125 call -$0007F2D2 ; <-- EXCEPTION ; ; Line=303 - Offset=23 ; -------------------- 08A7612A inc dword ptr [ebp-$08] ; ; Line=299 - Offset=19 ; -------------------- 08A7612D dec dword ptr [ebp-$24] 08A76130 jnz u_GoogleEarthCacheProvider.TGoogleEarthCacheProvider.GetListOfTileVersions (Line=300) ; ; Line=307 - Offset=27 ; -------------------- 08A76132 inc dword ptr [ebp-$04] ; ; Line=292 - Offset=12 ; -------------------- 08A76135 cmp dword ptr [ebp-$04], +$04 08A76139 jnz u_GoogleEarthCacheProvider.TGoogleEarthCacheProvider.GetListOfTileVersions (Line=293) ; ; Line=308 - Offset=28 ; -------------------- 08A7613F xor eax, eax 08A76141 pop edx 08A76142 pop ecx 08A76143 pop ecx Registers: ----------------------------- EAX: 0ADAAFE0 EDI: 05B5DB20 EBX: 08A7612A ESI: 08A7612A ECX: 0000002B ESP: 0012F284 EDX: 08A7612A EIP: 08A76125 Stack: Memory Dump: ------------------ --------------------------------------------------------------------------- 0012F284: 00000018 0ADD3F10: E8 2E 0D F8 FF FF 45 F8 FF 4D DC 75 AD FF 45 FC ......E..M.u..E. 0012F288: 089F3064 0ADD3F20: 83 7D FC 04 0F 85 36 FF FF FF 33 C0 5A 59 59 64 .}....6...3.ZYYd 0012F28C: 0012F42C 0ADD3F30: 89 10 58 33 DB EB 05 E9 53 E7 F7 FF 8D 45 E0 E8 ..X3....S....E.. 0012F290: 08A6EC28 0ADD3F40: EF 0B F8 FF 8B C3 5F 5E 5B 8B E5 5D C2 1C 00 68 ......_^[..]...h 0012F294: 08A7612A 0ADD3F50: 61 A7 08 11 02 2E 32 01 00 00 00 00 00 00 00 FF a.....2......... 0012F298: 0012F328 0ADD3F60: FF FF FF 88 C7 A6 08 1B 75 5F 47 6F 6F 67 6C 65 ........u_Google 0012F29C: 08A7614C 0ADD3F70: 45 61 72 74 68 43 61 63 68 65 42 79 44 61 74 46 EarthCacheByDatF 0012F2A0: 0012F304 0ADD3F80: 69 6C 65 E4 61 A7 08 00 00 00 00 00 00 00 00 00 ile.a........... 0012F2A4: 0C5C46C0 0ADD3F90: 62 A7 08 00 00 00 00 00 00 00 00 00 00 00 00 00 b............... 0012F2A8: 05B5DB20 0ADD3FA0: 00 00 00 12 62 A7 08 4C 00 00 00 80 EC A6 08 18 ....b..L........ 0012F2AC: 0012F42C 0ADD3FB0: 43 9F 08 C8 6D 9F 08 D4 6D 9F 08 2C 43 9F 08 20 C...m...m..,C.. 0012F2B0: 00000001 0ADD3FC0: 43 9F 08 E4 6D 9F 08 9C 40 9F 08 7C 62 A7 08 B8 C...m...@..|b... 0012F2B4: 11232E01 0ADD3FD0: 62 A7 08 A0 69 A7 08 98 6D A7 08 84 71 A7 08 A4 b...i...m...q... 0012F2B8: 00000001 0ADD3FE0: 72 A7 08 B4 73 A7 08 A4 74 A7 08 0E 00 00 00 00 r...s...t....... 0012F2BC: 000026A4 0ADD3FF0: 00 01 00 00 00 64 61 A7 08 48 00 00 00 1A 54 47 .....da..H....TG 0012F2C0: 00001613 0ADD4000: 6F 6F 67 6C 65 45 61 72 74 68 43 61 63 68 65 42 oogleEarthCacheB EurekaLog 6.1.05 RC 3 Application: ------------------------------------------------------- 1.1 Start Date : Sat, 21 Sep 2013 10:43:07 +0400 1.2 Name/Description: SASPlanet.exe 1.3 Version Number : 13.9.21.7503 1.4 Parameters : 1.5 Compilation Date: Wed, 28 Aug 2013 23:31:38 +0400 1.6 Up Time : 3 minutes, 40 seconds Exception: ----------------------------------------------------- 2.1 Date : Sat, 21 Sep 2013 10:46:47 +0400 2.2 Address : 08A5F0C2 2.3 Module Name : libge.dll 2.4 Module Version: 1.0.0.0 2.5 Type : EMultiFree 2.6 Message : Multi Free memory leak. 2.7 ID : 9DF2 2.8 Count : 1 2.9 Status : New 2.10 Note : User: ------------------------------------------------------- 3.1 ID : aantuch 3.2 Name : aantuch 3.3 Email : 3.4 Company : 3.5 Privileges: SeIncreaseQuotaPrivilege - OFF SeSecurityPrivilege - OFF SeTakeOwnershipPrivilege - OFF SeLoadDriverPrivilege - OFF SeSystemProfilePrivilege - OFF SeSystemtimePrivilege - OFF SeProfileSingleProcessPrivilege - OFF SeIncreaseBasePriorityPrivilege - OFF SeCreatePagefilePrivilege - OFF SeBackupPrivilege - OFF SeRestorePrivilege - OFF SeShutdownPrivilege - OFF SeDebugPrivilege - OFF SeSystemEnvironmentPrivilege - OFF SeChangeNotifyPrivilege - ON SeRemoteShutdownPrivilege - OFF SeUndockPrivilege - OFF SeManageVolumePrivilege - OFF SeImpersonatePrivilege - ON SeCreateGlobalPrivilege - ON SeIncreaseWorkingSetPrivilege - OFF SeTimeZonePrivilege - OFF SeCreateSymbolicLinkPrivilege - OFF Active Controls: --------------------------------------------------- 4.1 Form Class : TfrmMain 4.2 Form Text : SAS.Planet 130921.7503 Nightly 4.3 Control Class: TImage32 4.4 Control Text : Computer: ----------------------------------------------------------------------------------- 5.1 Name : TOLIK-HP6560B 5.2 Total Memory : 3014 Mb 5.3 Free Memory : 1437 Mb 5.4 Total Disk : 58.59 Gb 5.5 Free Disk : 2.16 Gb 5.6 System Up Time: 6 days, 13 hours, 38 minutes, 57 seconds 5.7 Processor : Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz 5.8 Display Mode : 1600 x 900, 32 bit 5.9 Display DPI : 120 5.10 Video Card : Intel(R) HD Graphics 3000 (driver 9.17.10.2932 - RAM 1283 MB) 5.11 Printer : HP LaserJet 6L (driver 6.1.7601.17514) Operating System: ----------------------------------- 6.1 Type : Microsoft Windows 7 6.2 Build # : 7601 6.3 Update : Service Pack 1 6.4 Language: Russian 6.5 Charset : 204 Network: --------------------------------------------------------------------------------------- 7.1 IP Address: 192.168.001.159 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.2 Submask : 255.255.255.000 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.3 Gateway : 192.168.001.001 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.4 DNS 1 : 192.168.001.001 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.5 DNS 2 : 000.000.000.000 - 000.000.000.000 - 000.000.000.000 - 000.000.000.000 7.6 DHCP : ON - ON - ON - ON Call Stack Information: -------------------------------------------------------------------------------------------------------------------- |Address |Module |Unit |Class |Procedure/Method |Line | -------------------------------------------------------------------------------------------------------------------- |*Exception Thread: ID=3536; Priority=1; Class=; [Main] | |------------------------------------------------------------------------------------------------------------------| |08A5F0C2|libge.dll | | | | | |76343E59|oleaut32.dll| | |SysFreeString | | |76343E9E|oleaut32.dll| | |SysFreeString | | |763E53F5|USER32.dll | | |IsWindow | | |774D3367|ntdll.dll | | |RtlReleaseSRWLockShared | | |774E9065|ntdll.dll | | |RtlImageRvaToSection | | |774E9041|ntdll.dll | | |RtlAddressInSectionTable | | |774E9033|ntdll.dll | | |RtlAddressInSectionTable | | |774C6FF2|ntdll.dll | | |KiUserExceptionDispatcher | | |08A76125|libge.dll |u_GoogleEarthCacheProvider.pas|TGoogleEarthCacheProvider|GetListOfTileVersions |301[21]| |774B4C80|ntdll.dll | | |memcpy | | |774D3499|ntdll.dll | | |RtlMultiByteToUnicodeN | | |774D2C73|ntdll.dll | | |RtlFreeHeap | | |774D2BFA|ntdll.dll | | |RtlFreeHeap | | |774D5677|ntdll.dll | | |RtlDeleteBoundaryDescriptor| | |763ECDAB|USER32.dll | | |OffsetRect | | |774C76E0|ntdll.dll | | |RtlLeaveCriticalSection | | |763DBB6B|USER32.dll | | |DefWindowProcA | | |76402BE9|USER32.dll | | |CallWindowProcA | | |76402BD3|USER32.dll | | |CallWindowProcA | | |763DAC19|USER32.dll | | |CallNextHookEx | | |76402B84|USER32.dll | | |GetPropA | | |76402B61|USER32.dll | | |GetPropA | | |763E2E3C|USER32.dll | | |DispatchMessageA | | |763E2E32|USER32.dll | | |DispatchMessageA | | |771EED6A|kernel32.dll| | |GetDriveTypeW | | -------------------------------------------------------------------------------------------------------------------- Modules Information: ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |Handle |Name |Description |Version |Size |Modified |Path | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |00200000|zlib1.dll |zlib data compression library |1.2.7.0 |66048 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |00310000|UnlockerHook.dll| | |4608 |2010-07-05 01:32:36|C:\Program Files\Unlocker | |00360000|btmmhook.dll |Multimedia Keys Hook DLL |6.3.0.8200 |226592 |2011-03-25 16:26:00|C:\Program Files\WIDCOMM\Bluetooth Software | |00400000|SASPlanet.exe | |13.9.21.7503 |4953088 |2013-09-21 04:02:48|C:\ut\SASPlanet.Nightly | |02120000|f1ct.dll | | |127488 |2012-11-03 19:25:20|C:\ut\SASPlanet.Nightly | |06E60000|TimeZone.dll |Used tzdata.2012j (2012-11-13) and tz_world_mp (2012-10-08)|1.0.1.1 |17019904|2012-11-24 16:53:04|C:\ut\SASPlanet.Nightly | |089F0000|libge.dll | |1.0.0.0 |720896 |2013-08-28 22:31:36|C:\ut\SASPlanet.Nightly | |09130000|libdb51.dll |Berkeley DB 5.1 DLL |5.0.1.29 |1088000 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |10000000|FreeImage.dll |FreeImage library |3.15.3.0 |322560 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |60F50000|leveldb.dll |LevelDB 1.12.0 for win32 |1.12.0.0 |221184 |2013-07-22 18:01:24|C:\ut\SASPlanet.Nightly | |60F90000|jpeg62.dll | | |244736 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |611F0000|libpng15.dll |PNG image compression library |1.5.12.0 |135680 |2013-05-19 04:01:10|C:\ut\SASPlanet.Nightly | |66BB0000|pshook.dll |Punto Switcher hook module |3.2.9.240 |25424 |2013-07-09 13:32:34|C:\Program Files\Yandex\Punto Switcher | |675C0000|MSVCP90.dll |Microsoft® C++ Runtime Library |9.0.30729.5570 |569680 |2012-06-03 21:38:10|C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a | |69100000|ieframe.dll |Internet Browser |8.0.7601.18126 |11020800|2013-04-10 09:02:58|C:\Windows\System32 | |6A000000|mshtml.dll |Microsoft (R) HTML Viewer |8.0.7601.18129 |6033408 |2013-05-06 17:04:22|C:\Windows\System32 | |6AD50000|mlang.dll |Multi Language Support DLL |6.1.7600.16385 |177664 |2009-07-14 05:15:42|C:\Windows\system32 | |6ADB0000|olepro32.dll | |6.1.7601.17514 |90112 |2010-11-20 16:20:50|C:\Windows\system32 | |6C3E0000|sensapi.dll |SENS Connectivity API DLL |6.1.7600.16385 |10752 |2009-07-14 05:16:14|C:\Windows\system32 | |6C700000|MSVCR90.dll |Microsoft® C Runtime Library |9.0.30729.5570 |653136 |2012-06-03 21:38:10|C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a | |6D190000|msls31.dll |Microsoft Line Services library file |3.10.349.0 |157184 |2009-07-14 05:15:46|C:\Windows\System32 | |708D0000|rasadhlp.dll |Remote Access AutoDial Helper |6.1.7600.16385 |11776 |2009-07-14 05:16:14|C:\Windows\system32 | |70E50000|winmm.dll |MCI API DLL |6.1.7601.17514 |194048 |2010-11-20 16:21:38|C:\Windows\system32 | |71A50000|dhcpcsvc6.DLL |DHCPv6 Client |6.1.7601.17970 |44032 |2012-10-09 21:40:32|C:\Windows\system32 | |71A60000|dhcpcsvc.DLL |DHCP Client Service |6.1.7600.16385 |61952 |2009-07-14 05:15:12|C:\Windows\system32 | |71A90000|fwpuclnt.dll |FWP/IPsec User-Mode API |6.1.7601.17514 |216576 |2010-11-20 16:19:04|C:\Windows\System32 | |71B30000|CityHash.dll | | |14336 |2013-08-12 04:01:10|C:\ut\SASPlanet.Nightly | |71F50000|WINNSI.DLL |Network Store Information RPC interface |6.1.7600.16385 |16896 |2009-07-14 05:16:20|C:\Windows\system32 | |71F60000|iphlpapi.DLL |IP Helper API |6.1.7601.17514 |103936 |2010-11-20 16:19:24|C:\Windows\system32 | |732F0000|msimg32.dll |GDIEXT Client DLL |6.1.7600.16385 |4608 |2009-07-14 05:15:46|C:\Windows\system32 | |73390000|OLEACC.dll |Active Accessibility Core Component |7.0.0.0 |233472 |2011-08-27 08:26:28|C:\Windows\System32 | |733D0000|wsock32.dll |Windows Socket 32-Bit DLL |6.1.7600.16385 |15360 |2009-07-14 05:16:22|C:\Windows\system32 | |73490000|rtutils.dll |Routing Utilities |6.1.7601.17514 |37376 |2010-11-20 16:21:04|C:\Windows\system32 | |734A0000|rasman.dll |Remote Access Connection Manager |6.1.7600.16385 |76800 |2009-07-14 05:16:14|C:\Windows\system32 | |734C0000|RASAPI32.dll |Remote Access API |6.1.7600.16385 |325120 |2009-07-14 05:16:14|C:\Windows\system32 | |73B50000|NLAapi.dll |Network Location Awareness 2 |6.1.7601.17964 |52224 |2012-10-03 20:42:28|C:\Windows\system32 | |73D10000|ntmarta.dll |Windows NT MARTA provider |6.1.7600.16385 |121856 |2009-07-14 05:16:12|C:\Windows\system32 | |73F50000|uxtheme.dll |Microsoft UxTheme Library |6.1.7600.16385 |249856 |2009-07-14 05:16:18|C:\Windows\system32 | |74520000|wshtcpip.dll |Winsock2 Helper DLL (TL/IPv4) |6.1.7600.16385 |9216 |2009-07-14 05:16:22|C:\Windows\System32 | |74610000|version.dll |Version Checking and File Installation Libraries |6.1.7600.16385 |21504 |2009-07-14 05:16:18|C:\Windows\system32 | |74650000|winspool.drv |Windows Spooler Driver |6.1.7601.17514 |320000 |2010-11-20 16:16:52|C:\Windows\system32 | |74C70000|dnsapi.DLL |DNS Client API DLL |6.1.7601.17570 |270336 |2011-03-03 09:38:02|C:\Windows\system32 | |74DA0000|mswsock.dll |Microsoft Windows Sockets 2.0 Service Provider |6.1.7601.17514 |232448 |2010-11-20 16:19:58|C:\Windows\system32 | |74E80000|wship6.dll |Winsock2 Helper DLL (TL/IPv6) |6.1.7600.16385 |10752 |2009-07-14 05:16:22|C:\Windows\System32 | |74F80000|dwmapi.dll |Microsoft Desktop Window Manager API |6.1.7600.16385 |67072 |2009-07-14 05:15:14|C:\Windows\system32 | |75090000|comctl32.dll |User Experience Controls Library |6.10.7601.17514 |1680896 |2010-11-20 15:55:10|C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2| |754E0000|SspiCli.dll |Security Support Provider Interface |6.1.7601.17725 |100352 |2011-11-17 09:34:56|C:\Windows\system32 | |75500000|apphelp.dll |Application Compatibility Client Library |6.1.7601.17514 |295936 |2010-11-20 16:18:04|C:\Windows\system32 | |75550000|CRYPTBASE.dll |Base cryptographic API DLL |6.1.7600.16385 |36864 |2009-07-14 05:15:08|C:\Windows\system32 | |75560000|SXS.DLL |Fusion 2.5 |6.1.7601.17514 |380416 |2010-11-20 16:21:28|C:\Windows\system32 | |755D0000|profapi.dll |User Profile Basic API |6.1.7600.16385 |31744 |2009-07-14 05:16:14|C:\Windows\system32 | |75640000|MSASN1.dll |ASN.1 Runtime APIs |6.1.7601.17514 |34304 |2010-11-20 16:19:46|C:\Windows\system32 | |75730000|KERNELBASE.dll |Windows NT BASE API Client DLL |6.1.7601.18015 |293376 |2012-11-30 08:47:46|C:\Windows\system32 | |75780000|CRYPT32.dll |Crypto API32 |6.1.7601.17856 |1159680 |2012-06-02 08:36:30|C:\Windows\system32 | |758D0000|MSCTF.dll |MSCTF Server DLL |6.1.7600.16385 |828928 |2009-07-14 05:15:44|C:\Windows\system32 | |759A0000|advapi32.dll |Advanced Windows 32 Base API |6.1.7601.17514 |640512 |2010-11-20 16:18:04|C:\Windows\system32 | |75A40000|RPCRT4.dll |Remote Procedure Call Runtime |6.1.7601.17514 |653312 |2010-11-20 16:21:04|C:\Windows\system32 | |75AF0000|URLMON.DLL |OLE32 Extensions for Win32 |8.0.7601.18126 |1231872 |2013-04-10 09:08:00|C:\Windows\system32 | |75C30000|USP10.dll |Uniscribe Unicode script processor |1.626.7601.18009 |626688 |2012-11-22 08:45:04|C:\Windows\system32 | |75CD0000|SHLWAPI.dll |Shell Light-weight Utility Library |6.1.7601.17514 |350208 |2010-11-20 16:21:20|C:\Windows\system32 | |75D30000|WININET.dll |Internet Extensions for Win32 |8.0.7601.18126 |981504 |2013-04-10 09:08:14|C:\Windows\system32 | |75E30000|GDI32.dll |GDI Client DLL |6.1.7601.17514 |304640 |2010-11-20 16:19:06|C:\Windows\system32 | |75E80000|CLBCatQ.DLL |COM+ Configuration Catalog |2001.12.8530.16385|522240 |2009-07-14 05:15:04|C:\Windows\system32 | |75F10000|sechost.dll |Host for SCM/SDDL/LSA Lookup APIs |6.1.7600.16385 |92160 |2009-07-14 05:16:14|C:\Windows\SYSTEM32 | |75F30000|ole32.dll |Microsoft OLE for Windows |6.1.7601.17514 |1414144 |2010-11-20 16:20:50|C:\Windows\system32 | |76230000|LPK.dll |Language Pack |6.1.7600.16385 |26624 |2009-07-14 05:15:38|C:\Windows\system32 | |76240000|ws2_32.DLL |Windows Socket 2.0 32-Bit DLL |6.1.7601.17514 |206848 |2010-11-20 16:21:40|C:\Windows\system32 | |762E0000|WLDAP32.dll |Win32 LDAP API DLL |6.1.7601.17514 |269824 |2010-11-20 16:21:38|C:\Windows\system32 | |76330000|Normaliz.dll |Unicode Normalization DLL |6.1.7600.16385 |2048 |2009-07-14 05:09:02|C:\Windows\system32 | |76340000|oleaut32.dll | |6.1.7601.17676 |571904 |2011-08-27 08:26:28|C:\Windows\system32 | |763D0000|USER32.dll |Multi-User Windows USER API Client DLL |6.1.7601.17514 |811520 |2010-11-20 16:21:34|C:\Windows\system32 | |764A0000|shell32.dll |Windows Shell Common Dll |6.1.7601.18103 |12872704|2013-02-27 08:55:06|C:\Windows\system32 | |770F0000|msvcrt.dll |Windows NT CRT DLL |7.0.7601.17744 |690688 |2011-12-16 11:53:00|C:\Windows\system32 | |771A0000|kernel32.dll |Windows NT BASE API Client DLL |6.1.7601.18015 |868352 |2012-11-30 08:47:46|C:\Windows\system32 | |77280000|iertutil.dll |Run time utility for Internet Explorer |8.0.7601.18126 |2078208 |2013-04-10 09:03:00|C:\Windows\system32 | |77480000|ntdll.dll |NT Layer DLL |6.1.7601.17725 |1288472 |2011-11-17 09:38:40|C:\Windows\SYSTEM32 | |775C0000|imm32.dll |Multi-User Windows IMM32 API Client DLL |6.1.7601.17514 |118272 |2010-11-20 16:19:24|C:\Windows\system32 | |775E0000|PSAPI.DLL |Process Status Helper |6.1.7600.16385 |6144 |2009-07-14 05:16:14|C:\Windows\system32 | |775F0000|NSI.dll |NSI User-mode interface DLL |6.1.7600.16385 |8704 |2009-07-14 05:16:12|C:\Windows\system32 | |77600000|comdlg32.dll |Common Dialogs DLL |6.1.7601.17514 |485888 |2010-11-20 16:18:24|C:\Windows\system32 | |77680000|imagehlp.dll |Windows NT Image Helper |6.1.7601.17787 |159232 |2012-03-01 09:33:24|C:\Windows\system32 | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Processes Information: -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |ID |Name |Description |Version |Memory|Priority |Threads|Path | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |0 |[System Process] | | |0 | |4 | | |4 |System | | |0 |Normal |181 | | |116 |c2c_service.exe | | |0 |Normal |7 | | |120 |hasplms.exe |Sentinel HASP License Manager Service |12.50.1.16926 |0 |Normal |12 | | |356 |smss.exe |Windows Session Manager |6.1.7601.18113|0 |Above-Normal|2 | | |412 |HPDrvMntSvc.exe | | |0 |Normal |4 | | |440 |hpHotkeyMonitor.exe | | |0 |Normal |6 | | |480 |iked.exe | | |0 |Normal |7 | | |560 |csrss.exe |Client Server Runtime Process |6.1.7600.16385|0 |High |11 | | |564 |ipsecd.exe | | |0 |Normal |8 | | |612 |wininit.exe |Windows Start-Up Application |6.1.7600.16385|0 |High |3 | | |620 |csrss.exe |Client Server Runtime Process |6.1.7600.16385|0 |High |11 | | |668 |services.exe |Services and Controller app |6.1.7600.16385|0 |Normal |13 | | |692 |TOTALCMD.EXE |Total Commander 32 bit |7.5.7.1 |0 |Normal |12 |C:\ut\totalcmd | |700 |lsass.exe |Local Security Authority Process |6.1.7601.17725|0 |Normal |7 | | |708 |lsm.exe |Local Session Manager Service |6.1.7601.17514|0 |Normal |10 | | |788 |winlogon.exe |Windows Logon Application |6.1.7601.17514|0 |High |3 | | |820 |PNXSERVR.exe | | |0 |Normal |20 | | |880 |svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |12 | | |956 |svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |10 | | |1040|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |23 | | |1096|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |25 | | |1124|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |20 | | |1136|pdisrvc.exe | | |0 |Normal |3 | | |1156|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |46 | | |1220|audiodg.exe |Windows Audio Device Graph Isolation |6.1.7601.17514|0 |Normal |5 | | |1248|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |5 | | |1344|hpservice.exe |HpService |4.2.2.1 |0 |Normal |4 | | |1372|PMBDeviceInfoProvider.exe | | |0 |Normal |3 | | |1388|vcsFPService.exe |Validity Sensors Fingerprint Service |4.3.216.0 |0 |Normal |8 | | |1396|punto.exe |Punto Switcher |3.2.9.240 |0 |Normal |6 |C:\Program Files\Yandex\Punto Switcher | |1512|ngvpnmgr.exe |VPN Tunnel Manager |10.5.6.93 |0 |Normal |12 | | |1528|BTHSSecurityMgr.exe | | |0 |Normal |8 | | |1572|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |24 | | |1684|spoolsv.exe |Spooler SubSystem App |6.1.7601.17777|0 |Normal |18 | | |1716|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |18 | | |1808|pg_ctl.exe | | |0 |Normal |4 | | |1836|schedul2.exe | | |0 |Normal |8 | | |1880|afcdpsrv.exe | | |0 |Low |14 | | |1976|btwdins.exe |Bluetooth Support Server |6.3.0.8200 |0 |Normal |6 | | |2076|postgres.exe | | |0 |Normal |4 | | |2084|conhost.exe |Console Window Host |6.1.7601.18015|0 |Normal |2 | | |2124|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |6 | | |2296|QLBController.exe |QLBController |4.0.20.1 |0 |Normal |18 |C:\Program Files\Hewlett-Packard\HP HotKey Support| |2460|postgres.exe | | |0 |Normal |3 | | |2508|hpCaslNotification.exe |hpCaslNotification |4.1.13.1 |0 |Normal |7 |C:\Program Files\Hewlett-Packard\Shared | |2552|postgres.exe | | |0 |Normal |2 | | |2560|postgres.exe | | |0 |Normal |2 | | |2568|postgres.exe | | |0 |Normal |2 | | |2576|postgres.exe | | |0 |Normal |2 | | |2584|postgres.exe | | |0 |Normal |2 | | |2692|Dwm.exe |Desktop Window Manager |6.1.7600.16385|0 |High |5 |C:\Windows\system32 | |2740|TiE.exe | | |0 |Normal |2 |C:\Program Files\Type it Easy | |2772|TrueImageMonitor.exe |Acronis True Image Monitor |14.0.0.6942 |0 |Normal |24 |C:\Program Files\Acronis\TrueImageHome | |2792|PNXKERNL.exe | | |0 |Normal |6 | | |2800|taskhost.exe |Host Process for Windows Tasks |6.1.7601.18010|0 |Normal |10 |C:\Windows\system32 | |2980|Explorer.EXE |Windows Explorer |6.1.7601.17567|0 |Normal |35 |C:\Windows | |2996|hpqWmiEx.exe | | |0 |Normal |9 | | |3084|UnlockerAssistant.exe | | |0 |Normal |2 |C:\Program Files\Unlocker | |3096|HPPA_Service.exe | | |0 |Normal |20 | | |3140|TortoiseHgOverlayServer.exe|TortoiseHg Overlay Icon Server |1.1.10.0 |0 |Normal |4 |C:\Program Files\TortoiseHg | |3228|PMBVolumeWatcher.exe |Media Check Tool |6.3.0.4221 |0 |Normal |3 |C:\Program Files\Sony\PlayMemories Home | |3240|hkcmd.exe |hkcmd Module |8.15.10.2932 |0 |Normal |3 |C:\Windows\System32 | |3248|SynTPEnh.exe |Synaptics TouchPad Enhancements |16.3.9.0 |0 |Above-Normal|12 |C:\Program Files\Synaptics\SynTP | |3324|BTTray.exe |Bluetooth Tray Application |6.3.0.8200 |0 |Normal |11 |C:\Program Files\WIDCOMM\Bluetooth Software | |3328|SYNTPHELPER.EXE |Synaptics Pointing Device Helper |16.3.9.0 |0 |Above-Normal|2 |C:\PROGRAM FILES\SYNAPTICS\SYNTP | |3400|sidebar.exe |Windows Desktop Gadgets |6.1.7601.17514|0 |Normal |16 |C:\Program Files\Windows Sidebar | |3436|jusched.exe |Java(TM) Update Scheduler |2.1.9.4 |0 |Normal |6 |C:\Program Files\Common Files\Java\Java Update | |3528|DTLite.exe |DAEMON Tools Lite |4.45.4.314 |0 |Normal |6 |C:\Program Files\DAEMON Tools Lite | |3548|qip.exe |QIP 2012 |4.0.0.7221 |0 |Normal |79 |C:\Program Files\QIP 2012 | |3556|thunderbird.exe |Thunderbird |11.0.0.4469 |0 |Normal |28 |C:\Program Files\Mozilla Thunderbird | |3644|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |8 | | |3736|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |18 | | |3840|FSCapture.exe |FastStone Capture |6.5.0.0 |0 |Normal |2 |C:\Program Files\FastStone Capture | |4024|unsecapp.exe |Sink to receive asynchronous callbacks for WMI client application|6.1.7600.16385|0 |Normal |4 | | |4084|WmiPrvSE.exe |WMI Provider Host |6.1.7601.17514|0 |Normal |8 | | |4448|BTHSAmpPalService.exe | | |0 |Normal |8 | | |4756|wmpnetwk.exe | | |0 |Normal |11 | | |4804|firefox.exe |Firefox |23.0.1.4974 |0 |Normal |49 |C:\Program Files\Mozilla Firefox | |5644|BtStackServer.exe |Bluetooth Stack COM Server |6.3.0.8200 |0 |Normal |21 |C:\Program Files\WIDCOMM\Bluetooth Software | |5816|svchost.exe |Host Process for Windows Services |6.1.7600.16385|0 |Normal |13 | | |6624|pidgin.exe |Pidgin |2.10.7.0 |0 |Normal |9 |C:\Program Files\Pidgin | |7724|Vitrite.exe | | |0 |Normal |2 |C:\ut\Vitrite | |8004|SASPlanet.exe | |13.9.21.7503 |0 |Normal |18 |C:\ut\SASPlanet.Nightly | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Assembler Information: -------------------------------------------------------------- 08A5F097 add [ebx+$A815140D], cl 08A5F09D or [edx+$6680A101], dh 08A5F0A3 mov dword ptr [$53EE808], eax 08A5F0A8 cli 08A5F0A9 jmp ax 08A5F0AB mov ecx, $C3FFF958 ; ''... 08A5F0B0 mov ecx, [$8A81510] 08A5F0B6 mov dl, $01 08A5F0B8 mov eax, dword ptr [EMultiFree] 08A5F0BD call -$0005FADA 08A5F0C2 call -$0006A75F ; <-- EXCEPTION 08A5F0C7 ret Registers: ----------------------------- EAX: 0D4DABC0 EDI: 00000001 EBX: 0D4DB2B0 ESI: 08A6E73C ECX: 0000002B ESP: 0012E82C EDX: 08A5F0C7 EIP: 08A5F0C2 Stack: Memory Dump: ------------------ --------------------------------------------------------------------------- 0012E82C: 089F8633 0D610BE0: E8 A1 58 F9 FF C3 68 78 CD A8 08 E8 C2 84 F9 FF ..X...hx........ 0012E830: 0012E840 0D610BF0: C3 90 55 8B EC 6A 00 33 C0 55 68 5B F1 A5 08 64 ..U..j.3.Uh[...d 0012E834: 089F86F7 0D610C00: FF 30 64 89 20 A1 A0 47 A8 08 C7 00 D8 E7 A5 08 .0d. ..G........ 0012E838: 02FFFFFF 0D610C10: A1 7C 47 A8 08 C7 00 58 EA A5 08 A1 D8 47 A8 08 .|G....X.....G.. 0012E83C: 0D4DB430 0D610C20: C7 00 DC EB A5 08 A1 C0 47 A8 08 C7 00 98 F0 A5 ........G....... 0012E840: 0012E89C 0D610C30: 08 A1 B0 48 A8 08 C7 00 B0 F0 A5 08 8D 45 FC E8 ...H.........E.. 0012E844: 089F2EE2 0D610C40: 66 10 FE FF 8B 45 FC E8 FA 63 F9 FF 8B D0 B8 78 f....E...c.....x 0012E848: 089F669C 0D610C50: CD A8 08 E8 C6 CC F9 FF A1 6C 49 A8 08 C7 00 C8 .........lI..... 0012E84C: 0D4DB2AC 0D610C60: F0 A5 08 33 C0 5A 59 59 64 89 10 68 62 F1 A5 08 ...3.ZYYd..hb... 0012E850: 089F5DCD 0D610C70: 8D 45 FC E8 22 5F F9 FF C3 E9 64 56 F9 FF EB F0 .E.."_....dV.... 0012E854: 00000001 0D610C80: 59 5D C3 8D 40 00 55 8B EC 33 C9 51 51 51 51 51 Y]..@.U..3.QQQQQ 0012E858: 08A6E83A 0D610C90: 53 56 8B 75 08 33 C0 55 68 92 F2 A5 08 64 FF 30 SV.u.3.Uh....d.0 0012E85C: 0D4DB2A0 0D610CA0: 64 89 20 E8 56 E5 FF FF 84 C0 0F 84 DC 00 00 00 d. .V........... 0012E860: 0D4DB2AC 0D610CB0: E8 25 E2 FF FF 84 C0 0F 84 CF 00 00 00 C6 05 8C .%.............. 0012E864: 089F5CD1 0D610CC0: CA A8 08 01 33 DB E8 03 3E F9 FF 8B 15 C8 9F 9F ....3...>....... 0012E868: 0012F328 0D610CD0: 08 E8 BC 50 F9 FF 84 C0 74 07 E8 EF 3D F9 FF 8B ...P....t...=...