Welcome to HostingForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

IISSTATE Analysis Please...Take One

  
   Web Hosting Problem Solving Community! (Home) -> IIS RSS
Next:  Images don't show  
Author Message
anonymous1031

External


Since: Jan 26, 2004
Posts: 6



(Msg. 1) Posted: Tue Feb 03, 2004 10:35 am
Post subject: IISSTATE Analysis Please...Take One
Archived from groups: microsoft>public>inetserver>iis (more info?)
I posted this before, but I think the 2 log files are too
large for one post, so I will break it into 2 posts.

This is a COM+ package with a lot of VB dlls. They are
all compiled with retain in memoery and unsttended
execution.

Opened log file 'C:\iisstate\output\IISState-3356.log'

***********************
Starting new log output
IISState version 3.3.1

Tue Feb 03 08:36:58 2004

OS = Windows 2000
Executable: dllhost.exe
PID = 3356

Note: Thread times are formatted as HH:MM:SS.ms

***********************




Thread ID: 0
System Thread ID: 1ebc
Kernel Time: 0:0:0.31
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\System32\ntdll.dll -
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\KERNEL32.DLL -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0006fd50 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 00000102 00000000 KERNEL32!WaitForSingleObject+0xf




Thread ID: 1
System Thread ID: 1ce4
Kernel Time: 0:0:0.93
User Time: 0:0:0.171
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\ole32.dll -
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\RPCRT4.DLL -
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\System32\COMSVCS.DLL -
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 008df218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 008df244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 008df260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 008df2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 008df310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 008df368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 008df384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 008df5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 008df5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 008df5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 008df614 77abf4c4 ole32!CoInstall+0x4ddc
0b 008df634 77abf3d3 ole32!CoInstall+0x4d44
0c 008df678 77abf384 ole32!CoInstall+0x4c53
0d 008df6a0 77b0e45a ole32!CoInstall+0x4c04
0e 008df6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000504 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 2
System Thread ID: 1da4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\USER32.DLL -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0095ff30 77abaf4d USER32!TranslateMessageEx+0x4a
01 0095ff70 77abae9b ole32!CoInstall+0x7cd
02 0095ff8c 77abadd6 ole32!CoInstall+0x71b
03 00007530 00000000 ole32!CoInstall+0x656




Thread ID: 3
System Thread ID: 1d80
Kernel Time: 0:0:0.156
User Time: 0:0:0.78
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\System32\TxfAux.Dll -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00a6fc98 6de8b953 ntdll!ZwRemoveIoCompletion+0xb
01 00a6fd94 6de8b8a8 TxfAux!Log+0x5e3
02 00a6ffb4 77e8758a TxfAux!Log+0x538
03 00a6ffec 00000000 KERNEL32!SetFilePointer+0x18a




Thread ID: 4
System Thread ID: 1cfc
Kernel Time: 0:0:0.93
User Time: 0:0:0.203
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00b2f218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 00b2f244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 00b2f260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 00b2f2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 00b2f310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 00b2f368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 00b2f384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 00b2f5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 00b2f5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 00b2f5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 00b2f614 77abf4c4 ole32!CoInstall+0x4ddc
0b 00b2f634 77abf3d3 ole32!CoInstall+0x4d44
0c 00b2f678 77abf384 ole32!CoInstall+0x4c53
0d 00b2f6a0 77b0e45a ole32!CoInstall+0x4c04
0e 00b2f6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000908 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 5
System Thread ID: 1d84
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00e2ff58 77e86e1a ntdll!NtWaitForMultipleObjects+0xb
01 00e2ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 6
System Thread ID: 1dd8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\System32\NETAPI32.dll -
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00e6fb94 77d3a2c7 ntdll!NtRequestWaitReplyPort+0xb
01 00e6fba0 77b23b2c RPCRT4!I_RpcSendReceive+0x2c
02 00e6fbc0 77b239f7 ole32!DllDebugObjectRPCHook+0x12a
03 00e6fbd8 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
04 00e6fc18 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
05 00e6fc88 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
06 00e6fce0 77d90328 ole32!UpdateDCOMSettings+0xad78
07 00e6fcfc 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
08 00e6ff44 77d95f85 RPCRT4!NdrClientCall2+0x4f5
09 00e6ff60 77d77fcb RPCRT4!NdrStubCall2+0xb03
0a 00e6ff70 787f002e RPCRT4!NdrServerMarshall+0x1311
0b 78863e54 ffffffff COMSVCS!RegisterComEvents+0x6498
0c 0008b320 78863e54 0xffffffff
0d 00000000 00000000 COMSVCS!RegisterComEvents+0x7a2be




Thread ID: 7
System Thread ID: 1d9c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00eaff04 77e86784 ntdll!ZwDelayExecution+0xb
01 77f82207 4affc033 KERNEL32!Sleep+0xb
02 0424548b 00000000 0x4affc033




Thread ID: 8
System Thread ID: aa4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00f2fd70 77e86e1a ntdll!NtWaitForMultipleObjects+0xb
01 00f2ffb4 77e8758a KERNEL32!WaitForMultipleObjects+0x17
02 00f2ffec 00000000 KERNEL32!SetFilePointer+0x18a




Thread ID: 9
System Thread ID: 1d60
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00f7ff70 77e86784 ntdll!ZwDelayExecution+0xb
01 00000000 00000000 KERNEL32!Sleep+0xb




Thread ID: 10
System Thread ID: 1c44
Kernel Time: 0:0:0.46
User Time: 0:0:0.31
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 011ffd60 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 00000000 00000000 KERNEL32!WaitForSingleObject+0xf




Thread ID: 11
System Thread ID: 19ec
Kernel Time: 0:0:0.31
User Time: 0:0:0.203
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0123f218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 0123f244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 0123f260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 0123f2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 0123f310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 0123f368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 0123f384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 0123f5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 0123f5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 0123f5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 0123f614 77abf4c4 ole32!CoInstall+0x4ddc
0b 0123f634 77abf3d3 ole32!CoInstall+0x4d44
0c 0123f678 77abf384 ole32!CoInstall+0x4c53
0d 0123f6a0 77b0e45a ole32!CoInstall+0x4c04
0e 0123f6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000a09 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 12
System Thread ID: 1e4c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0127ffb4 77e8758a ntdll!ZwDelayExecution+0xb
01 0127ffec 00000000 KERNEL32!SetFilePointer+0x18a




Thread ID: 13
System Thread ID: 1c98
Kernel Time: 0:0:1.46
User Time: 0:0:3.609
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\MSVBVM60.DLL -
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 012bfc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 012bfcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 012bfd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 012bfd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 012bfd60 660d4a0a MSVBVM60!VBDllCanUnloadNow+0x2ed
05 012bfd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x166a
06 012bfde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 012bfe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 012bfe20 77e139a3 USER32!ScrollDC+0x490
09 012bfe3c 77e2305b USER32!GetQueueStatus+0x174
0a 012bfe6c 77fa032f USER32!InSendMessage+0x51
0b 012bfee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 012bff10 787bfe3b USER32!PeekMessageW+0xe7
0d 000b9058 000ae9a8 COMSVCS!Ordinal7+0x1b8b
0e 000af430 000b9058 0xae9a8
0f 000a1c98 000af430 0xb9058
10 000b5198 000a1c98 0xaf430
11 000aeca8 000b5198 0xa1c98
12 000aea40 000aeca8 0xb5198
13 000af338 000aea40 0xaeca8
14 000aee90 000af338 0xaea40
15 000af3e8 000aee90 0xaf338
16 000ae3b8 000af3e8 0xaee90
17 0009b138 000ae3b8 0xaf3e8
18 788638b0 0009b138 0xae3b8
19 000aebc8 788638b0 0x9b138
1a 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
1b 000adf40 000af2c0 0xaebc8
1c 000ae9a8 000adf40 0xaf2c0
1d 000b9058 000ae9a8 0xadf40
1e 000af430 000b9058 0xae9a8
1f 000a1c98 000af430 0xb9058
20 000b5198 000a1c98 0xaf430
21 000aeca8 000b5198 0xa1c98
22 000aea40 000aeca8 0xb5198
23 000af338 000aea40 0xaeca8
24 000aee90 000af338 0xaea40
25 000af3e8 000aee90 0xaf338
26 000ae3b8 000af3e8 0xaee90
27 0009b138 000ae3b8 0xaf3e8
28 788638b0 0009b138 0xae3b8
29 000aebc8 788638b0 0x9b138
2a 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
2b 000adf40 000af2c0 0xaebc8
2c 000ae9a8 000adf40 0xaf2c0
2d 000b9058 000ae9a8 0xadf40
2e 000af430 000b9058 0xae9a8
2f 000a1c98 000af430 0xb9058
30 000b5198 000a1c98 0xaf430
31 000aeca8 000b5198 0xa1c98




Thread ID: 14
System Thread ID: 1a2c
Kernel Time: 0:0:1.109
User Time: 0:0:3.156
*** WARNING: Unable to verify checksum for C:\PROGRA~1
\Neevia.Com\DOCUME~1\DOCCRE~1.DLL
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\PROGRA~1\Neevia.Com\DOCUME~1
\DOCCRE~1.DLL -
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\OLEAUT32.dll -
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for -
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 012fb9a4 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 012fba14 66010575 ntdll!ZwQueryDefaultLocale+0x11b
02 012fba34 77e12e98 MSVBVM60!ThunRTMain+0x2753
03 012fba54 77e139a3 USER32!ScrollDC+0x490
04 012fba70 77e2305b USER32!GetQueueStatus+0x174
05 012fbaa0 77fa032f USER32!InSendMessage+0x51
06 012fbb18 77e1569d ntdll!KiUserCallbackDispatcher+0x13
07 012fbb44 0820d4f8 USER32!PeekMessageA+0x143
08 012fbc68 082223c3 DOCCRE_1!DllUnregisterServer+0x46f18
09 012fbcc4 779d7bcd DOCCRE_1!DllUnregisterServer+0x5bde3
0a 012fbce4 77a22b30 OLEAUT32!DispCallFunc+0x15d
0b 012fbd74 081c51c1 OLEAUT32!ClearCustData+0x586
0c 012fbda0 660267ad DOCCRE_1+0x151c1
0d 012fbdf4 66101427 MSVBVM60!_vbaFreeObjList+0x362
0e 012fbe58 661013c4 MSVBVM60!_vbaLateMemCall+0x85
0f 012fbe78 5f0be5f2 MSVBVM60!_vbaLateMemCall+0x22
10 012fc090 5f0b482d EDC_ST_DSP_CNV!
EDC_DSP_TraySwitching::GetTraySwitchingDetails+0x192
11 012fc104 5f0b02a0 EDC_ST_DSP_CNV!
PDFConvertionMgr::GetTrayDetails+0x40d
12 012fc734 77d77fb0 EDC_ST_DSP_CNV!
PDFConvertionMgr::ConvertToPDF+0x34a0
13 012fc788 77d95ad7 RPCRT4!NdrServerMarshall+0x12f6
14 012fca24 77d8f721 RPCRT4!NdrStubCall2+0x655
15 012fca88 779e9014 RPCRT4!CStdStubBuffer_Invoke+0x6b
16 012fcaf0 77aa2e19 OLEAUT32!
UserEXCEPINFO_free_local+0x20c4
17 012fcbd0 77d90328 ole32!
CoCreateFreeThreadedMarshaler+0x296f
18 012fcbec 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
19 012fce34 77d95f85 RPCRT4!NdrClientCall2+0x4f5
1a 012fce50 77d77fcb RPCRT4!NdrStubCall2+0xb03
1b 012fce60 60ee1c05 RPCRT4!NdrServerMarshall+0x1311
1c 012fd938 60ed99f5 EDC_ST_DSP_DRP!DllCanUnloadNow+0x938b
1d 012fda8c 77d77fb0 EDC_ST_DSP_DRP!DllCanUnloadNow+0x117b
1e 012fdab4 77d95ad7 RPCRT4!NdrServerMarshall+0x12f6
1f 012fdd24 77d8f721 RPCRT4!NdrStubCall2+0x655
20 012fdd88 779e9014 RPCRT4!CStdStubBuffer_Invoke+0x6b
21 0494758c ffffffff OLEAUT32!
UserEXCEPINFO_free_local+0x20c4
22 000a8df8 0494758c 0xffffffff
23 00000000 00000000 0x494758c




Thread ID: 15
System Thread ID: 804
Kernel Time: 0:0:1.593
User Time: 0:0:4.625
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0133fc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 0133fcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 0133fd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 0133fd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 0133fd60 660d4a0a MSVBVM60!VBDllCanUnloadNow+0x2ed
05 0133fd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x166a
06 0133fde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 0133fe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 0133fe20 77e139a3 USER32!ScrollDC+0x490
09 0133fe3c 77e2305b USER32!GetQueueStatus+0x174
0a 0133fe6c 77fa032f USER32!InSendMessage+0x51
0b 0133fee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 0133ff10 787bfe3b USER32!PeekMessageW+0xe7
0d 000a1c98 000af430 COMSVCS!Ordinal7+0x1b8b
0e 000b5198 000a1c98 0xaf430
0f 000aeca8 000b5198 0xa1c98
10 000aea40 000aeca8 0xb5198
11 000af338 000aea40 0xaeca8
12 000aee90 000af338 0xaea40
13 000af3e8 000aee90 0xaf338
14 000ae3b8 000af3e8 0xaee90
15 0009b138 000ae3b8 0xaf3e8
16 788638b0 0009b138 0xae3b8
17 000aebc8 788638b0 0x9b138
18 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
19 000adf40 000af2c0 0xaebc8
1a 000ae9a8 000adf40 0xaf2c0
1b 000b9058 000ae9a8 0xadf40
1c 000af430 000b9058 0xae9a8
1d 000a1c98 000af430 0xb9058
1e 000b5198 000a1c98 0xaf430
1f 000aeca8 000b5198 0xa1c98
20 000aea40 000aeca8 0xb5198
21 000af338 000aea40 0xaeca8
22 000aee90 000af338 0xaea40
23 000af3e8 000aee90 0xaf338
24 000ae3b8 000af3e8 0xaee90
25 0009b138 000ae3b8 0xaf3e8
26 788638b0 0009b138 0xae3b8
27 000aebc8 788638b0 0x9b138
28 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
29 000adf40 000af2c0 0xaebc8
2a 000ae9a8 000adf40 0xaf2c0
2b 000b9058 000ae9a8 0xadf40
2c 000af430 000b9058 0xae9a8
2d 000a1c98 000af430 0xb9058
2e 000b5198 000a1c98 0xaf430
2f 000aeca8 000b5198 0xa1c98
30 000aea40 000aeca8 0xb5198
31 000af338 000aea40 0xaeca8




Thread ID: 16
System Thread ID: e5c
Kernel Time: 0:0:1.390
User Time: 0:0:4.0
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0137fc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 0137fcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 0137fd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 0137fd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 0137fd60 660d49eb MSVBVM60!VBDllCanUnloadNow+0x2ed
05 0137fd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x164b
06 0137fde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 0137fe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 0137fe20 77e139a3 USER32!ScrollDC+0x490
09 0137fe3c 77e2305b USER32!GetQueueStatus+0x174
0a 0137fe6c 77fa032f USER32!InSendMessage+0x51
0b 0137fee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 0137ff10 787bfe3b USER32!PeekMessageW+0xe7
0d 000af2c0 000aebc8 COMSVCS!Ordinal7+0x1b8b
0e 000adf40 000af2c0 0xaebc8
0f 000ae9a8 000adf40 0xaf2c0
10 000b9058 000ae9a8 0xadf40
11 000af430 000b9058 0xae9a8
12 000a1c98 000af430 0xb9058
13 000b5198 000a1c98 0xaf430
14 000aeca8 000b5198 0xa1c98
15 000aea40 000aeca8 0xb5198
16 000af338 000aea40 0xaeca8
17 000aee90 000af338 0xaea40
18 000af3e8 000aee90 0xaf338
19 000ae3b8 000af3e8 0xaee90
1a 0009b138 000ae3b8 0xaf3e8
1b 788638b0 0009b138 0xae3b8
1c 000aebc8 788638b0 0x9b138
1d 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
1e 000adf40 000af2c0 0xaebc8
1f 000ae9a8 000adf40 0xaf2c0
20 000b9058 000ae9a8 0xadf40
21 000af430 000b9058 0xae9a8
22 000a1c98 000af430 0xb9058
23 000b5198 000a1c98 0xaf430
24 000aeca8 000b5198 0xa1c98
25 000aea40 000aeca8 0xb5198
26 000af338 000aea40 0xaeca8
27 000aee90 000af338 0xaea40
28 000af3e8 000aee90 0xaf338
29 000ae3b8 000af3e8 0xaee90
2a 0009b138 000ae3b8 0xaf3e8
2b 788638b0 0009b138 0xae3b8
2c 000aebc8 788638b0 0x9b138
2d 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
2e 000adf40 000af2c0 0xaebc8
2f 000ae9a8 000adf40 0xaf2c0
30 000b9058 000ae9a8 0xadf40
31 000af430 000b9058 0xae9a8




Thread ID: 17
System Thread ID: e6c
Kernel Time: 0:0:0.656
User Time: 0:0:2.156
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 013bfc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 013bfcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 013bfd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 013bfd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 013bfd60 660d4a0a MSVBVM60!VBDllCanUnloadNow+0x2ed
05 013bfd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x166a
06 013bfde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 013bfe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 013bfe20 77e139a3 USER32!ScrollDC+0x490
09 013bfe3c 77e2305b USER32!GetQueueStatus+0x174
0a 013bfe6c 77fa032f USER32!InSendMessage+0x51
0b 013bfee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 013bff10 787bfe3b USER32!PeekMessageW+0xe7
0d 000ae3b8 000af3e8 COMSVCS!Ordinal7+0x1b8b
0e 0009b138 000ae3b8 0xaf3e8
0f 788638b0 0009b138 0xae3b8
10 000aebc8 788638b0 0x9b138
11 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
12 000adf40 000af2c0 0xaebc8
13 000ae9a8 000adf40 0xaf2c0
14 000b9058 000ae9a8 0xadf40
15 000af430 000b9058 0xae9a8
16 000a1c98 000af430 0xb9058
17 000b5198 000a1c98 0xaf430
18 000aeca8 000b5198 0xa1c98
19 000aea40 000aeca8 0xb5198
1a 000af338 000aea40 0xaeca8
1b 000aee90 000af338 0xaea40
1c 000af3e8 000aee90 0xaf338
1d 000ae3b8 000af3e8 0xaee90
1e 0009b138 000ae3b8 0xaf3e8
1f 788638b0 0009b138 0xae3b8
20 000aebc8 788638b0 0x9b138
21 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
22 000adf40 000af2c0 0xaebc8
23 000ae9a8 000adf40 0xaf2c0
24 000b9058 000ae9a8 0xadf40
25 000af430 000b9058 0xae9a8
26 000a1c98 000af430 0xb9058
27 000b5198 000a1c98 0xaf430
28 000aeca8 000b5198 0xa1c98
29 000aea40 000aeca8 0xb5198
2a 000af338 000aea40 0xaeca8
2b 000aee90 000af338 0xaea40
2c 000af3e8 000aee90 0xaf338
2d 000ae3b8 000af3e8 0xaee90
2e 0009b138 000ae3b8 0xaf3e8
2f 788638b0 0009b138 0xae3b8
30 000aebc8 788638b0 0x9b138
31 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a




Thread ID: 18
System Thread ID: 1414
Kernel Time: 0:0:1.406
User Time: 0:0:4.109
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 013ffc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 013ffcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 013ffd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 013ffd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 013ffd60 660d4a0a MSVBVM60!VBDllCanUnloadNow+0x2ed
05 013ffd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x166a
06 013ffde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 013ffe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 013ffe20 77e139a3 USER32!ScrollDC+0x490
09 013ffe3c 77e2305b USER32!GetQueueStatus+0x174
0a 013ffe6c 77fa032f USER32!InSendMessage+0x51
0b 013ffee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 013fff10 787bfe3b USER32!PeekMessageW+0xe7
0d 000af3e8 000aee90 COMSVCS!Ordinal7+0x1b8b
0e 000ae3b8 000af3e8 0xaee90
0f 0009b138 000ae3b8 0xaf3e8
10 788638b0 0009b138 0xae3b8
11 000aebc8 788638b0 0x9b138
12 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
13 000adf40 000af2c0 0xaebc8
14 000ae9a8 000adf40 0xaf2c0
15 000b9058 000ae9a8 0xadf40
16 000af430 000b9058 0xae9a8
17 000a1c98 000af430 0xb9058
18 000b5198 000a1c98 0xaf430
19 000aeca8 000b5198 0xa1c98
1a 000aea40 000aeca8 0xb5198
1b 000af338 000aea40 0xaeca8
1c 000aee90 000af338 0xaea40
1d 000af3e8 000aee90 0xaf338
1e 000ae3b8 000af3e8 0xaee90
1f 0009b138 000ae3b8 0xaf3e8
20 788638b0 0009b138 0xae3b8
21 000aebc8 788638b0 0x9b138
22 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
23 000adf40 000af2c0 0xaebc8
24 000ae9a8 000adf40 0xaf2c0
25 000b9058 000ae9a8 0xadf40
26 000af430 000b9058 0xae9a8
27 000a1c98 000af430 0xb9058
28 000b5198 000a1c98 0xaf430
29 000aeca8 000b5198 0xa1c98
2a 000aea40 000aeca8 0xb5198
2b 000af338 000aea40 0xaeca8
2c 000aee90 000af338 0xaea40
2d 000af3e8 000aee90 0xaf338
2e 000ae3b8 000af3e8 0xaee90
2f 0009b138 000ae3b8 0xaf3e8
30 788638b0 0009b138 0xae3b8
31 000aebc8 788638b0 0x9b138




Thread ID: 19
System Thread ID: f10
Kernel Time: 0:0:1.31
User Time: 0:0:3.468
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0143fc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 0143fcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 0143fd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 0143fd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 0143fd60 660d49eb MSVBVM60!VBDllCanUnloadNow+0x2ed
05 0143fd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x164b
06 0143fde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 0143fe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 0143fe20 77e139a3 USER32!ScrollDC+0x490
09 0143fe3c 77e2305b USER32!GetQueueStatus+0x174
0a 0143fe6c 77fa032f USER32!InSendMessage+0x51
0b 0143fee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 0143ff10 787bfe3b USER32!PeekMessageW+0xe7
0d 000af338 000aea40 COMSVCS!Ordinal7+0x1b8b
0e 000aee90 000af338 0xaea40
0f 000af3e8 000aee90 0xaf338
10 000ae3b8 000af3e8 0xaee90
11 0009b138 000ae3b8 0xaf3e8
12 788638b0 0009b138 0xae3b8
13 000aebc8 788638b0 0x9b138
14 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
15 000adf40 000af2c0 0xaebc8
16 000ae9a8 000adf40 0xaf2c0
17 000b9058 000ae9a8 0xadf40
18 000af430 000b9058 0xae9a8
19 000a1c98 000af430 0xb9058
1a 000b5198 000a1c98 0xaf430
1b 000aeca8 000b5198 0xa1c98
1c 000aea40 000aeca8 0xb5198
1d 000af338 000aea40 0xaeca8
1e 000aee90 000af338 0xaea40
1f 000af3e8 000aee90 0xaf338
20 000ae3b8 000af3e8 0xaee90
21 0009b138 000ae3b8 0xaf3e8
22 788638b0 0009b138 0xae3b8
23 000aebc8 788638b0 0x9b138
24 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
25 000adf40 000af2c0 0xaebc8
26 000ae9a8 000adf40 0xaf2c0
27 000b9058 000ae9a8 0xadf40
28 000af430 000b9058 0xae9a8
29 000a1c98 000af430 0xb9058
2a 000b5198 000a1c98 0xaf430
2b 000aeca8 000b5198 0xa1c98
2c 000aea40 000aeca8 0xb5198
2d 000af338 000aea40 0xaeca8
2e 000aee90 000af338 0xaea40
2f 000af3e8 000aee90 0xaf338
30 000ae3b8 000af3e8 0xaee90
31 0009b138 000ae3b8 0xaf3e8




Thread ID: 20
System Thread ID: 1ed8
Kernel Time: 0:0:0.765
User Time: 0:0:2.468
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0147fc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 0147fcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 0147fd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 0147fd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 0147fd60 660d49eb MSVBVM60!VBDllCanUnloadNow+0x2ed
05 0147fd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x164b
06 0147fde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 0147fe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 0147fe20 77e139a3 USER32!ScrollDC+0x490
09 0147fe3c 77e2305b USER32!GetQueueStatus+0x174
0a 0147fe6c 77fa032f USER32!InSendMessage+0x51
0b 0147fee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 0147ff10 787bfe3b USER32!PeekMessageW+0xe7
0d 000aebc8 788638b0 COMSVCS!Ordinal7+0x1b8b
0e 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
0f 000adf40 000af2c0 0xaebc8
10 000ae9a8 000adf40 0xaf2c0
11 000b9058 000ae9a8 0xadf40
12 000af430 000b9058 0xae9a8
13 000a1c98 000af430 0xb9058
14 000b5198 000a1c98 0xaf430
15 000aeca8 000b5198 0xa1c98
16 000aea40 000aeca8 0xb5198
17 000af338 000aea40 0xaeca8
18 000aee90 000af338 0xaea40
19 000af3e8 000aee90 0xaf338
1a 000ae3b8 000af3e8 0xaee90
1b 0009b138 000ae3b8 0xaf3e8
1c 788638b0 0009b138 0xae3b8
1d 000aebc8 788638b0 0x9b138
1e 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
1f 000adf40 000af2c0 0xaebc8
20 000ae9a8 000adf40 0xaf2c0
21 000b9058 000ae9a8 0xadf40
22 000af430 000b9058 0xae9a8
23 000a1c98 000af430 0xb9058
24 000b5198 000a1c98 0xaf430
25 000aeca8 000b5198 0xa1c98
26 000aea40 000aeca8 0xb5198
27 000af338 000aea40 0xaeca8
28 000aee90 000af338 0xaea40
29 000af3e8 000aee90 0xaf338
2a 000ae3b8 000af3e8 0xaee90
2b 0009b138 000ae3b8 0xaf3e8
2c 788638b0 0009b138 0xae3b8
2d 000aebc8 788638b0 0x9b138
2e 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
2f 000adf40 000af2c0 0xaebc8
30 000ae9a8 000adf40 0xaf2c0
31 000b9058 000ae9a8 0xadf40




Thread ID: 21
System Thread ID: e1c
Kernel Time: 0:0:1.46
User Time: 0:0:3.421
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 014bfc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 014bfcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 014bfd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 014bfd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 014bfd60 660d49eb MSVBVM60!VBDllCanUnloadNow+0x2ed
05 014bfd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x164b
06 014bfde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 014bfe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 014bfe20 77e139a3 USER32!ScrollDC+0x490
09 014bfe3c 77e2305b USER32!GetQueueStatus+0x174
0a 014bfe6c 77fa032f USER32!InSendMessage+0x51
0b 014bfee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 014bff10 787bfe3b USER32!PeekMessageW+0xe7
0d 000aeca8 000b5198 COMSVCS!Ordinal7+0x1b8b
0e 000aea40 000aeca8 0xb5198
0f 000af338 000aea40 0xaeca8
10 000aee90 000af338 0xaea40
11 000af3e8 000aee90 0xaf338
12 000ae3b8 000af3e8 0xaee90
13 0009b138 000ae3b8 0xaf3e8
14 788638b0 0009b138 0xae3b8
15 000aebc8 788638b0 0x9b138
16 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
17 000adf40 000af2c0 0xaebc8
18 000ae9a8 000adf40 0xaf2c0
19 000b9058 000ae9a8 0xadf40
1a 000af430 000b9058 0xae9a8
1b 000a1c98 000af430 0xb9058
1c 000b5198 000a1c98 0xaf430
1d 000aeca8 000b5198 0xa1c98
1e 000aea40 000aeca8 0xb5198
1f 000af338 000aea40 0xaeca8
20 000aee90 000af338 0xaea40
21 000af3e8 000aee90 0xaf338
22 000ae3b8 000af3e8 0xaee90
23 0009b138 000ae3b8 0xaf3e8
24 788638b0 0009b138 0xae3b8
25 000aebc8 788638b0 0x9b138
26 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
27 000adf40 000af2c0 0xaebc8
28 000ae9a8 000adf40 0xaf2c0
29 000b9058 000ae9a8 0xadf40
2a 000af430 000b9058 0xae9a8
2b 000a1c98 000af430 0xb9058
2c 000b5198 000a1c98 0xaf430
2d 000aeca8 000b5198 0xa1c98
2e 000aea40 000aeca8 0xb5198
2f 000af338 000aea40 0xaeca8
30 000aee90 000af338 0xaea40
31 000af3e8 000aee90 0xaf338




Thread ID: 22
System Thread ID: 1694
Kernel Time: 0:0:1.31
User Time: 0:0:2.390
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 014ffc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 014ffcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 014ffd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 014ffd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 014ffd60 660d4a0a MSVBVM60!VBDllCanUnloadNow+0x2ed
05 014ffd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x166a
06 014ffde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 014ffe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 014ffe20 77e139a3 USER32!ScrollDC+0x490
09 014ffe3c 77e2305b USER32!GetQueueStatus+0x174
0a 014ffe6c 77fa032f USER32!InSendMessage+0x51
0b 014ffee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 014fff10 787bfe3b USER32!PeekMessageW+0xe7
0d 000aea40 000aeca8 COMSVCS!Ordinal7+0x1b8b
0e 000af338 000aea40 0xaeca8
0f 000aee90 000af338 0xaea40
10 000af3e8 000aee90 0xaf338
11 000ae3b8 000af3e8 0xaee90
12 0009b138 000ae3b8 0xaf3e8
13 788638b0 0009b138 0xae3b8
14 000aebc8 788638b0 0x9b138
15 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
16 000adf40 000af2c0 0xaebc8
17 000ae9a8 000adf40 0xaf2c0
18 000b9058 000ae9a8 0xadf40
19 000af430 000b9058 0xae9a8
1a 000a1c98 000af430 0xb9058
1b 000b5198 000a1c98 0xaf430
1c 000aeca8 000b5198 0xa1c98
1d 000aea40 000aeca8 0xb5198
1e 000af338 000aea40 0xaeca8
1f 000aee90 000af338 0xaea40
20 000af3e8 000aee90 0xaf338
21 000ae3b8 000af3e8 0xaee90
22 0009b138 000ae3b8 0xaf3e8
23 788638b0 0009b138 0xae3b8
24 000aebc8 788638b0 0x9b138
25 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
26 000adf40 000af2c0 0xaebc8
27 000ae9a8 000adf40 0xaf2c0
28 000b9058 000ae9a8 0xadf40
29 000af430 000b9058 0xae9a8
2a 000a1c98 000af430 0xb9058
2b 000b5198 000a1c98 0xaf430
2c 000aeca8 000b5198 0xa1c98
2d 000aea40 000aeca8 0xb5198
2e 000af338 000aea40 0xaeca8
2f 000aee90 000af338 0xaea40
30 000af3e8 000aee90 0xaf338
31 000ae3b8 000af3e8 0xaee90




Thread ID: 23
System Thread ID: 1e00
Kernel Time: 0:0:2.171
User Time: 0:0:5.906
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0153fc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 0153fcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 0153fd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 0153fd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 0153fd60 660d4a0a MSVBVM60!VBDllCanUnloadNow+0x2ed
05 0153fd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x166a
06 0153fde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 0153fe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 0153fe20 77e139a3 USER32!ScrollDC+0x490
09 0153fe3c 77e2305b USER32!GetQueueStatus+0x174
0a 0153fe6c 77fa032f USER32!InSendMessage+0x51
0b 0153fee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 0153ff10 787bfe3b USER32!PeekMessageW+0xe7
0d 000aee90 000af338 COMSVCS!Ordinal7+0x1b8b
0e 000af3e8 000aee90 0xaf338
0f 000ae3b8 000af3e8 0xaee90
10 0009b138 000ae3b8 0xaf3e8
11 788638b0 0009b138 0xae3b8
12 000aebc8 788638b0 0x9b138
13 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
14 000adf40 000af2c0 0xaebc8
15 000ae9a8 000adf40 0xaf2c0
16 000b9058 000ae9a8 0xadf40
17 000af430 000b9058 0xae9a8
18 000a1c98 000af430 0xb9058
19 000b5198 000a1c98 0xaf430
1a 000aeca8 000b5198 0xa1c98
1b 000aea40 000aeca8 0xb5198
1c 000af338 000aea40 0xaeca8
1d 000aee90 000af338 0xaea40
1e 000af3e8 000aee90 0xaf338
1f 000ae3b8 000af3e8 0xaee90
20 0009b138 000ae3b8 0xaf3e8
21 788638b0 0009b138 0xae3b8
22 000aebc8 788638b0 0x9b138
23 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
24 000adf40 000af2c0 0xaebc8
25 000ae9a8 000adf40 0xaf2c0
26 000b9058 000ae9a8 0xadf40
27 000af430 000b9058 0xae9a8
28 000a1c98 000af430 0xb9058
29 000b5198 000a1c98 0xaf430
2a 000aeca8 000b5198 0xa1c98
2b 000aea40 000aeca8 0xb5198
2c 000af338 000aea40 0xaeca8
2d 000aee90 000af338 0xaea40
2e 000af3e8 000aee90 0xaf338
2f 000ae3b8 000af3e8 0xaee90
30 0009b138 000ae3b8 0xaf3e8
31 788638b0 0009b138 0xae3b8




Thread ID: 24
System Thread ID: 1cb0
Kernel Time: 0:0:1.859
User Time: 0:0:5.250
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0157d27c 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 0157d2c4 66011fec KERNEL32!WaitForSingleObject+0xf
02 0157d2f0 6600e230 MSVBVM60!
BASIC_CLASS_QueryInterface+0xe6e
03 0157d310 66028e89 MSVBVM60!ThunRTMain+0x40e
04 0157d330 66028dad MSVBVM60!VBDllGetClassObject+0x13d
05 0157d350 77abc9b4 MSVBVM60!VBDllGetClassObject+0x61
06 0157d37c 77abba49 ole32!CoInstall+0x2234
07 0157d400 77b0e45a ole32!CoInstall+0x12c9
08 0157d41c 787a6b75 ole32!
StgGetIFillLockBytesOnFile+0x78e5
09 0157d4a0 77abf8a3 COMSVCS!CoCreateStdTrustable+0x16bb5
0a 0157d4c0 77aa1dc5 ole32!CoInstall+0x5123
0b 0157d504 77aa1be9 ole32!
CoCreateFreeThreadedMarshaler+0x191b
0c 0157d630 77aa1aac ole32!
CoCreateFreeThreadedMarshaler+0x173f
0d 0157d658 77aa64f4 ole32!
CoCreateFreeThreadedMarshaler+0x1602
0e 0157d6c4 77aa634d ole32!CoCreateObjectInContext+0x2a88
0f 0157d6e4 77abf7b2 ole32!CoCreateObjectInContext+0x28e1
10 0157d710 77abf98e ole32!CoInstall+0x5032
11 0157d73c 77abf55c ole32!CoInstall+0x520e
12 0157d758 77abf4c4 ole32!CoInstall+0x4ddc
13 0157d778 77abf3d3 ole32!CoInstall+0x4d44
14 0157d7bc 77abf384 ole32!CoInstall+0x4c53
15 0157d7e4 77b0e45a ole32!CoInstall+0x4c04
16 0157d800 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
17 0157d87c 787a9f0e COMSVCS!Ordinal7+0xed5
18 0157e2d4 03d75070 COMSVCS!CoCreateStdTrustable+0x19f4e
19 00000000 00000000 0x3d75070




Thread ID: 25
System Thread ID: 1d4c
Kernel Time: 0:0:1.515
User Time: 0:0:4.125
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 015bfc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 015bfcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 015bfd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 015bfd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 015bfd60 660d49eb MSVBVM60!VBDllCanUnloadNow+0x2ed
05 015bfd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x164b
06 015bfde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 015bfe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 015bfe20 77e139a3 USER32!ScrollDC+0x490
09 015bfe3c 77e2305b USER32!GetQueueStatus+0x174
0a 015bfe6c 77fa032f USER32!InSendMessage+0x51
0b 015bfee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 015bff10 787bfe3b USER32!PeekMessageW+0xe7
0d 000af430 000b9058 COMSVCS!Ordinal7+0x1b8b
0e 000a1c98 000af430 0xb9058
0f 000b5198 000a1c98 0xaf430
10 000aeca8 000b5198 0xa1c98
11 000aea40 000aeca8 0xb5198
12 000af338 000aea40 0xaeca8
13 000aee90 000af338 0xaea40
14 000af3e8 000aee90 0xaf338
15 000ae3b8 000af3e8 0xaee90
16 0009b138 000ae3b8 0xaf3e8
17 788638b0 0009b138 0xae3b8
18 000aebc8 788638b0 0x9b138
19 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
1a 000adf40 000af2c0 0xaebc8
1b 000ae9a8 000adf40 0xaf2c0
1c 000b9058 000ae9a8 0xadf40
1d 000af430 000b9058 0xae9a8
1e 000a1c98 000af430 0xb9058
1f 000b5198 000a1c98 0xaf430
20 000aeca8 000b5198 0xa1c98
21 000aea40 000aeca8 0xb5198
22 000af338 000aea40 0xaeca8
23 000aee90 000af338 0xaea40
24 000af3e8 000aee90 0xaf338
25 000ae3b8 000af3e8 0xaee90
26 0009b138 000ae3b8 0xaf3e8
27 788638b0 0009b138 0xae3b8
28 000aebc8 788638b0 0x9b138
29 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
2a 000adf40 000af2c0 0xaebc8
2b 000ae9a8 000adf40 0xaf2c0
2c 000b9058 000ae9a8 0xadf40
2d 000af430 000b9058 0xae9a8
2e 000a1c98 000af430 0xb9058
2f 000b5198 000a1c98 0xaf430
30 000aeca8 000b5198 0xa1c98
31 000aea40 000aeca8 0xb5198




Thread ID: 26
System Thread ID: 1de0
Kernel Time: 0:0:1.453
User Time: 0:0:3.562
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 015ffc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 015ffcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 015ffd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 015ffd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 015ffd60 660d49eb MSVBVM60!VBDllCanUnloadNow+0x2ed
05 015ffd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x164b
06 015ffde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 015ffe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 015ffe20 77e139a3 USER32!ScrollDC+0x490
09 015ffe3c 77e2305b USER32!GetQueueStatus+0x174
0a 015ffe6c 77fa032f USER32!InSendMessage+0x51
0b 015ffee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 015fff10 787bfe3b USER32!PeekMessageW+0xe7
0d 000b5198 000a1c98 COMSVCS!Ordinal7+0x1b8b
0e 000aeca8 000b5198 0xa1c98
0f 000aea40 000aeca8 0xb5198
10 000af338 000aea40 0xaeca8
11 000aee90 000af338 0xaea40
12 000af3e8 000aee90 0xaf338
13 000ae3b8 000af3e8 0xaee90
14 0009b138 000ae3b8 0xaf3e8
15 788638b0 0009b138 0xae3b8
16 000aebc8 788638b0 0x9b138
17 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
18 000adf40 000af2c0 0xaebc8
19 000ae9a8 000adf40 0xaf2c0
1a 000b9058 000ae9a8 0xadf40
1b 000af430 000b9058 0xae9a8
1c 000a1c98 000af430 0xb9058
1d 000b5198 000a1c98 0xaf430
1e 000aeca8 000b5198 0xa1c98
1f 000aea40 000aeca8 0xb5198
20 000af338 000aea40 0xaeca8
21 000aee90 000af338 0xaea40
22 000af3e8 000aee90 0xaf338
23 000ae3b8 000af3e8 0xaee90
24 0009b138 000ae3b8 0xaf3e8
25 788638b0 0009b138 0xae3b8
26 000aebc8 788638b0 0x9b138
27 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
28 000adf40 000af2c0 0xaebc8
29 000ae9a8 000adf40 0xaf2c0
2a 000b9058 000ae9a8 0xadf40
2b 000af430 000b9058 0xae9a8
2c 000a1c98 000af430 0xb9058
2d 000b5198 000a1c98 0xaf430
2e 000aeca8 000b5198 0xa1c98
2f 000aea40 000aeca8 0xb5198
30 000af338 000aea40 0xaeca8
31 000aee90 000af338 0xaea40




Thread ID: 27
System Thread ID: 1d10
Kernel Time: 0:0:2.140
User Time: 0:0:7.0
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0163fc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
01 0163fcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
02 0163fd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
03 0163fd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
04 0163fd60 660d4a0a MSVBVM60!VBDllCanUnloadNow+0x2ed
05 0163fd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x166a
06 0163fde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
07 0163fe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
08 0163fe20 77e139a3 USER32!ScrollDC+0x490
09 0163fe3c 77e2305b USER32!GetQueueStatus+0x174
0a 0163fe6c 77fa032f USER32!InSendMessage+0x51
0b 0163fee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
0c 0163ff10 787bfe3b USER32!PeekMessageW+0xe7
0d 0009b138 000ae3b8 COMSVCS!Ordinal7+0x1b8b
0e 788638b0 0009b138 0xae3b8
0f 000aebc8 788638b0 0x9b138
10 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
11 000adf40 000af2c0 0xaebc8
12 000ae9a8 000adf40 0xaf2c0
13 000b9058 000ae9a8 0xadf40
14 000af430 000b9058 0xae9a8
15 000a1c98 000af430 0xb9058
16 000b5198 000a1c98 0xaf430
17 000aeca8 000b5198 0xa1c98
18 000aea40 000aeca8 0xb5198
19 000af338 000aea40 0xaeca8
1a 000aee90 000af338 0xaea40
1b 000af3e8 000aee90 0xaf338
1c 000ae3b8 000af3e8 0xaee90
1d 0009b138 000ae3b8 0xaf3e8
1e 788638b0 0009b138 0xae3b8
1f 000aebc8 788638b0 0x9b138
20 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
21 000adf40 000af2c0 0xaebc8
22 000ae9a8 000adf40 0xaf2c0
23 000b9058 000ae9a8 0xadf40
24 000af430 000b9058 0xae9a8
25 000a1c98 000af430 0xb9058
26 000b5198 000a1c98 0xaf430
27 000aeca8 000b5198 0xa1c98
28 000aea40 000aeca8 0xb5198
29 000af338 000aea40 0xaeca8
2a 000aee90 000af338 0xaea40
2b 000af3e8 000aee90 0xaf338
2c 000ae3b8 000af3e8 0xaee90
2d 0009b138 000ae3b8 0xaf3e8
2e 788638b0 0009b138 0xae3b8
2f 000aebc8 788638b0 0x9b138
30 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
31 000adf40 000af2c0 0xaebc8




Thread ID: 28
System Thread ID: 14b4
Kernel Time: 0:0:0.46
User Time: 0:0:0.15
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0266ff80 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 0266ffb4 77e8758a KERNEL32!WaitForSingleObject+0xf
02 0266ffec 00000000 KERNEL32!SetFilePointer+0x18a




Thread ID: 29
System Thread ID: 1620
Kernel Time: 0:0:0.31
User Time: 0:0:0.31
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 026aff78 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 026affb4 77e8758a KERNEL32!WaitForSingleObject+0xf
02 026affec 00000000 KERNEL32!SetFilePointer+0x18a




Thread ID: 30
System Thread ID: 1d64
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 026efd7c 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 00000000 00000000 KERNEL32!WaitForSingleObject+0xf




Thread ID: 31
System Thread ID: 1b70
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 028bffb4 77e8758a ntdll!ZwRemoveIoCompletion+0xb
01 028bffec 00000000 KERNEL32!SetFilePointer+0x18a




Thread ID: 32
System Thread ID: 8a4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 083af218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 083af244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 083af260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 083af2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 083af310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 083af368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 083af384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 083af5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 083af5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 083af5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 083af614 77abf4c4 ole32!CoInstall+0x4ddc
0b 083af634 77abf3d3 ole32!CoInstall+0x4d44
0c 083af678 77abf384 ole32!CoInstall+0x4c53
0d 083af6a0 77b0e45a ole32!CoInstall+0x4c04
0e 083af6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000201 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 33
System Thread ID: 1d94
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 083ef218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 083ef244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 083ef260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 083ef2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 083ef310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 083ef368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 083ef384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 083ef5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 083ef5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 083ef5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 083ef614 77abf4c4 ole32!CoInstall+0x4ddc
0b 083ef634 77abf3d3 ole32!CoInstall+0x4d44
0c 083ef678 77abf384 ole32!CoInstall+0x4c53
0d 083ef6a0 77b0e45a ole32!CoInstall+0x4c04
0e 083ef6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000e0d 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 34
System Thread ID: 890
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0842f218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 0842f244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 0842f260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 0842f2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 0842f310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 0842f368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 0842f384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 0842f5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 0842f5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 0842f5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 0842f614 77abf4c4 ole32!CoInstall+0x4ddc
0b 0842f634 77abf3d3 ole32!CoInstall+0x4d44
0c 0842f678 77abf384 ole32!CoInstall+0x4c53
0d 0842f6a0 77b0e45a ole32!CoInstall+0x4c04
0e 0842f6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000403 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 35
System Thread ID: 1ce0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0846f218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 0846f244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 0846f260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 0846f2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 0846f310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 0846f368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 0846f384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 0846f5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 0846f5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 0846f5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 0846f614 77abf4c4 ole32!CoInstall+0x4ddc
0b 0846f634 77abf3d3 ole32!CoInstall+0x4d44
0c 0846f678 77abf384 ole32!CoInstall+0x4c53
0d 0846f6a0 77b0e45a ole32!CoInstall+0x4c04
0e 0846f6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000f0e 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 36
System Thread ID: 1dfc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 084af218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 084af244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 084af260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 084af2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 084af310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 084af368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 084af384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 084af5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 084af5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 084af5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 084af614 77abf4c4 ole32!CoInstall+0x4ddc
0b 084af634 77abf3d3 ole32!CoInstall+0x4d44
0c 084af678 77abf384 ole32!CoInstall+0x4c53
0d 084af6a0 77b0e45a ole32!CoInstall+0x4c04
0e 084af6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000b0a 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 37
System Thread ID: 1ec4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 084ef218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 084ef244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 084ef260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 084ef2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 084ef310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 084ef368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 084ef384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 084ef5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 084ef5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 084ef5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 084ef614 77abf4c4 ole32!CoInstall+0x4ddc
0b 084ef634 77abf3d3 ole32!CoInstall+0x4d44
0c 084ef678 77abf384 ole32!CoInstall+0x4c53
0d 084ef6a0 77b0e45a ole32!CoInstall+0x4c04
0e 084ef6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000c0b 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 38
System Thread ID: 1c2c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0852f218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 0852f244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 0852f260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 0852f2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 0852f310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 0852f368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 0852f384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 0852f5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 0852f5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 0852f5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 0852f614 77abf4c4 ole32!CoInstall+0x4ddc
0b 0852f634 77abf3d3 ole32!CoInstall+0x4d44
0c 0852f678 77abf384 ole32!CoInstall+0x4c53
0d 0852f6a0 77b0e45a ole32!CoInstall+0x4c04
0e 0852f6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000807 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 39
System Thread ID: 1cac
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 085af218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 085af244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 085af260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 085af2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 085af310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 085af368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 085af384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 085af5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 085af5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 085af5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 085af614 77abf4c4 ole32!CoInstall+0x4ddc
0b 085af634 77abf3d3 ole32!CoInstall+0x4d44
0c 085af678 77abf384 ole32!CoInstall+0x4c53
0d 085af6a0 77b0e45a ole32!CoInstall+0x4c04
0e 085af6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000605 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 40
System Thread ID: 1d78
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 085ef218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 085ef244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 085ef260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 085ef2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 085ef310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 085ef368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 085ef384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 085ef5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 085ef5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 085ef5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 085ef614 77abf4c4 ole32!CoInstall+0x4ddc
0b 085ef634 77abf3d3 ole32!CoInstall+0x4d44
0c 085ef678 77abf384 ole32!CoInstall+0x4c53
0d 085ef6a0 77b0e45a ole32!CoInstall+0x4c04
0e 085ef6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000706 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 41
System Thread ID: 1ddc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0862f218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 0862f244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 0862f260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 0862f2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 0862f310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 0862f368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 0862f384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 0862f5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 0862f5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 0862f5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 0862f614 77abf4c4 ole32!CoInstall+0x4ddc
0b 0862f634 77abf3d3 ole32!CoInstall+0x4d44
0c 0862f678 77abf384 ole32!CoInstall+0x4c53
0d 0862f6a0 77b0e45a ole32!CoInstall+0x4c04
0e 0862f6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 0000100f 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 42
System Thread ID: 1d20
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0866f218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 0866f244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 0866f260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 0866f2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 0866f310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 0866f368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 0866f384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 0866f5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 0866f5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 0866f5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 0866f614 77abf4c4 ole32!CoInstall+0x4ddc
0b 0866f634 77abf3d3 ole32!CoInstall+0x4d44
0c 0866f678 77abf384 ole32!CoInstall+0x4c53
0d 0866f6a0 77b0e45a ole32!CoInstall+0x4c04
0e 0866f6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000c0b 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 43
System Thread ID: 1d98
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 086af218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 086af244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 086af260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 086af2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 086af310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 086af368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 086af384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 086af5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 086af5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 086af5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 086af614 77abf4c4 ole32!CoInstall+0x4ddc
0b 086af634 77abf3d3 ole32!CoInstall+0x4d44
0c 086af678 77abf384 ole32!CoInstall+0x4c53
0d 086af6a0 77b0e45a ole32!CoInstall+0x4c04
0e 086af6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 0000100f 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 44
System Thread ID: 1ccc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 086ef218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 086ef244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 086ef260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 086ef2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 086ef310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 086ef368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 086ef384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 086ef5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 086ef5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 086ef5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 086ef614 77abf4c4 ole32!CoInstall+0x4ddc
0b 086ef634 77abf3d3 ole32!CoInstall+0x4d44
0c 086ef678 77abf384 ole32!CoInstall+0x4c53
0d 086ef6a0 77b0e45a ole32!CoInstall+0x4c04
0e 086ef6bc 787bf185 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 00000605 00000000 COMSVCS!Ordinal7+0xed5




Thread ID: 45
System Thread ID: 15e0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0872f218 77e86a3d ntdll!NtWaitForSingleObject+0xb
01 0872f244 77b2399b KERNEL32!WaitForSingleObject+0xf
02 0872f260 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1af8
03 0872f2a0 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
04 0872f310 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
05 0872f368 77d90328 ole32!UpdateDCOMSettings+0xad78
06 0872f384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
07 0872f5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
08 0872f5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
09 0872f5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
0a 0872f614 77abf4c4 ole32!CoIns...(message truncated)

 >> Stay informed about: IISSTATE Analysis Please...Take One 
Back to top
Login to vote
patfilot

External


Since: Aug 24, 2003
Posts: 1478



(Msg. 2) Posted: Tue Feb 03, 2004 11:01 am
Post subject: Re: IISSTATE Analysis Please...Take One [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Most likely the problem is related to the use of C:\PROGRA~1
\Neevia.Com\DOCUME~1\DOCCRE~1.DLL.

Without symbols, I can't really tell you much.

Suggestions:
1) Re-compile (you can still compile optimized) the dll above and build a
..pdb file. Place the .pdb in the directory w/the (new) dll on the server.
That way, IISState can pick it up and tell us what functions it is running.

2) Allow this server HTTP access to microsoft.com. IISState needs to
download symbols from MS to do its analysis, otherwise things are a bit
hazy.

Next time it hangs, run IISState again and we can see if (given symbols) the
analysis is easier.

Pat

"d" <anonymous.RemoveThis@discussions.microsoft.com> wrote in message
news:92e001c3ea6b$6147edd0$a001280a@phx.gbl...
 > I posted this before, but I think the 2 log files are too
 > large for one post, so I will break it into 2 posts.
 >
 > This is a COM+ package with a lot of VB dlls. They are
 > all compiled with retain in memoery and unsttended
 > execution.
 >
 > Opened log file 'C:\iisstate\output\IISState-3356.log'
 >
 > ***********************
 > Starting new log output
 > IISState version 3.3.1
 >
 > Tue Feb 03 08:36:58 2004
 >
 > OS = Windows 2000
 > Executable: dllhost.exe
 > PID = 3356
 >
 > Note: Thread times are formatted as HH:MM:SS.ms
 >
 > ***********************
 >
 >
 >
 >
 > Thread ID: 0
 > System Thread ID: 1ebc
 > Kernel Time: 0:0:0.31
 > User Time: 0:0:0.0
 > *** ERROR: Symbol file could not be found. Defaulted to
 > export symbols for C:\WINNT\System32\ntdll.dll -
 > *** ERROR: Symbol file could not be found. Defaulted to
 > export symbols for C:\WINNT\system32\KERNEL32.DLL -
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 0006fd50 77e86a3d ntdll!NtWaitForSingleObject+0xb
 > 01 00000102 00000000 KERNEL32!WaitForSingleObject+0xf
 >
 >
 >
 >
 > Thread ID: 1
 > System Thread ID: 1ce4
 > Kernel Time: 0:0:0.93
 > User Time: 0:0:0.171
 > *** ERROR: Symbol file could not be found. Defaulted to
 > export symbols for C:\WINNT\system32\ole32.dll -
 > *** ERROR: Symbol file could not be found. Defaulted to
 > export symbols for C:\WINNT\system32\RPCRT4.DLL -
 > *** ERROR: Symbol file could not be found. Defaulted to
 > export symbols for C:\WINNT\System32\COMSVCS.DLL -
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to
 > locate ASP page.
 > Continuing with other analysis.
 >
 > OLE32.dll Symbols not found. Unable to proceed with DCOM
 > check.
 > Continuing other analysis.
 >
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 008df218 77e86a3d ntdll!NtWaitForSingleObject+0xb
 > 01 008df244 77b2399b KERNEL32!WaitForSingleObject+0xf
 > 02 008df260 77b20aa5 ole32!
 > WdtpInterfacePointer_UserSize+0x1af8
 > 03 008df2a0 77b23870 ole32!
 > StgGetIFillLockBytesOnFile+0x19f30
 > 04 008df310 77ab6ac3 ole32!
 > WdtpInterfacePointer_UserSize+0x19cd
 > 05 008df368 77d90328 ole32!UpdateDCOMSettings+0xad78
 > 06 008df384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
 > 07 008df5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
 > 08 008df5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
 > 09 008df5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
 > 0a 008df614 77abf4c4 ole32!CoInstall+0x4ddc
 > 0b 008df634 77abf3d3 ole32!CoInstall+0x4d44
 > 0c 008df678 77abf384 ole32!CoInstall+0x4c53
 > 0d 008df6a0 77b0e45a ole32!CoInstall+0x4c04
 > 0e 008df6bc 787bf185 ole32!
 > StgGetIFillLockBytesOnFile+0x78e5
 > 0f 00000504 00000000 COMSVCS!Ordinal7+0xed5
 >
 >
 >
 >
 > Thread ID: 2
 > System Thread ID: 1da4
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > *** ERROR: Symbol file could not be found. Defaulted to
 > export symbols for C:\WINNT\system32\USER32.DLL -
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 0095ff30 77abaf4d USER32!TranslateMessageEx+0x4a
 > 01 0095ff70 77abae9b ole32!CoInstall+0x7cd
 > 02 0095ff8c 77abadd6 ole32!CoInstall+0x71b
 > 03 00007530 00000000 ole32!CoInstall+0x656
 >
 >
 >
 >
 > Thread ID: 3
 > System Thread ID: 1d80
 > Kernel Time: 0:0:0.156
 > User Time: 0:0:0.78
 > *** ERROR: Symbol file could not be found. Defaulted to
 > export symbols for C:\WINNT\System32\TxfAux.Dll -
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 00a6fc98 6de8b953 ntdll!ZwRemoveIoCompletion+0xb
 > 01 00a6fd94 6de8b8a8 TxfAux!Log+0x5e3
 > 02 00a6ffb4 77e8758a TxfAux!Log+0x538
 > 03 00a6ffec 00000000 KERNEL32!SetFilePointer+0x18a
 >
 >
 >
 >
 > Thread ID: 4
 > System Thread ID: 1cfc
 > Kernel Time: 0:0:0.93
 > User Time: 0:0:0.203
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to
 > locate ASP page.
 > Continuing with other analysis.
 >
 > OLE32.dll Symbols not found. Unable to proceed with DCOM
 > check.
 > Continuing other analysis.
 >
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 00b2f218 77e86a3d ntdll!NtWaitForSingleObject+0xb
 > 01 00b2f244 77b2399b KERNEL32!WaitForSingleObject+0xf
 > 02 00b2f260 77b20aa5 ole32!
 > WdtpInterfacePointer_UserSize+0x1af8
 > 03 00b2f2a0 77b23870 ole32!
 > StgGetIFillLockBytesOnFile+0x19f30
 > 04 00b2f310 77ab6ac3 ole32!
 > WdtpInterfacePointer_UserSize+0x19cd
 > 05 00b2f368 77d90328 ole32!UpdateDCOMSettings+0xad78
 > 06 00b2f384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
 > 07 00b2f5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
 > 08 00b2f5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
 > 09 00b2f5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
 > 0a 00b2f614 77abf4c4 ole32!CoInstall+0x4ddc
 > 0b 00b2f634 77abf3d3 ole32!CoInstall+0x4d44
 > 0c 00b2f678 77abf384 ole32!CoInstall+0x4c53
 > 0d 00b2f6a0 77b0e45a ole32!CoInstall+0x4c04
 > 0e 00b2f6bc 787bf185 ole32!
 > StgGetIFillLockBytesOnFile+0x78e5
 > 0f 00000908 00000000 COMSVCS!Ordinal7+0xed5
 >
 >
 >
 >
 > Thread ID: 5
 > System Thread ID: 1d84
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 00e2ff58 77e86e1a ntdll!NtWaitForMultipleObjects+0xb
 > 01 00e2ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17
 >
 >
 >
 >
 > Thread ID: 6
 > System Thread ID: 1dd8
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > *** ERROR: Symbol file could not be found. Defaulted to
 > export symbols for C:\WINNT\System32\NETAPI32.dll -
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to
 > locate ASP page.
 > Continuing with other analysis.
 >
 > OLE32.dll Symbols not found. Unable to proceed with DCOM
 > check.
 > Continuing other analysis.
 >
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 00e6fb94 77d3a2c7 ntdll!NtRequestWaitReplyPort+0xb
 > 01 00e6fba0 77b23b2c RPCRT4!I_RpcSendReceive+0x2c
 > 02 00e6fbc0 77b239f7 ole32!DllDebugObjectRPCHook+0x12a
 > 03 00e6fbd8 77b20aa5 ole32!
 > WdtpInterfacePointer_UserSize+0x1b54
 > 04 00e6fc18 77b23870 ole32!
 > StgGetIFillLockBytesOnFile+0x19f30
 > 05 00e6fc88 77ab6ac3 ole32!
 > WdtpInterfacePointer_UserSize+0x19cd
 > 06 00e6fce0 77d90328 ole32!UpdateDCOMSettings+0xad78
 > 07 00e6fcfc 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
 > 08 00e6ff44 77d95f85 RPCRT4!NdrClientCall2+0x4f5
 > 09 00e6ff60 77d77fcb RPCRT4!NdrStubCall2+0xb03
 > 0a 00e6ff70 787f002e RPCRT4!NdrServerMarshall+0x1311
 > 0b 78863e54 ffffffff COMSVCS!RegisterComEvents+0x6498
 > 0c 0008b320 78863e54 0xffffffff
 > 0d 00000000 00000000 COMSVCS!RegisterComEvents+0x7a2be
 >
 >
 >
 >
 > Thread ID: 7
 > System Thread ID: 1d9c
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 00eaff04 77e86784 ntdll!ZwDelayExecution+0xb
 > 01 77f82207 4affc033 KERNEL32!Sleep+0xb
 > 02 0424548b 00000000 0x4affc033
 >
 >
 >
 >
 > Thread ID: 8
 > System Thread ID: aa4
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 00f2fd70 77e86e1a ntdll!NtWaitForMultipleObjects+0xb
 > 01 00f2ffb4 77e8758a KERNEL32!WaitForMultipleObjects+0x17
 > 02 00f2ffec 00000000 KERNEL32!SetFilePointer+0x18a
 >
 >
 >
 >
 > Thread ID: 9
 > System Thread ID: 1d60
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 00f7ff70 77e86784 ntdll!ZwDelayExecution+0xb
 > 01 00000000 00000000 KERNEL32!Sleep+0xb
 >
 >
 >
 >
 > Thread ID: 10
 > System Thread ID: 1c44
 > Kernel Time: 0:0:0.46
 > User Time: 0:0:0.31
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 011ffd60 77e86a3d ntdll!NtWaitForSingleObject+0xb
 > 01 00000000 00000000 KERNEL32!WaitForSingleObject+0xf
 >
 >
 >
 >
 > Thread ID: 11
 > System Thread ID: 19ec
 > Kernel Time: 0:0:0.31
 > User Time: 0:0:0.203
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to
 > locate ASP page.
 > Continuing with other analysis.
 >
 > OLE32.dll Symbols not found. Unable to proceed with DCOM
 > check.
 > Continuing other analysis.
 >
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 0123f218 77e86a3d ntdll!NtWaitForSingleObject+0xb
 > 01 0123f244 77b2399b KERNEL32!WaitForSingleObject+0xf
 > 02 0123f260 77b20aa5 ole32!
 > WdtpInterfacePointer_UserSize+0x1af8
 > 03 0123f2a0 77b23870 ole32!
 > StgGetIFillLockBytesOnFile+0x19f30
 > 04 0123f310 77ab6ac3 ole32!
 > WdtpInterfacePointer_UserSize+0x19cd
 > 05 0123f368 77d90328 ole32!UpdateDCOMSettings+0xad78
 > 06 0123f384 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
 > 07 0123f5cc 77d95f85 RPCRT4!NdrClientCall2+0x4f5
 > 08 0123f5e8 77d77fcb RPCRT4!NdrStubCall2+0xb03
 > 09 0123f5f8 77abf55c RPCRT4!NdrServerMarshall+0x1311
 > 0a 0123f614 77abf4c4 ole32!CoInstall+0x4ddc
 > 0b 0123f634 77abf3d3 ole32!CoInstall+0x4d44
 > 0c 0123f678 77abf384 ole32!CoInstall+0x4c53
 > 0d 0123f6a0 77b0e45a ole32!CoInstall+0x4c04
 > 0e 0123f6bc 787bf185 ole32!
 > StgGetIFillLockBytesOnFile+0x78e5
 > 0f 00000a09 00000000 COMSVCS!Ordinal7+0xed5
 >
 >
 >
 >
 > Thread ID: 12
 > System Thread ID: 1e4c
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 0127ffb4 77e8758a ntdll!ZwDelayExecution+0xb
 > 01 0127ffec 00000000 KERNEL32!SetFilePointer+0x18a
 >
 >
 >
 >
 > Thread ID: 13
 > System Thread ID: 1c98
 > Kernel Time: 0:0:1.46
 > User Time: 0:0:3.609
 > *** ERROR: Symbol file could not be found. Defaulted to
 > export symbols for C:\WINNT\system32\MSVBVM60.DLL -
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: ASP
 > Executing Page: ASP.dll symbols not found. Unable to
 > locate ASP page.
 > Continuing with other analysis.
 >
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 012bfc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
 > 01 012bfcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
 > 02 012bfd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
 > 03 012bfd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
 > 04 012bfd60 660d4a0a MSVBVM60!VBDllCanUnloadNow+0x2ed
 > 05 012bfd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x166a
 > 06 012bfde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
 > 07 012bfe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
 > 08 012bfe20 77e139a3 USER32!ScrollDC+0x490
 > 09 012bfe3c 77e2305b USER32!GetQueueStatus+0x174
 > 0a 012bfe6c 77fa032f USER32!InSendMessage+0x51
 > 0b 012bfee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
 > 0c 012bff10 787bfe3b USER32!PeekMessageW+0xe7
 > 0d 000b9058 000ae9a8 COMSVCS!Ordinal7+0x1b8b
 > 0e 000af430 000b9058 0xae9a8
 > 0f 000a1c98 000af430 0xb9058
 > 10 000b5198 000a1c98 0xaf430
 > 11 000aeca8 000b5198 0xa1c98
 > 12 000aea40 000aeca8 0xb5198
 > 13 000af338 000aea40 0xaeca8
 > 14 000aee90 000af338 0xaea40
 > 15 000af3e8 000aee90 0xaf338
 > 16 000ae3b8 000af3e8 0xaee90
 > 17 0009b138 000ae3b8 0xaf3e8
 > 18 788638b0 0009b138 0xae3b8
 > 19 000aebc8 788638b0 0x9b138
 > 1a 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
 > 1b 000adf40 000af2c0 0xaebc8
 > 1c 000ae9a8 000adf40 0xaf2c0
 > 1d 000b9058 000ae9a8 0xadf40
 > 1e 000af430 000b9058 0xae9a8
 > 1f 000a1c98 000af430 0xb9058
 > 20 000b5198 000a1c98 0xaf430
 > 21 000aeca8 000b5198 0xa1c98
 > 22 000aea40 000aeca8 0xb5198
 > 23 000af338 000aea40 0xaeca8
 > 24 000aee90 000af338 0xaea40
 > 25 000af3e8 000aee90 0xaf338
 > 26 000ae3b8 000af3e8 0xaee90
 > 27 0009b138 000ae3b8 0xaf3e8
 > 28 788638b0 0009b138 0xae3b8
 > 29 000aebc8 788638b0 0x9b138
 > 2a 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
 > 2b 000adf40 000af2c0 0xaebc8
 > 2c 000ae9a8 000adf40 0xaf2c0
 > 2d 000b9058 000ae9a8 0xadf40
 > 2e 000af430 000b9058 0xae9a8
 > 2f 000a1c98 000af430 0xb9058
 > 30 000b5198 000a1c98 0xaf430
 > 31 000aeca8 000b5198 0xa1c98
 >
 >
 >
 >
 > Thread ID: 14
 > System Thread ID: 1a2c
 > Kernel Time: 0:0:1.109
 > User Time: 0:0:3.156
 > *** WARNING: Unable to verify checksum for C:\PROGRA~1
 > \Neevia.Com\DOCUME~1\DOCCRE~1.DLL
 > *** ERROR: Symbol file could not be found. Defaulted to
 > export symbols for C:\PROGRA~1\Neevia.Com\DOCUME~1
 > \DOCCRE~1.DLL -
 > *** ERROR: Symbol file could not be found. Defaulted to
 > export symbols for C:\WINNT\system32\OLEAUT32.dll -
 > *** ERROR: Symbol file could not be found. Defaulted to
 > export symbols for -
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: ASP
 > Executing Page: ASP.dll symbols not found. Unable to
 > locate ASP page.
 > Continuing with other analysis.
 >
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 012fb9a4 77f838c6 ntdll!NtWaitForSingleObject+0xb
 > 01 012fba14 66010575 ntdll!ZwQueryDefaultLocale+0x11b
 > 02 012fba34 77e12e98 MSVBVM60!ThunRTMain+0x2753
 > 03 012fba54 77e139a3 USER32!ScrollDC+0x490
 > 04 012fba70 77e2305b USER32!GetQueueStatus+0x174
 > 05 012fbaa0 77fa032f USER32!InSendMessage+0x51
 > 06 012fbb18 77e1569d ntdll!KiUserCallbackDispatcher+0x13
 > 07 012fbb44 0820d4f8 USER32!PeekMessageA+0x143
 > 08 012fbc68 082223c3 DOCCRE_1!DllUnregisterServer+0x46f18
 > 09 012fbcc4 779d7bcd DOCCRE_1!DllUnregisterServer+0x5bde3
 > 0a 012fbce4 77a22b30 OLEAUT32!DispCallFunc+0x15d
 > 0b 012fbd74 081c51c1 OLEAUT32!ClearCustData+0x586
 > 0c 012fbda0 660267ad DOCCRE_1+0x151c1
 > 0d 012fbdf4 66101427 MSVBVM60!_vbaFreeObjList+0x362
 > 0e 012fbe58 661013c4 MSVBVM60!_vbaLateMemCall+0x85
 > 0f 012fbe78 5f0be5f2 MSVBVM60!_vbaLateMemCall+0x22
 > 10 012fc090 5f0b482d EDC_ST_DSP_CNV!
 > EDC_DSP_TraySwitching::GetTraySwitchingDetails+0x192
 > 11 012fc104 5f0b02a0 EDC_ST_DSP_CNV!
 > PDFConvertionMgr::GetTrayDetails+0x40d
 > 12 012fc734 77d77fb0 EDC_ST_DSP_CNV!
 > PDFConvertionMgr::ConvertToPDF+0x34a0
 > 13 012fc788 77d95ad7 RPCRT4!NdrServerMarshall+0x12f6
 > 14 012fca24 77d8f721 RPCRT4!NdrStubCall2+0x655
 > 15 012fca88 779e9014 RPCRT4!CStdStubBuffer_Invoke+0x6b
 > 16 012fcaf0 77aa2e19 OLEAUT32!
 > UserEXCEPINFO_free_local+0x20c4
 > 17 012fcbd0 77d90328 ole32!
 > CoCreateFreeThreadedMarshaler+0x296f
 > 18 012fcbec 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
 > 19 012fce34 77d95f85 RPCRT4!NdrClientCall2+0x4f5
 > 1a 012fce50 77d77fcb RPCRT4!NdrStubCall2+0xb03
 > 1b 012fce60 60ee1c05 RPCRT4!NdrServerMarshall+0x1311
 > 1c 012fd938 60ed99f5 EDC_ST_DSP_DRP!DllCanUnloadNow+0x938b
 > 1d 012fda8c 77d77fb0 EDC_ST_DSP_DRP!DllCanUnloadNow+0x117b
 > 1e 012fdab4 77d95ad7 RPCRT4!NdrServerMarshall+0x12f6
 > 1f 012fdd24 77d8f721 RPCRT4!NdrStubCall2+0x655
 > 20 012fdd88 779e9014 RPCRT4!CStdStubBuffer_Invoke+0x6b
 > 21 0494758c ffffffff OLEAUT32!
 > UserEXCEPINFO_free_local+0x20c4
 > 22 000a8df8 0494758c 0xffffffff
 > 23 00000000 00000000 0x494758c
 >
 >
 >
 >
 > Thread ID: 15
 > System Thread ID: 804
 > Kernel Time: 0:0:1.593
 > User Time: 0:0:4.625
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: ASP
 > Executing Page: ASP.dll symbols not found. Unable to
 > locate ASP page.
 > Continuing with other analysis.
 >
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available.
 > Following frames may be wrong.
 > 00 0133fc70 77f838c6 ntdll!NtWaitForSingleObject+0xb
 > 01 0133fcb8 66097313 ntdll!ZwQueryDefaultLocale+0x11b
 > 02 0133fd00 6601e3d4 MSVBVM60!IID_IVbaHost+0x42b63
 > 03 0133fd2c 6602c6d7 MSVBVM60!EVENT_SINK_AddRef+0xd8d
 > 04 0133fd60 660d4a0a MSVBVM60!VBDllCanUnloadNow+0x2ed
 > 05 0133fd98 660d4aa3 MSVBVM60!DLLGetDocumentation+0x166a
 > 06 0133fde0 66010575 MSVBVM60!DLLGetDocumentation+0x1703
 > 07 0133fe00 77e12e98 MSVBVM60!ThunRTMain+0x2753
 > 08 0133fe20 77e139a3 USER32!ScrollDC+0x490
 > 09 0133fe3c 77e2305b USER32!GetQueueStatus+0x174
 > 0a 0133fe6c 77fa032f USER32!InSendMessage+0x51
 > 0b 0133fee4 77e13cd2 ntdll!KiUserCallbackDispatcher+0x13
 > 0c 0133ff10 787bfe3b USER32!PeekMessageW+0xe7
 > 0d 000a1c98 000af430 COMSVCS!Ordinal7+0x1b8b
 > 0e 000b5198 000a1c98 0xaf430
 > 0f 000aeca8 000b5198 0xa1c98
 > 10 000aea40 000aeca8 0xb5198
 > 11 000af338 000aea40 0xaeca8
 > 12 000aee90 000af338 0xaea40
 > 13 000af3e8 000aee90 0xaf338
 > 14 000ae3b8 000af3e8 0xaee90
 > 15 0009b138 000ae3b8 0xaf3e8
 > 16 788638b0 0009b138 0xae3b8
 > 17 000aebc8 788638b0 0x9b138
 > 18 000af2c0 000aebc8 COMSVCS!RegisterComEvents+0x79d1a
 > 19 000adf40 000af2c0 0xaebc8
 > 1a 000ae9a8 000adf40 0xaf2c0
 > 1b 000b9058 000ae9a8 0xadf40
 > 1c 000af430 000b9058 0xae9a8
 > 1d 000a1c98 000af430 0xb9058
 >