date/time computer name user name registered owner operating system system language system up time program up time

processors physical memory free disk space display mode process id allocated memory executable exec. date/time version compiled with madExcept version callstack crc exception number exception class exception message

: : : : : : : : : : : : : : : : : : : : : : :

2011-06-28, 23:37:29, 80ms ADMIN Administrator <admin> Admin / Admin Computer Windows XP Service Pack 3 build 2600 English 35 minutes 45 seconds 34 minutes 58 seconds 2x Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz 2310/3062 MB (free/total) (C:) 822.41 MB 1440x900, 32 bit $84c 11.45 MB XWindowsDock.exe 2009-06-03 09:41 5.6.1.1 Delphi 7 3.0h $7b8174fe, $27e1c4f2, $0119d365 1 EOSError A call to an OS function failed. SysUtils SysUtils Controls Main Controls Classes RaiseLastOSError Win32Check TMouse.GetCursorPos TfrmMacXDock.WndProc TWinControl.MainWndProc StdWndProc KiUserCallbackDispatcher PeekMessageA TApplication.ProcessMessage TApplication.HandleMessage TApplication.Run initialization

main thread ($850): 00458cd1 +75 XWindowsDock.exe 00458cff +07 XWindowsDock.exe 004a203d +09 XWindowsDock.exe 0051fd7f +7f XWindowsDock.exe 0049af2c +2c XWindowsDock.exe 0046b778 +14 XWindowsDock.exe 7c90e450 +10 ntdll.dll 7e42a436 +f6 user32.dll 004b6b1f +13 XWindowsDock.exe 004b6bc6 +0a XWindowsDock.exe 004b6de6 +96 XWindowsDock.exe 0052d9ac +cc XWindowsDock.exe

2133 +5

Forms 31056 +0 Forms 31056 +0 Forms 31056 +0 XWindowsDock 42 +15

thread $8ec: 7c90df2a +0a ntdll.dll 7c80956e +00 kernel32.dll 7e4195f3 +00 user32.dll 7e4196a3 +1a user32.dll 0044e189 +0d XWindowsDock.exe madExcept 0044e1f3 +37 XWindowsDock.exe madExcept >> created by main thread ($850) at: 4eca29c1 +00 gdiplus.dll

NtWaitForMultipleObjects WaitForMultipleObjectsEx MsgWaitForMultipleObjectsEx MsgWaitForMultipleObjects CallThreadProcSafe ThreadExceptFrame

thread $908 (TGalleryRender): <priority:-15> 7c90d1fa +0a ntdll.dll NtDelayExecution 7c8023eb +4b kernel32.dll SleepEx 7c802450 +0a kernel32.dll Sleep 00505f04 +20 XWindowsDock.exe ImageGallery 243 +5 TGalleryRender.Execute 0044e2a7 +2b XWindowsDock.exe madExcept HookedTThreadExecute 0046a220 +34 XWindowsDock.exe Classes ThreadProc 00404a1c +28 XWindowsDock.exe System ThreadWrapper 0044e189 +0d XWindowsDock.exe madExcept CallThreadProcSafe 0044e1f3 +37 XWindowsDock.exe madExcept ThreadExceptFrame >> created by main thread ($850) at: 00505de8 +18 XWindowsDock.exe ImageGallery 193 +1 TGalleryRender.Create

thread $984 (TXSetImageThread): <priority:-15> 7c90d1fa +00a ntdll.dll 7c8023eb +04b kernel32.dll 7c802450 +00a kernel32.dll 0051b210 +4fc XWindowsDock.exe Main 785 +83 0044e2a7 +02b XWindowsDock.exe madExcept 0046a220 +034 XWindowsDock.exe Classes 00404a1c +028 XWindowsDock.exe System 0044e189 +00d XWindowsDock.exe madExcept 0044e1f3 +037 XWindowsDock.exe madExcept >> created by main thread ($850) at: 0051aabf +01b XWindowsDock.exe Main 582 +1

NtDelayExecution SleepEx Sleep TXSetImageThread.Execute HookedTThreadExecute ThreadProc ThreadWrapper CallThreadProcSafe ThreadExceptFrame TXSetImageThread.Create

modules: 00400000 XWindowsDock.exe 5.6.1.1 C:\Program Files\XWindowsDock 02800000 XWDkernel.dll 5.4.10.1 C:\Program Files\XWindowsDock 02d20000 XLauncher.dll C:\Program Files\XWindowsDock\Docklet s\XLauncher 03310000 msi.dll 3.1.4001.5512 C:\WINDOWS\system32 03a90000 Expand.dll C:\Program Files\XWindowsDock\Effects \Expand 4ec50000 gdiplus.dll 5.1.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windo ws.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c 5ad70000 uxtheme.dll 6.0.2900.5512 C:\WINDOWS\system32 5dca0000 iertutil.dll 7.0.5730.13 C:\WINDOWS\system32 60560000 AcSignIcon.dll 17.0.54.0 C:\WINDOWS\system32 61410000 urlmon.dll 7.0.5730.13 C:\WINDOWS\system32 64d00000 snxhk.dll 6.0.999.0 C:\Program Files\Alwil Software\Avast 5 64e40000 ashShell.dll 6.0.999.0 C:\Program Files\Alwil Software\Avast 5 69b10000 msxml4.dll 4.20.9818.0 C:\WINDOWS\system32 71aa0000 WS2HELP.dll 5.1.2600.5512 C:\WINDOWS\system32 71ab0000 WS2_32.dll 5.1.2600.5512 C:\WINDOWS\system32 71ad0000 wsock32.dll 5.1.2600.5512 C:\WINDOWS\system32 73000000 winspool.drv 5.1.2600.5512 C:\WINDOWS\system32 74720000 MSCTF.dll 5.1.2600.5512 C:\WINDOWS\system32 755c0000 msctfime.ime 5.1.2600.5512 C:\WINDOWS\system32 76390000 IMM32.DLL 5.1.2600.5512 C:\WINDOWS\system32 763b0000 comdlg32.dll 6.0.2900.5512 C:\WINDOWS\system32 76600000 CSCDLL.dll 5.1.2600.5512 C:\WINDOWS\System32 769c0000 USERENV.dll 5.1.2600.5512 C:\WINDOWS\system32 76b40000 winmm.dll 5.1.2600.5512 C:\WINDOWS\system32 76bf0000 PSAPI.dll 5.1.2600.5512 C:\WINDOWS\system32 76fd0000 CLBCATQ.DLL 2001.12.4414.700 C:\WINDOWS\system32 77050000 COMRes.dll 2001.12.4414.700 C:\WINDOWS\system32 77120000 oleaut32.dll 5.1.2600.5512 C:\WINDOWS\system32 773d0000 comctl32.dll 6.0.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windo ws.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83 774e0000 ole32.dll 5.1.2600.5512 C:\WINDOWS\system32 77920000 SETUPAPI.dll 5.1.2600.5512 C:\WINDOWS\system32 77a20000 cscui.dll 5.1.2600.5512 C:\WINDOWS\System32 77b40000 appHelp.dll 5.1.2600.5512 C:\WINDOWS\system32 77c00000 version.dll 5.1.2600.5512 C:\WINDOWS\system32 77c10000 msvcrt.dll 7.0.2600.5512 C:\WINDOWS\system32 77dd0000 advapi32.dll 5.1.2600.5512 C:\WINDOWS\system32 77e70000 RPCRT4.dll 5.1.2600.5512 C:\WINDOWS\system32 77f10000 GDI32.dll 5.1.2600.5512 C:\WINDOWS\system32 77f60000 SHLWAPI.dll 6.0.2900.5512 C:\WINDOWS\system32

77fe0000 7c800000 7c900000 7c9c0000 7e410000

Secur32.dll kernel32.dll ntdll.dll shell32.dll user32.dll

5.1.2600.5512 5.1.2600.5512 5.1.2600.5512 6.0.2900.5512 5.1.2600.5512

C:\WINDOWS\system32 C:\WINDOWS\system32 C:\WINDOWS\system32 C:\WINDOWS\system32 C:\WINDOWS\system32

processes: 000 Idle 004 System 22c smss.exe 26c csrss.exe 284 winlogon.exe 2b0 services.exe 2bc lsass.exe 360 svchost.exe 3ac svchost.exe 3d4 svchost.exe 3f4 svchost.exe 430 svchost.exe 460 svchost.exe 590 AvastSvc.exe 6d8 spoolsv.exe 77c ACService.exe ion Service\Bin 794 ChgService.exe 10c IEGLicSrv.exe IEG\IEGLCS 080 svchost.exe 42c Explorer.EXE 4f4 VMCService.exe nect\Bin 820 DrvIcon.exe 84c XWindowsDock.exe 888 CircleDock.exe 8a0 alg.exe 968 TaskSwitchXP.exe 97c avastUI.exe 990 igfxtray.exe 998 hkcmd.exe 9a0 igfxpers.exe 9c4 ACDaemon.exe ion Service\Bin 9d8 NkMonitor.exe 9f4 PDVDServ.exe a00 USBGuard.exe a08 MobileConnect.exe nect\Bin a18 winampa.exe a3c Updater.exe a44 ctfmon.exe a4c sidebar.exe a60 UberIcon Manager.exe a70 ViSplore.exe a90 BitTorrent.exe af4 softinfo.exe b18 igfxsrvc.exe b94 ArcCon.ac ion Service\Bin b90 Reliance Netconnect.exe and+

normal normal C:\WINDOWS\system32 high normal normal normal C:\WINDOWS\system32 C:\WINDOWS\system32 C:\WINDOWS\system32 C:\WINDOWS\system32

normal C:\WINDOWS\System32 normal C:\WINDOWS\system32 normal C:\Program Files\Alwil Software\Avast5 normal C:\WINDOWS\system32 normal C:\Program Files\Common Files\ArcSoft\Connect normal C:\WINDOWS\system32 normal C:\Program Files\Common Files\Bentley Shared\ normal C:\WINDOWS\system32 normal C:\WINDOWS normal C:\Program Files\Vodafone\Vodafone Mobile Con idle C:\Program Files\Drive Icon normal C:\Program Files\XWindowsDock normal C:\Program Files\Circle Dock high normal normal normal normal normal normal normal normal normal normal normal normal normal high normal normal normal normal normal C:\Program Files\TaskSwitchXP C:\Program Files\Alwil Software\Avast5 C:\WINDOWS\system32 C:\WINDOWS\system32 C:\WINDOWS\system32 C:\Program Files\Common Files\ArcSoft\Connect C:\Program C:\Program C:\Program C:\Program Files\Common Files\Nikon\Monitor Files\CyberLink\PowerDVD Files\USB Disk Security Files\Vodafone\Vodafone Mobile Con

C:\Program Files\Winamp C:\Program Files\Ask.com\Updater C:\WINDOWS\system32 C:\Program Files\Windows Sidebar C:\Program Files\UberIcon C:\Program Files\ViSplore C:\Program Files\BitTorrent C:\Program Files\Software Informer C:\WINDOWS\system32 C:\Program Files\Common Files\ArcSoft\Connect

normal C:\Program Files\Reliance Netconnect - Broadb

be4 c0c de4 f4c bc4

ipmsg.exe wweb32.exe ymsgr_tray.exe firefox.exe logonui.exe

normal normal normal normal normal

C:\Program C:\Program C:\Program C:\Program

Files\IPMsg Files\WordWeb Files\Yahoo!\Messenger Files\Mozilla Firefox

hardware: + Batteries - Microsoft AC Adapter - Microsoft ACPI-Compliant Control Method Battery + Computer - ACPI Multiprocessor PC + Disk drives - FUJITSU MHY2160BH - Generic- Multi-Card USB Device - HUAWEI SD Storage USB Device + Display adapters - Mobile Intel(R) 965 Express Chipset Family (driver 6.14.10.4864) - Mobile Intel(R) 965 Express Chipset Family (driver 6.14.10.4864) + DVD/CD-ROM drives - HUAWEI Mass Storage USB Device - Optiarc DVD RW AD-7561A + IDE ATA/ATAPI controllers - Intel(R) ICH8M 3 port Serial ATA Storage Controller - 2828 - Primary IDE Channel - Secondary IDE Channel + Imaging devices - USB Video Device + Keyboards - Standard 101/102-Key or Microsoft Natural PS/2 Keyboard + Mice and other pointing devices - PS/2 Compatible Mouse + Modems - HUAWEI Mobile Connect - Modem (driver 2.0.3.826) + Monitors - Plug and Play Monitor - Plug and Play Monitor - Plug and Play Monitor + Network adapters - Atheros AR5007 802.11b/g WiFi Adapter (driver 7.6.0.209) - Realtek RTL8139 Family PCI Fast Ethernet NIC + Ports (COM & LPT) - HUAWEI Mobile Connect - Application Interface (COM14) (driver 2.0.3.826) - HUAWEI Mobile Connect - PC UI Interface (COM15) (driver 2.0.3.826) + Processors - Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz - Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz + Sound, video and game controllers - Audio Codecs - Conexant High Definition Audio-Venice 5045 (driver 3.30.0.52) - Legacy Audio Drivers - Legacy Video Capture Devices - Media Control Devices - Video Codecs + System devices - ACPI Fixed Feature Button - ACPI Lid - ACPI Power Button - ACPI Sleep Button - ACPI Thermal Zone

- Direct memory access controller - High Precision Event Timer - Intel(R) 82801 PCI Bridge - 2448 - Intel(R) 82802 Firmware Hub Device - Intel(R) ICH8 Family PCI Express Root Port 1 - 283F - Intel(R) ICH8 Family SMBus Controller - 283E (driver - Intel(R) ICH8M-E LPC Interface Controller - 2815 - ISAPNP Read Data Port - Logical Disk Manager - Microcode Update Device - Microsoft ACPI-Compliant Embedded Controller - Microsoft ACPI-Compliant System - Microsoft Composite Battery - Microsoft System Management BIOS Driver - Microsoft UAA Bus Driver for High Definition Audio - Microsoft Windows Management Interface for ACPI - Motherboard resources - Numeric data processor - PCI bus - PCI standard host CPU bridge - Plug and Play Software Device Enumerator - Programmable interrupt controller - System CMOS/real time clock - System timer - Terminal Server Device Redirector - Terminal Server Keyboard Driver - Terminal Server Mouse Driver - Volume Manager + Universal Serial Bus controllers - Intel(R) ICH8 Family USB Universal Host Controller - Intel(R) ICH8 Family USB Universal Host Controller - Intel(R) ICH8 Family USB Universal Host Controller - Intel(R) ICH8 Family USB2 Enhanced Host Controller - USB Composite Device - USB Composite Device - USB Mass Storage Device - USB Mass Storage Device - USB Root Hub - USB Root Hub - USB Root Hub - USB Root Hub cpu eax ebx ecx edx esi edi eip esp ebp registers: = 00b96b34 = 00000000 = 00000000 = 00458cd6 = 00b83284 = 0012fe00 = 00458cd6 = 0012fa40 = 0012fa94 8c fa 32 fa 00 fa 45 12 b8 12 00 12 00 00 00 00 00 00 de d6 00 48 6a 50 fa 8c fe 43 9f fd ed 45 12 40 42 12 0e 00 00 00 7e 00 01 34 94 94 ba 04 00 6b fa fa 84 8d 00 b9 12 12 41 45 00 00 00 00 7e 00 07 00 70 00 5d dc 00 00 fa 00 97 fa 00 00 12 00 42 12

8.0.0.1008)

2830 2831 2832 2836

stack dump: 0012fa40 d6 0012fa50 54 0012fa60 84 0012fa70 ac 0012fa80 00 0012fa90 dc

00 00 00 00 7e 00

..E............. T.....E.4k...... .2..........p... ....HC@......... ....j.B~..A~].B~ ....P.....E.....

0012faa0 0012fab0 0012fac0 0012fad0 0012fae0 0012faf0 0012fb00 0012fb10 0012fb20 0012fb30 0012fb40 0012fb50 0012fb60 0012fb70

42 48 84 00 20 88 28 84 84 c8 d5 98 00 00

20 43 32 00 02 9c c2 32 32 fb 09 fe 00 00

4a 40 b8 00 00 80 42 b8 b8 12 52 12 00 00

00 00 00 00 00 7c 7e 00 00 00 00 00 00 00

84 50 00 00 00 3c c0 20 84 78 f0 d5 00 00

32 fd 00 00 3a fb 01 fe 32 64 fd 0f 00 00

b8 12 00 00 3d 12 01 12 b8 d2 12 00 00 00

00 00 00 00 00 00 00 00 00 02 00 02 00 00

84 00 00 00 fc b4 18 5e 3c 84 2c 84 00 78

fd fe 00 00 fa b2 02 07 c2 32 0a 32 00 64

51 12 00 00 12 49 00 4b 42 b8 52 b8 00 d2

00 00 00 00 00 00 00 00 7e 00 00 00 00 02

58 d5 00 df 00 18 98 98 e9 e8 34 00 00 cd

fd 0f 00 03 00 fb fe fe c1 fd 0a 00 00 ab

12 00 00 00 00 12 12 12 42 12 52 00 00 ba

00 02 00 00 00 00 00 00 7e 00 00 00 00 dc

B.J..2....Q.X... HC@.P........... .2.............. ................ .....:=......... ...|<.....I..... (.B~............ .2......^.K..... .2...2..<.B~..B~ ....xd...2...... ..R.....,.R.4.R. .........2...... ................ ........xd......

disassembling: [...] 0051fd6a 0051fd6e 0051fd72 2133 0051fd78 0051fd7d 0051fd7f > 0051fd84 0051fd8a 0051fd90 0051fd95 0051fd97 2134 [...]

mov mov lea mov mov call push push call mov call

ax, [eax+4] [ebp-$20], ax edx, [ebp-$274] eax, [$5374e8] eax, [eax] -$7dd50 ($4a2034) dword ptr [ebp-$270] dword ptr [ebp-$274] -$117d25 ($408070) ebx, eax -$118114 ($407c88)

; Controls.TMouse.GetCursorPos ; Windows.WindowFromPoint ; Windows.GetForegroundWindow