Welcome to HostingForumz.com!
FAQFAQ   SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log in/Register/PasswordLog in/Register/Password

IISState log help

  
   Web Hosting Problem Solving Community! (Home) -> IIS RSS
Related Topics:
MTX 100% CPU, IISSTATE Log - We're having a problem with a web site that is using 100% CPU and eating all the memory. Yes, it's still on a NT4 server ;) IISSTATE is all the symbols except the asp symbols. Because there are 200 web sites on this server it's..

IISState log - My server has been rock solid for years until 9/6/04. At that point IIS just started crashing over and over. It seems to do it multiple (50+) times and then will work for 12 hours or so and start up again. Thanks for any pointers. Here is what came..

IISState Log - crashes and is the iisstate log: Opened log file Starting new log output IISState version 3.3.1 Thu Aug 12 13:17:38 2004 OS = Windows 2003 Server

IISState Log: 100% CPU on OWA - Platform: Outlook Web Access (service pack 4 from Exch 5.5 SP4) on Windows 2000 Adv Server & IIS 5.0 with all Service Packs and Patches. Problem: hit 100% CPU hang. Action: Used iisstate against the PID. Instead of..

IISState Log - Can anyone help with this. We have a page which is used on multiple sites on the same server that use the msxml object. Basically the process running the site starts to use 99% CPU until it is recycled. We can never actually recreate the problem..
Next:  IIS: Windows Server 2003, IIS6, isolating users frustration  
Author Message
jane_s_2004

External


Since: Sep 16, 2004
Posts: 3



(Msg. 1) Posted: Thu Sep 16, 2004 6:28 pm
Post subject: IISState log help
Archived from groups: microsoft>public>inetserver>iis (more info?)
Hi! I would be greateful if you could help me interpret the following
log file...

Our website hangs periodically, once in 1-2 days. I reviewed logs from
IIS Debug tool; it shows that some threads take really long time (over
30 min). Here is part of that log:

0:000> !runaway
*** WARNING: symbols timestamp is wrong 0x4060ef9c 0x3c1fe60f for
C:\WINNT\system32\KERNEL32.DLL
User Mode Time
Thread Time
a8c 0 days 0:37:46.546
a9c 0 days 0:36:44.921
a78 0 days 0:36:14.671
a94 0 days 0:36:07.015
a80 0 days 0:35:11.718
a88 0 days 0:34:42.281
a84 0 days 0:33:08.765
2754 0 days 0:29:54.296
8908 0 days 0:15:09.203
9b70 0 days 0:13:21.140
a70c 0 days 0:10:55.531
b05c 0 days 0:09:17.671
b050 0 days 0:09:05.265
d074 0 days 0:03:37.750
d820 0 days 0:03:24.468
e3b4 0 days 0:01:26.640
8c0 0 days 0:00:15.578
8c4 0 days 0:00:15.187

When the server was re-started, we ran IISState on it, and created a
log when the server became very slow (did not hang completely yet). In
the log created by IISState, i don't see any reference to specific ASP
pages, only "Unable to locate ASP page" notes.
Could you point me to how to extract information about what
specifically causing the server slow down and hang?

Thanks a lot!

-------------------
Opened log file 'C:\iisstate\output\IISState-2232.log'

***********************
Starting new log output
IISState version 3.3.1

Thu Sep 16 14:31:47 2004

OS = Windows 2000
Executable: dllhost.exe
PID = 2232

Note: Thread times are formatted as HH:MM:SS.ms

***********************




Thread ID: 0
System Thread ID: 8b4
Kernel Time: 0:0:0.46
User Time: 0:0:0.15
*** WARNING: symbols timestamp is wrong 0x4060ef9b 0x3af32050 for
C:\WINNT\system32\ntdll.dll
*** WARNING: symbols timestamp is wrong 0x4060ef9c 0x3c1fe60f for
C:\WINNT\system32\KERNEL32.DLL
*** WARNING: symbols timestamp is wrong 0x4050da31 0x3bdfa42d for
C:\WINNT\system32\ole32.dll
*** WARNING: symbols timestamp is wrong 0x3e7b8905 0x3a440524 for
C:\WINNT\system32\dllhost.exe
Thread Type: Other
# ChildEBP RetAddr
00 0006fd28 7c573b28 ntdll!ZwWriteFile+0xc
01 0006fd50 7c573b50 KERNEL32!WaitForSingleObjectEx+0x66
02 0006fd60 77aaa701 KERNEL32!WaitForSingleObject+0x4
03 0006ff24 010014c6 ole32!OleMetafilePictFromIconAndLabel+0x12d
04 0006ffc0 7c581af6 dllhost!WinMainCRTStartup+0x156
05 0006fff0 00000000 KERNEL32!GetLocaleInfoW+0x4c3




Thread ID: 1
System Thread ID: 8c4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** WARNING: symbols timestamp is wrong 0x4060ef9c 0x3bdfa41e for
C:\WINNT\system32\USER32.DLL
Thread Type: Other
# ChildEBP RetAddr
00 008fff14 77e115d7 USER32!ValidateHwnd
01 008fff30 77abbad5 USER32!HMValidateHandle+0x8a
02 008fff70 77abba23 ole32!UtQueryPictFormat+0x17
03 008fff8c 77abb95e ole32!UtReadOlePresStmHeader+0xcb
04 008fffa8 77ab5046 ole32!CLSIDFromOle1Class+0x50
05 008fffbc 000002ca ole32!DdeCommonWndProc+0x159




Thread ID: 2
System Thread ID: 8cc
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
*** WARNING: symbols timestamp is wrong 0x4050da32 0x3c1fe617 for
C:\WINNT\system32\TxfAux.Dll
Thread Type: Other
# ChildEBP RetAddr
00 00a0fc80 6de8b9d0 ntdll!_allmul+0x25
01 00a0fd94 6de8b908 TxfAux!WORK_QUEUE::WorkerLoop+0x100
02 00a0ffb4 7c57438b TxfAux!WORK_QUEUE::WorkerLoop+0x38




Thread ID: 3
System Thread ID: 8c8
Kernel Time: 0:0:7.781
User Time: 0:0:7.328
*** WARNING: symbols timestamp is wrong 0x4050da31 0x3bdfa422 for
C:\WINNT\system32\RPCRT4.DLL
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: *** ERROR: Symbol file could not be found. Defaulted
to export symbols for C:\WINNT\System32\inetsrv\asp.dll -
ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 00c6ff74 77d359a3 ntdll!NtRemoveIoCompletion+0x5
01 00c6ffa8 77d358d6
RPCRT4!LRPC_CASSOCIATION::ActuallyAllocateCCall+0x67
02 00c6ffb4 7c57438b RPCRT4!LRPC_CASSOCIATION::AllocateCCall+0x1ef




Thread ID: 4
System Thread ID: 914
Kernel Time: 0:0:0.46
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 00caff08 7c573c23 ntdll!NtContinue+0xc
01 00caff58 7c578f0d KERNEL32!GetQueuedCompletionStatus+0x65
02 00caffec 00000000 KERNEL32!TransactNamedPipe+0x14d




Thread ID: 5
System Thread ID: 918
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** WARNING: symbols timestamp is wrong 0x4050da33 0x3c1fe62d for
C:\WINNT\system32\COMSVCS.DLL
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 00cefb94 77d3ac56 ntdll!RtlMultiByteToUnicodeN+0xd8
01 00cefba0 77b25b87 RPCRT4!OSF_CCONNECTION::TransClose+0x6f
02 00cefbc0 77b25a52 ole32!_NULL_IMPORT_DESCRIPTOR+0x47f3
03 00cefbd8 77b22ab6 ole32!_NULL_IMPORT_DESCRIPTOR+0x46be
04 00cefc18 77b258c6 ole32!CDocFile::CopyTo+0x129
05 00cefc88 77ab74c3 ole32!_NULL_IMPORT_DESCRIPTOR+0x4532
06 00cefce0 77d94c1a ole32!CDIFat::Fixup+0x498
07 00cefcfc 77d9487d RPCRT4!NdrpSetupBeginClientCall+0x9b
08 00cefd68 77aa9581 RPCRT4!CStdAsyncProxyBuffer_Release+0x12
09 00ceff44 77d95136 ole32!CClientSecurity::CopyProxy+0x11
0a 00ceff60 77d46e75 RPCRT4!NdrValidateBothAndLockAsyncHandle+0x8
0b 00ceff60 77d46e75 RPCRT4!LRPC_BINDING_HANDLE::BindingCopy+0x7a
0c 00ceff70 787f5818 RPCRT4!LRPC_BINDING_HANDLE::BindingCopy+0x7a




Thread ID: 6
System Thread ID: 91c
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 00d2fee0 7c573a4e ntdll!NtRemoveIoCompletion+0x5
01 00d2ff00 7c573a22 KERNEL32!BasepMapModuleHandle+0x28
02 77f82091 4affc033 KERNEL32!TlsGetValue+0x11
WARNING: Frame IP not in any known module. Following frames may be
wrong.
03 0424548b 00000000 0x4affc033




Thread ID: 7
System Thread ID: 920
Kernel Time: 0:1:21.781
User Time: 0:0:33.140
*** WARNING: symbols timestamp is wrong 0x3ef274f0 0x3cab7f89 for
C:\WINNT\system32\IISRTL.DLL
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for -
Thread Type: Other
# ChildEBP RetAddr
00 00fafe5c 7c573c23 ntdll!NtContinue+0xc
01 00fafeac 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 00faff08 77e11ace USER32!MessageTable+0x29e
03 00faff24 6e5a5a7c USER32!MessageTable+0x386
04 00faff78 78008593
IISRTL!CRtlResource::SetDefaultSpinAdjustmentFactor+0x23
WARNING: Stack unwind information not available. Following frames may
be wrong.
05 00faffb4 7c57438b MSVCRT!endthreadex+0x93




Thread ID: 8
System Thread ID: 924
Kernel Time: 0:1:18.796
User Time: 0:0:33.750
Thread Type: Other
# ChildEBP RetAddr
00 00fefe5c 7c573c23 ntdll!NtContinue+0xc
01 00fefeac 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 00feff08 77e11ace USER32!MessageTable+0x29e
03 00feff24 6e5a5a7c USER32!MessageTable+0x386
04 00feff78 78008593
IISRTL!CRtlResource::SetDefaultSpinAdjustmentFactor+0x23
WARNING: Stack unwind information not available. Following frames may
be wrong.
05 00feffb4 7c57438b MSVCRT!endthreadex+0x93




Thread ID: 9
System Thread ID: 928
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** WARNING: symbols timestamp is wrong 0x3ef274f2 0x3cab7f89 for
C:\WINNT\System32\inetsrv\ISATQ.DLL
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0110ff7c 6d702957 ntdll!_allmul+0x25
01 7c310dd6 f76868ff ISATQ!`string'+0x3
WARNING: Frame IP not in any known module. Following frames may be
wrong.
02 6aec8b55 00000000 0xf76868ff




Thread ID: 10
System Thread ID: 92c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0114ff7c 6d702957 ntdll!_allmul+0x25
01 7c310dd6 f76868ff ISATQ!`string'+0x3
WARNING: Frame IP not in any known module. Following frames may be
wrong.
02 6aec8b55 00000000 0xf76868ff




Thread ID: 11
System Thread ID: b08
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 01f6fee4 77d31394 ntdll!_allmul+0x25
01 01f6ff20 77d3e93f RPCRT4!InitializeDLL+0x78
02 01f6ff74 77d3e8c2 RPCRT4!UnicodeToAnsiString+0x14
03 01f6ffa8 77d358d6 RPCRT4!MinOf+0x1
04 01f6ffb4 7c57438b RPCRT4!LRPC_CASSOCIATION::AllocateCCall+0x1ef
05 01f6ffd4 77f87c5e KERNEL32!NlsStrLenW+0x44




Thread ID: 12
System Thread ID: b18
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
00 0202fe70 7c573c23 ntdll!NtContinue+0xc
01 0202fec0 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 0202ff1c 77e11ace USER32!MessageTable+0x29e
03 0202ff38 74a01e69 USER32!MessageTable+0x386
WARNING: Stack unwind information not available. Following frames may
be wrong.
04 0202ff7c 78008454 asp!GetExtensionVersion+0x2deb
05 0202ffb4 7c57438b MSVCRT!endthread+0xc1




Thread ID: 13
System Thread ID: b1c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
00 0206fe70 7c573c23 ntdll!NtContinue+0xc
01 0206fec0 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 0206ff1c 77e11ace USER32!MessageTable+0x29e
03 0206ff38 74a01eca USER32!MessageTable+0x386
WARNING: Stack unwind information not available. Following frames may
be wrong.
04 0206ff7c 78008454 asp!GetExtensionVersion+0x2e4c
05 0206ffb4 7c57438b MSVCRT!endthread+0xc1




Thread ID: 14
System Thread ID: b20
Kernel Time: 0:0:0.187
User Time: 0:0:0.62
*** WARNING: Unable to verify checksum for
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for -
Thread Type: PDM (Debugger) Thread.
# ChildEBP RetAddr
00 020afddc 7c573c23 ntdll!NtContinue+0xc
01 020afe2c 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 020afe88 77e11ace USER32!MessageTable+0x29e
03 020afea4 4a00886c USER32!MessageTable+0x386
04 020aff7c 7c574499 pdm+0x886c
05 020affb0 4a008a09 KERNEL32!MulDiv+0x37
06 020affcc 77f82a06 pdm+0x8a09




Thread ID: 15
System Thread ID: b74
Kernel Time: 0:0:0.62
User Time: 0:0:0.62
Thread Type: Other
# ChildEBP RetAddr
00 0212ff9c 77f842c4 ntdll!NtRemoveIoCompletion+0x5
01 0212ffb4 7c57438b ntdll!NtSetValueKey+0x5
02 0212ffd4 7c57a1b8 KERNEL32!NlsStrLenW+0x44
03 0212ffdc 7c57e597 KERNEL32!LongCompareStringW+0xf22
04 ffffffff 00000000 KERNEL32!`string'+0x1f




Thread ID: 16
System Thread ID: b78
Kernel Time: 0:3:5.78
User Time: 1:8:31.687
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 0216fe28 7c573c23 ntdll!NtContinue+0xc
01 0216fe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 0216fed4 77e11ace USER32!MessageTable+0x29e
03 0216fef0 787c3911 USER32!MessageTable+0x386
04 000c07f0 000c1b30 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 000c2580 000c07f0 0xc1b30
06 7886c960 000c2580 0xc07f0
07 00102828 7886c960 0xc2580
08 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
09 000c31b0 0c7d6d38 0x102828
0a 000be1a0 000c31b0 0xc7d6d38
0b 0d11b060 000be1a0 0xc31b0
0c 04d81070 0d11b060 0xbe1a0
0d 04df1d30 04d81070 0xd11b060
0e 04e72de8 04df1d30 0x4d81070
0f 03279220 04e72de8 0x4df1d30
10 0a217b18 03279220 0x4e72de8
11 0ab453e0 0a217b18 0x3279220
12 0013bfa0 0ab453e0 0xa217b18
13 000c3930 0013bfa0 0xab453e0
14 000c1b30 000c3930 0x13bfa0
15 000c07f0 000c1b30 0xc3930
16 000c2580 000c07f0 0xc1b30
17 7886c960 000c2580 0xc07f0
18 00102828 7886c960 0xc2580
19 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
1a 000c31b0 0c7d6d38 0x102828
1b 000be1a0 000c31b0 0xc7d6d38
1c 0d11b060 000be1a0 0xc31b0
1d 04d81070 0d11b060 0xbe1a0
1e 04df1d30 04d81070 0xd11b060
1f 04e72de8 04df1d30 0x4d81070
20 03279220 04e72de8 0x4df1d30
21 0a217b18 03279220 0x4e72de8
22 0ab453e0 0a217b18 0x3279220
23 0013bfa0 0ab453e0 0xa217b18
24 000c3930 0013bfa0 0xab453e0
25 000c1b30 000c3930 0x13bfa0
26 000c07f0 000c1b30 0xc3930
27 000c2580 000c07f0 0xc1b30
28 7886c960 000c2580 0xc07f0
29 00102828 7886c960 0xc2580
2a 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
2b 000c31b0 0c7d6d38 0x102828
2c 000be1a0 000c31b0 0xc7d6d38
2d 0d11b060 000be1a0 0xc31b0
2e 04d81070 0d11b060 0xbe1a0
2f 04df1d30 04d81070 0xd11b060
30 04e72de8 04df1d30 0x4d81070
31 03279220 04e72de8 0x4df1d30




Thread ID: 17
System Thread ID: b7c
Kernel Time: 0:2:59.343
User Time: 1:7:28.703
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 021afe28 7c573c23 ntdll!NtContinue+0xc
01 021afe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 021afed4 77e11ace USER32!MessageTable+0x29e
03 021afef0 787c3911 USER32!MessageTable+0x386
04 000c1b30 000c3930 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 000c07f0 000c1b30 0xc3930
06 000c2580 000c07f0 0xc1b30
07 7886c960 000c2580 0xc07f0
08 00102828 7886c960 0xc2580
09 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
0a 000c31b0 0c7d6d38 0x102828
0b 000be1a0 000c31b0 0xc7d6d38
0c 0d11b060 000be1a0 0xc31b0
0d 04d81070 0d11b060 0xbe1a0
0e 04df1d30 04d81070 0xd11b060
0f 04e72de8 04df1d30 0x4d81070
10 03279220 04e72de8 0x4df1d30
11 0a217b18 03279220 0x4e72de8
12 0ab453e0 0a217b18 0x3279220
13 0013bfa0 0ab453e0 0xa217b18
14 000c3930 0013bfa0 0xab453e0
15 000c1b30 000c3930 0x13bfa0
16 000c07f0 000c1b30 0xc3930
17 000c2580 000c07f0 0xc1b30
18 7886c960 000c2580 0xc07f0
19 00102828 7886c960 0xc2580
1a 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
1b 000c31b0 0c7d6d38 0x102828
1c 000be1a0 000c31b0 0xc7d6d38
1d 0d11b060 000be1a0 0xc31b0
1e 04d81070 0d11b060 0xbe1a0
1f 04df1d30 04d81070 0xd11b060
20 04e72de8 04df1d30 0x4d81070
21 03279220 04e72de8 0x4df1d30
22 0a217b18 03279220 0x4e72de8
23 0ab453e0 0a217b18 0x3279220
24 0013bfa0 0ab453e0 0xa217b18
25 000c3930 0013bfa0 0xab453e0
26 000c1b30 000c3930 0x13bfa0
27 000c07f0 000c1b30 0xc3930
28 000c2580 000c07f0 0xc1b30
29 7886c960 000c2580 0xc07f0
2a 00102828 7886c960 0xc2580
2b 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
2c 000c31b0 0c7d6d38 0x102828
2d 000be1a0 000c31b0 0xc7d6d38
2e 0d11b060 000be1a0 0xc31b0
2f 04d81070 0d11b060 0xbe1a0
30 04df1d30 04d81070 0xd11b060
31 04e72de8 04df1d30 0x4d81070




Thread ID: 18
System Thread ID: b88
Kernel Time: 0:3:2.546
User Time: 1:7:14.609
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 0226fe28 7c573c23 ntdll!NtContinue+0xc
01 0226fe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 0226fed4 77e11ace USER32!MessageTable+0x29e
03 0226fef0 787c3911 USER32!MessageTable+0x386
04 000c31b0 0c7d6d38 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 000be1a0 000c31b0 0xc7d6d38
06 0d11b060 000be1a0 0xc31b0
07 04d81070 0d11b060 0xbe1a0
08 04df1d30 04d81070 0xd11b060
09 04e72de8 04df1d30 0x4d81070
0a 03279220 04e72de8 0x4df1d30
0b 0a217b18 03279220 0x4e72de8
0c 0ab453e0 0a217b18 0x3279220
0d 0013bfa0 0ab453e0 0xa217b18
0e 000c3930 0013bfa0 0xab453e0
0f 000c1b30 000c3930 0x13bfa0
10 000c07f0 000c1b30 0xc3930
11 000c2580 000c07f0 0xc1b30
12 7886c960 000c2580 0xc07f0
13 00102828 7886c960 0xc2580
14 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
15 000c31b0 0c7d6d38 0x102828
16 000be1a0 000c31b0 0xc7d6d38
17 0d11b060 000be1a0 0xc31b0
18 04d81070 0d11b060 0xbe1a0
19 04df1d30 04d81070 0xd11b060
1a 04e72de8 04df1d30 0x4d81070
1b 03279220 04e72de8 0x4df1d30
1c 0a217b18 03279220 0x4e72de8
1d 0ab453e0 0a217b18 0x3279220
1e 0013bfa0 0ab453e0 0xa217b18
1f 000c3930 0013bfa0 0xab453e0
20 000c1b30 000c3930 0x13bfa0
21 000c07f0 000c1b30 0xc3930
22 000c2580 000c07f0 0xc1b30
23 7886c960 000c2580 0xc07f0
24 00102828 7886c960 0xc2580
25 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
26 000c31b0 0c7d6d38 0x102828
27 000be1a0 000c31b0 0xc7d6d38
28 0d11b060 000be1a0 0xc31b0
29 04d81070 0d11b060 0xbe1a0
2a 04df1d30 04d81070 0xd11b060
2b 04e72de8 04df1d30 0x4d81070
2c 03279220 04e72de8 0x4df1d30
2d 0a217b18 03279220 0x4e72de8
2e 0ab453e0 0a217b18 0x3279220
2f 0013bfa0 0ab453e0 0xa217b18
30 000c3930 0013bfa0 0xab453e0
31 000c1b30 000c3930 0x13bfa0




Thread ID: 19
System Thread ID: b90
Kernel Time: 0:3:1.703
User Time: 1:5:33.406
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 022afe28 7c573c23 ntdll!NtContinue+0xc
01 022afe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 022afed4 77e11ace USER32!MessageTable+0x29e
03 022afef0 787c3911 USER32!MessageTable+0x386
04 000c3930 0013bfa0 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 000c1b30 000c3930 0x13bfa0
06 000c07f0 000c1b30 0xc3930
07 000c2580 000c07f0 0xc1b30
08 7886c960 000c2580 0xc07f0
09 00102828 7886c960 0xc2580
0a 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
0b 000c31b0 0c7d6d38 0x102828
0c 000be1a0 000c31b0 0xc7d6d38
0d 0d11b060 000be1a0 0xc31b0
0e 04d81070 0d11b060 0xbe1a0
0f 04df1d30 04d81070 0xd11b060
10 04e72de8 04df1d30 0x4d81070
11 03279220 04e72de8 0x4df1d30
12 0a217b18 03279220 0x4e72de8
13 0ab453e0 0a217b18 0x3279220
14 0013bfa0 0ab453e0 0xa217b18
15 000c3930 0013bfa0 0xab453e0
16 000c1b30 000c3930 0x13bfa0
17 000c07f0 000c1b30 0xc3930
18 000c2580 000c07f0 0xc1b30
19 7886c960 000c2580 0xc07f0
1a 00102828 7886c960 0xc2580
1b 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
1c 000c31b0 0c7d6d38 0x102828
1d 000be1a0 000c31b0 0xc7d6d38
1e 0d11b060 000be1a0 0xc31b0
1f 04d81070 0d11b060 0xbe1a0
20 04df1d30 04d81070 0xd11b060
21 04e72de8 04df1d30 0x4d81070
22 03279220 04e72de8 0x4df1d30
23 0a217b18 03279220 0x4e72de8
24 0ab453e0 0a217b18 0x3279220
25 0013bfa0 0ab453e0 0xa217b18
26 000c3930 0013bfa0 0xab453e0
27 000c1b30 000c3930 0x13bfa0
28 000c07f0 000c1b30 0xc3930
29 000c2580 000c07f0 0xc1b30
2a 7886c960 000c2580 0xc07f0
2b 00102828 7886c960 0xc2580
2c 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
2d 000c31b0 0c7d6d38 0x102828
2e 000be1a0 000c31b0 0xc7d6d38
2f 0d11b060 000be1a0 0xc31b0
30 04d81070 0d11b060 0xbe1a0
31 04df1d30 04d81070 0xd11b060




Thread ID: 20
System Thread ID: b94
Kernel Time: 0:0:1.46
User Time: 0:0:0.453
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 022efe28 7c573c23 ntdll!NtContinue+0xc
01 022efe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 022efed4 77e11ace USER32!MessageTable+0x29e
03 022efef0 787c3911 USER32!MessageTable+0x386
04 000c2580 000c07f0 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 7886c960 000c2580 0xc07f0
06 00102828 7886c960 0xc2580
07 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
08 000c31b0 0c7d6d38 0x102828
09 000be1a0 000c31b0 0xc7d6d38
0a 0d11b060 000be1a0 0xc31b0
0b 04d81070 0d11b060 0xbe1a0
0c 04df1d30 04d81070 0xd11b060
0d 04e72de8 04df1d30 0x4d81070
0e 03279220 04e72de8 0x4df1d30
0f 0a217b18 03279220 0x4e72de8
10 0ab453e0 0a217b18 0x3279220
11 0013bfa0 0ab453e0 0xa217b18
12 000c3930 0013bfa0 0xab453e0
13 000c1b30 000c3930 0x13bfa0
14 000c07f0 000c1b30 0xc3930
15 000c2580 000c07f0 0xc1b30
16 7886c960 000c2580 0xc07f0
17 00102828 7886c960 0xc2580
18 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
19 000c31b0 0c7d6d38 0x102828
1a 000be1a0 000c31b0 0xc7d6d38
1b 0d11b060 000be1a0 0xc31b0
1c 04d81070 0d11b060 0xbe1a0
1d 04df1d30 04d81070 0xd11b060
1e 04e72de8 04df1d30 0x4d81070
1f 03279220 04e72de8 0x4df1d30
20 0a217b18 03279220 0x4e72de8
21 0ab453e0 0a217b18 0x3279220
22 0013bfa0 0ab453e0 0xa217b18
23 000c3930 0013bfa0 0xab453e0
24 000c1b30 000c3930 0x13bfa0
25 000c07f0 000c1b30 0xc3930
26 000c2580 000c07f0 0xc1b30
27 7886c960 000c2580 0xc07f0
28 00102828 7886c960 0xc2580
29 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
2a 000c31b0 0c7d6d38 0x102828
2b 000be1a0 000c31b0 0xc7d6d38
2c 0d11b060 000be1a0 0xc31b0
2d 04d81070 0d11b060 0xbe1a0
2e 04df1d30 04d81070 0xd11b060
2f 04e72de8 04df1d30 0x4d81070
30 03279220 04e72de8 0x4df1d30
31 0a217b18 03279220 0x4e72de8




Thread ID: 21
System Thread ID: ba4
Kernel Time: 0:0:9.953
User Time: 0:0:9.843
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 023cff74 77d37b4c ntdll!RtlTimeToTimeFields+0xf7
01 023cffa8 77d358d6 RPCRT4!NdrpConformantStringUnmarshall+0xda
02 023cffb4 7c57438b RPCRT4!LRPC_CASSOCIATION::AllocateCCall+0x1ef




Thread ID: 22
System Thread ID: c1c
Kernel Time: 0:0:0.93
User Time: 0:0:0.31
Thread Type: Other
# ChildEBP RetAddr
00 0286ffb4 7c57438b ntdll!_allmul+0x25




Thread ID: 23
System Thread ID: 820
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINNT\system32\NETAPI32.dll -
Thread Type: Other
# ChildEBP RetAddr
00 030bff88 751a4848 ntdll!NtContinue+0xc
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 030bffb4 7c57438b NETAPI32!RxRemoteApi+0x17a6
02 030bffc0 77f88b43 KERNEL32!NlsStrLenW+0x44
03 030bffec 00000000 ntdll!RtlpStatusTable+0x66b




Thread ID: 24
System Thread ID: c98
Kernel Time: 0:0:0.171
User Time: 0:0:0.609
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\Program Files\Common Files\System\OLE DB\oledb32.dll -
Thread Type: Other
# ChildEBP RetAddr
00 030fff5c 7c573b28 ntdll!ZwWriteFile+0xc
01 030fff84 7c573b50 KERNEL32!WaitForSingleObjectEx+0x66
02 030fff94 1f93cf88 KERNEL32!WaitForSingleObject+0x4
WARNING: Stack unwind information not available. Following frames may
be wrong.
03 030fffb4 7c57438b oledb32!DllGetClassObject+0xa470




Thread ID: 25
System Thread ID: c8c
Kernel Time: 0:0:0.515
User Time: 0:0:0.468
Thread Type: Other
# ChildEBP RetAddr
00 0313ff58 7c573b28 ntdll!ZwWriteFile+0xc
01 0313ff80 7c573b50 KERNEL32!WaitForSingleObjectEx+0x66
02 0313ff90 1f93d152 KERNEL32!WaitForSingleObject+0x4
WARNING: Stack unwind information not available. Following frames may
be wrong.
03 0313ffb4 7c57438b oledb32!DllGetClassObject+0xa63a




Thread ID: 26
System Thread ID: 598
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 0317fd54 7c573b28 ntdll!ZwWriteFile+0xc
01 0317fd7c 7c573b50 KERNEL32!WaitForSingleObjectEx+0x66
02 0317fd8c 7878db85 KERNEL32!WaitForSingleObject+0x4
03 0317fd9c 0216dce8
COMSVCS!CHolder::SafeDispenserDriver::CreateResource+0x83
WARNING: Frame IP not in any known module. Following frames may be
wrong.
04 00116120 00119ccc 0x216dce8
05 00116120 00119ccc 0x119ccc
06 00000000 00000000 0x119ccc




Thread ID: 27
System Thread ID: b64
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 031efd20 7c573c23 ntdll!NtContinue+0xc
01 031efd70 7c578f0d KERNEL32!GetQueuedCompletionStatus+0x65
02 031effb4 7c57438b KERNEL32!TransactNamedPipe+0x14d




Thread ID: 28
System Thread ID: 16790
Kernel Time: 0:0:51.687
User Time: 0:18:43.171
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 026cfe28 7c573c23 ntdll!NtContinue+0xc
01 026cfe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 026cfed4 77e11ace USER32!MessageTable+0x29e
03 026cfef0 787c3911 USER32!MessageTable+0x386
04 04e72de8 04df1d30 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 03279220 04e72de8 0x4df1d30
06 0a217b18 03279220 0x4e72de8
07 0ab453e0 0a217b18 0x3279220
08 0013bfa0 0ab453e0 0xa217b18
09 000c3930 0013bfa0 0xab453e0
0a 000c1b30 000c3930 0x13bfa0
0b 000c07f0 000c1b30 0xc3930
0c 000c2580 000c07f0 0xc1b30
0d 7886c960 000c2580 0xc07f0
0e 00102828 7886c960 0xc2580
0f 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
10 000c31b0 0c7d6d38 0x102828
11 000be1a0 000c31b0 0xc7d6d38
12 0d11b060 000be1a0 0xc31b0
13 04d81070 0d11b060 0xbe1a0
14 04df1d30 04d81070 0xd11b060
15 04e72de8 04df1d30 0x4d81070
16 03279220 04e72de8 0x4df1d30
17 0a217b18 03279220 0x4e72de8
18 0ab453e0 0a217b18 0x3279220
19 0013bfa0 0ab453e0 0xa217b18
1a 000c3930 0013bfa0 0xab453e0
1b 000c1b30 000c3930 0x13bfa0
1c 000c07f0 000c1b30 0xc3930
1d 000c2580 000c07f0 0xc1b30
1e 7886c960 000c2580 0xc07f0
1f 00102828 7886c960 0xc2580
20 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
21 000c31b0 0c7d6d38 0x102828
22 000be1a0 000c31b0 0xc7d6d38
23 0d11b060 000be1a0 0xc31b0
24 04d81070 0d11b060 0xbe1a0
25 04df1d30 04d81070 0xd11b060
26 04e72de8 04df1d30 0x4d81070
27 03279220 04e72de8 0x4df1d30
28 0a217b18 03279220 0x4e72de8
29 0ab453e0 0a217b18 0x3279220
2a 0013bfa0 0ab453e0 0xa217b18
2b 000c3930 0013bfa0 0xab453e0
2c 000c1b30 000c3930 0x13bfa0
2d 000c07f0 000c1b30 0xc3930
2e 000c2580 000c07f0 0xc1b30
2f 7886c960 000c2580 0xc07f0
30 00102828 7886c960 0xc2580
31 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)




Thread ID: 29
System Thread ID: 16700
Kernel Time: 0:0:52.109
User Time: 0:18:20.296
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 0278fe28 7c573c23 ntdll!NtContinue+0xc
01 0278fe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 0278fed4 77e11ace USER32!MessageTable+0x29e
03 0278fef0 787c3911 USER32!MessageTable+0x386
04 00102828 7886c960 COMSVCS!CMtaActivity::AsyncCall+0x923
05 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
WARNING: Frame IP not in any known module. Following frames may be
wrong.
06 000c31b0 0c7d6d38 0x102828
07 000be1a0 000c31b0 0xc7d6d38
08 0d11b060 000be1a0 0xc31b0
09 04d81070 0d11b060 0xbe1a0
0a 04df1d30 04d81070 0xd11b060
0b 04e72de8 04df1d30 0x4d81070
0c 03279220 04e72de8 0x4df1d30
0d 0a217b18 03279220 0x4e72de8
0e 0ab453e0 0a217b18 0x3279220
0f 0013bfa0 0ab453e0 0xa217b18
10 000c3930 0013bfa0 0xab453e0
11 000c1b30 000c3930 0x13bfa0
12 000c07f0 000c1b30 0xc3930
13 000c2580 000c07f0 0xc1b30
14 7886c960 000c2580 0xc07f0
15 00102828 7886c960 0xc2580
16 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
17 000c31b0 0c7d6d38 0x102828
18 000be1a0 000c31b0 0xc7d6d38
19 0d11b060 000be1a0 0xc31b0
1a 04d81070 0d11b060 0xbe1a0
1b 04df1d30 04d81070 0xd11b060
1c 04e72de8 04df1d30 0x4d81070
1d 03279220 04e72de8 0x4df1d30
1e 0a217b18 03279220 0x4e72de8
1f 0ab453e0 0a217b18 0x3279220
20 0013bfa0 0ab453e0 0xa217b18
21 000c3930 0013bfa0 0xab453e0
22 000c1b30 000c3930 0x13bfa0
23 000c07f0 000c1b30 0xc3930
24 000c2580 000c07f0 0xc1b30
25 7886c960 000c2580 0xc07f0
26 00102828 7886c960 0xc2580
27 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
28 000c31b0 0c7d6d38 0x102828
29 000be1a0 000c31b0 0xc7d6d38
2a 0d11b060 000be1a0 0xc31b0
2b 04d81070 0d11b060 0xbe1a0
2c 04df1d30 04d81070 0xd11b060
2d 04e72de8 04df1d30 0x4d81070
2e 03279220 04e72de8 0x4df1d30
2f 0a217b18 03279220 0x4e72de8
30 0ab453e0 0a217b18 0x3279220
31 0013bfa0 0ab453e0 0xa217b18




Thread ID: 30
System Thread ID: 167b0
Kernel Time: 0:0:51.15
User Time: 0:18:32.390
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 0876fe28 7c573c23 ntdll!NtContinue+0xc
01 0876fe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 0876fed4 77e11ace USER32!MessageTable+0x29e
03 0876fef0 787c3911 USER32!MessageTable+0x386
04 0d11b060 000be1a0 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 04d81070 0d11b060 0xbe1a0
06 04df1d30 04d81070 0xd11b060
07 04e72de8 04df1d30 0x4d81070
08 03279220 04e72de8 0x4df1d30
09 0a217b18 03279220 0x4e72de8
0a 0ab453e0 0a217b18 0x3279220
0b 0013bfa0 0ab453e0 0xa217b18
0c 000c3930 0013bfa0 0xab453e0
0d 000c1b30 000c3930 0x13bfa0
0e 000c07f0 000c1b30 0xc3930
0f 000c2580 000c07f0 0xc1b30
10 7886c960 000c2580 0xc07f0
11 00102828 7886c960 0xc2580
12 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
13 000c31b0 0c7d6d38 0x102828
14 000be1a0 000c31b0 0xc7d6d38
15 0d11b060 000be1a0 0xc31b0
16 04d81070 0d11b060 0xbe1a0
17 04df1d30 04d81070 0xd11b060
18 04e72de8 04df1d30 0x4d81070
19 03279220 04e72de8 0x4df1d30
1a 0a217b18 03279220 0x4e72de8
1b 0ab453e0 0a217b18 0x3279220
1c 0013bfa0 0ab453e0 0xa217b18
1d 000c3930 0013bfa0 0xab453e0
1e 000c1b30 000c3930 0x13bfa0
1f 000c07f0 000c1b30 0xc3930
20 000c2580 000c07f0 0xc1b30
21 7886c960 000c2580 0xc07f0
22 00102828 7886c960 0xc2580
23 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
24 000c31b0 0c7d6d38 0x102828
25 000be1a0 000c31b0 0xc7d6d38
26 0d11b060 000be1a0 0xc31b0
27 04d81070 0d11b060 0xbe1a0
28 04df1d30 04d81070 0xd11b060
29 04e72de8 04df1d30 0x4d81070
2a 03279220 04e72de8 0x4df1d30
2b 0a217b18 03279220 0x4e72de8
2c 0ab453e0 0a217b18 0x3279220
2d 0013bfa0 0ab453e0 0xa217b18
2e 000c3930 0013bfa0 0xab453e0
2f 000c1b30 000c3930 0x13bfa0
30 000c07f0 000c1b30 0xc3930
31 000c2580 000c07f0 0xc1b30




Thread ID: 31
System Thread ID: 1689c
Kernel Time: 0:0:52.62
User Time: 0:18:9.15
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 087efe28 7c573c23 ntdll!NtContinue+0xc
01 087efe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 087efed4 77e11ace USER32!MessageTable+0x29e
03 087efef0 787c3911 USER32!MessageTable+0x386
04 0a217b18 03279220 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 0ab453e0 0a217b18 0x3279220
06 0013bfa0 0ab453e0 0xa217b18
07 000c3930 0013bfa0 0xab453e0
08 000c1b30 000c3930 0x13bfa0
09 000c07f0 000c1b30 0xc3930
0a 000c2580 000c07f0 0xc1b30
0b 7886c960 000c2580 0xc07f0
0c 00102828 7886c960 0xc2580
0d 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
0e 000c31b0 0c7d6d38 0x102828
0f 000be1a0 000c31b0 0xc7d6d38
10 0d11b060 000be1a0 0xc31b0
11 04d81070 0d11b060 0xbe1a0
12 04df1d30 04d81070 0xd11b060
13 04e72de8 04df1d30 0x4d81070
14 03279220 04e72de8 0x4df1d30
15 0a217b18 03279220 0x4e72de8
16 0ab453e0 0a217b18 0x3279220
17 0013bfa0 0ab453e0 0xa217b18
18 000c3930 0013bfa0 0xab453e0
19 000c1b30 000c3930 0x13bfa0
1a 000c07f0 000c1b30 0xc3930
1b 000c2580 000c07f0 0xc1b30
1c 7886c960 000c2580 0xc07f0
1d 00102828 7886c960 0xc2580
1e 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
1f 000c31b0 0c7d6d38 0x102828
20 000be1a0 000c31b0 0xc7d6d38
21 0d11b060 000be1a0 0xc31b0
22 04d81070 0d11b060 0xbe1a0
23 04df1d30 04d81070 0xd11b060
24 04e72de8 04df1d30 0x4d81070
25 03279220 04e72de8 0x4df1d30
26 0a217b18 03279220 0x4e72de8
27 0ab453e0 0a217b18 0x3279220
28 0013bfa0 0ab453e0 0xa217b18
29 000c3930 0013bfa0 0xab453e0
2a 000c1b30 000c3930 0x13bfa0
2b 000c07f0 000c1b30 0xc3930
2c 000c2580 000c07f0 0xc1b30
2d 7886c960 000c2580 0xc07f0
2e 00102828 7886c960 0xc2580
2f 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
30 000c31b0 0c7d6d38 0x102828
31 000be1a0 000c31b0 0xc7d6d38




Thread ID: 32
System Thread ID: 18bb0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 178dff5c 7c573a4e ntdll!NtRemoveIoCompletion+0x5
01 178dff7c 7c573a22 KERNEL32!BasepMapModuleHandle+0x28
02 00007530 00000000 KERNEL32!TlsGetValue+0x11




Thread ID: 33
System Thread ID: 1a038
Kernel Time: 0:0:32.343
User Time: 0:11:2.31
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for D:\ConsumerLending\bin\CL.dll -
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINNT\system32\OLEAUT32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINNT\system32\MSVBVM60.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for -
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
00 185fe4ac 7c573a4e ntdll!NtRemoveIoCompletion+0x5
01 185fe4cc 7c573a22 KERNEL32!BasepMapModuleHandle+0x28
02 185fe6e0 11024aa0 KERNEL32!TlsGetValue+0x11
WARNING: Stack unwind information not available. Following frames may
be wrong.
03 185fe808 779d7d5d CL!DllCanUnloadNow+0x1c456
04 185fe830 6a9fa2fb OLEAUT32!DispCallFunc+0x15d
05 185ff18c 6a9fa0f4 MSVBVM60!BASIC_CLASS_Invoke+0x259
06 185ff1e8 6b614279 MSVBVM60!BASIC_CLASS_Invoke+0x52
07 185ff264 6b61866f vbscript!DllCanUnloadNow+0x8e24
08 185ff944 00000000 vbscript!DllCanUnloadNow+0xd21a




Thread ID: 34
System Thread ID: 1b294
Kernel Time: 0:0:23.328
User Time: 0:8:51.765
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 19a9fe28 7c573c23 ntdll!NtContinue+0xc
01 19a9fe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 19a9fed4 77e11ace USER32!MessageTable+0x29e
03 19a9fef0 787c3911 USER32!MessageTable+0x386
04 04d81070 0d11b060 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 04df1d30 04d81070 0xd11b060
06 04e72de8 04df1d30 0x4d81070
07 03279220 04e72de8 0x4df1d30
08 0a217b18 03279220 0x4e72de8
09 0ab453e0 0a217b18 0x3279220
0a 0013bfa0 0ab453e0 0xa217b18
0b 000c3930 0013bfa0 0xab453e0
0c 000c1b30 000c3930 0x13bfa0
0d 000c07f0 000c1b30 0xc3930
0e 000c2580 000c07f0 0xc1b30
0f 7886c960 000c2580 0xc07f0
10 00102828 7886c960 0xc2580
11 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
12 000c31b0 0c7d6d38 0x102828
13 000be1a0 000c31b0 0xc7d6d38
14 0d11b060 000be1a0 0xc31b0
15 04d81070 0d11b060 0xbe1a0
16 04df1d30 04d81070 0xd11b060
17 04e72de8 04df1d30 0x4d81070
18 03279220 04e72de8 0x4df1d30
19 0a217b18 03279220 0x4e72de8
1a 0ab453e0 0a217b18 0x3279220
1b 0013bfa0 0ab453e0 0xa217b18
1c 000c3930 0013bfa0 0xab453e0
1d 000c1b30 000c3930 0x13bfa0
1e 000c07f0 000c1b30 0xc3930
1f 000c2580 000c07f0 0xc1b30
20 7886c960 000c2580 0xc07f0
21 00102828 7886c960 0xc2580
22 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
23 000c31b0 0c7d6d38 0x102828
24 000be1a0 000c31b0 0xc7d6d38
25 0d11b060 000be1a0 0xc31b0
26 04d81070 0d11b060 0xbe1a0
27 04df1d30 04d81070 0xd11b060
28 04e72de8 04df1d30 0x4d81070
29 03279220 04e72de8 0x4df1d30
2a 0a217b18 03279220 0x4e72de8
2b 0ab453e0 0a217b18 0x3279220
2c 0013bfa0 0ab453e0 0xa217b18
2d 000c3930 0013bfa0 0xab453e0
2e 000c1b30 000c3930 0x13bfa0
2f 000c07f0 000c1b30 0xc3930
30 000c2580 000c07f0 0xc1b30
31 7886c960 000c2580 0xc07f0




Thread ID: 35
System Thread ID: 1bb04
Kernel Time: 0:0:20.906
User Time: 0:8:35.515
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 1a4bfe28 7c573c23 ntdll!NtContinue+0xc
01 1a4bfe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 1a4bfed4 77e11ace USER32!MessageTable+0x29e
03 1a4bfef0 787c3911 USER32!MessageTable+0x386
04 03279220 04e72de8 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 0a217b18 03279220 0x4e72de8
06 0ab453e0 0a217b18 0x3279220
07 0013bfa0 0ab453e0 0xa217b18
08 000c3930 0013bfa0 0xab453e0
09 000c1b30 000c3930 0x13bfa0
0a 000c07f0 000c1b30 0xc3930
0b 000c2580 000c07f0 0xc1b30
0c 7886c960 000c2580 0xc07f0
0d 00102828 7886c960 0xc2580
0e 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
0f 000c31b0 0c7d6d38 0x102828
10 000be1a0 000c31b0 0xc7d6d38
11 0d11b060 000be1a0 0xc31b0
12 04d81070 0d11b060 0xbe1a0
13 04df1d30 04d81070 0xd11b060
14 04e72de8 04df1d30 0x4d81070
15 03279220 04e72de8 0x4df1d30
16 0a217b18 03279220 0x4e72de8
17 0ab453e0 0a217b18 0x3279220
18 0013bfa0 0ab453e0 0xa217b18
19 000c3930 0013bfa0 0xab453e0
1a 000c1b30 000c3930 0x13bfa0
1b 000c07f0 000c1b30 0xc3930
1c 000c2580 000c07f0 0xc1b30
1d 7886c960 000c2580 0xc07f0
1e 00102828 7886c960 0xc2580
1f 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
20 000c31b0 0c7d6d38 0x102828
21 000be1a0 000c31b0 0xc7d6d38
22 0d11b060 000be1a0 0xc31b0
23 04d81070 0d11b060 0xbe1a0
24 04df1d30 04d81070 0xd11b060
25 04e72de8 04df1d30 0x4d81070
26 03279220 04e72de8 0x4df1d30
27 0a217b18 03279220 0x4e72de8
28 0ab453e0 0a217b18 0x3279220
29 0013bfa0 0ab453e0 0xa217b18
2a 000c3930 0013bfa0 0xab453e0
2b 000c1b30 000c3930 0x13bfa0
2c 000c07f0 000c1b30 0xc3930
2d 000c2580 000c07f0 0xc1b30
2e 7886c960 000c2580 0xc07f0
2f 00102828 7886c960 0xc2580
30 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
31 000c31b0 0c7d6d38 0x102828




Thread ID: 36
System Thread ID: 1bb14
Kernel Time: 0:0:20.406
User Time: 0:8:46.218
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 1a4ffe28 7c573c23 ntdll!NtContinue+0xc
01 1a4ffe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 1a4ffed4 77e11ace USER32!MessageTable+0x29e
03 1a4ffef0 787c3911 USER32!MessageTable+0x386
04 04df1d30 04d81070 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 04e72de8 04df1d30 0x4d81070
06 03279220 04e72de8 0x4df1d30
07 0a217b18 03279220 0x4e72de8
08 0ab453e0 0a217b18 0x3279220
09 0013bfa0 0ab453e0 0xa217b18
0a 000c3930 0013bfa0 0xab453e0
0b 000c1b30 000c3930 0x13bfa0
0c 000c07f0 000c1b30 0xc3930
0d 000c2580 000c07f0 0xc1b30
0e 7886c960 000c2580 0xc07f0
0f 00102828 7886c960 0xc2580
10 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
11 000c31b0 0c7d6d38 0x102828
12 000be1a0 000c31b0 0xc7d6d38
13 0d11b060 000be1a0 0xc31b0
14 04d81070 0d11b060 0xbe1a0
15 04df1d30 04d81070 0xd11b060
16 04e72de8 04df1d30 0x4d81070
17 03279220 04e72de8 0x4df1d30
18 0a217b18 03279220 0x4e72de8
19 0ab453e0 0a217b18 0x3279220
1a 0013bfa0 0ab453e0 0xa217b18
1b 000c3930 0013bfa0 0xab453e0
1c 000c1b30 000c3930 0x13bfa0
1d 000c07f0 000c1b30 0xc3930
1e 000c2580 000c07f0 0xc1b30
1f 7886c960 000c2580 0xc07f0
20 00102828 7886c960 0xc2580
21 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
22 000c31b0 0c7d6d38 0x102828
23 000be1a0 000c31b0 0xc7d6d38
24 0d11b060 000be1a0 0xc31b0
25 04d81070 0d11b060 0xbe1a0
26 04df1d30 04d81070 0xd11b060
27 04e72de8 04df1d30 0x4d81070
28 03279220 04e72de8 0x4df1d30
29 0a217b18 03279220 0x4e72de8
2a 0ab453e0 0a217b18 0x3279220
2b 0013bfa0 0ab453e0 0xa217b18
2c 000c3930 0013bfa0 0xab453e0
2d 000c1b30 000c3930 0x13bfa0
2e 000c07f0 000c1b30 0xc3930
2f 000c2580 000c07f0 0xc1b30
30 7886c960 000c2580 0xc07f0
31 00102828 7886c960 0xc2580




Thread ID: 37
System Thread ID: 1bb18
Kernel Time: 0:0:17.640
User Time: 0:6:29.796
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 1a53fe28 7c573c23 ntdll!NtContinue+0xc
01 1a53fe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 1a53fed4 77e11ace USER32!MessageTable+0x29e
03 1a53fef0 787c3911 USER32!MessageTable+0x386
04 0ab453e0 0a217b18 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 0013bfa0 0ab453e0 0xa217b18
06 000c3930 0013bfa0 0xab453e0
07 000c1b30 000c3930 0x13bfa0
08 000c07f0 000c1b30 0xc3930
09 000c2580 000c07f0 0xc1b30
0a 7886c960 000c2580 0xc07f0
0b 00102828 7886c960 0xc2580
0c 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
0d 000c31b0 0c7d6d38 0x102828
0e 000be1a0 000c31b0 0xc7d6d38
0f 0d11b060 000be1a0 0xc31b0
10 04d81070 0d11b060 0xbe1a0
11 04df1d30 04d81070 0xd11b060
12 04e72de8 04df1d30 0x4d81070
13 03279220 04e72de8 0x4df1d30
14 0a217b18 03279220 0x4e72de8
15 0ab453e0 0a217b18 0x3279220
16 0013bfa0 0ab453e0 0xa217b18
17 000c3930 0013bfa0 0xab453e0
18 000c1b30 000c3930 0x13bfa0
19 000c07f0 000c1b30 0xc3930
1a 000c2580 000c07f0 0xc1b30
1b 7886c960 000c2580 0xc07f0
1c 00102828 7886c960 0xc2580
1d 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
1e 000c31b0 0c7d6d38 0x102828
1f 000be1a0 000c31b0 0xc7d6d38
20 0d11b060 000be1a0 0xc31b0
21 04d81070 0d11b060 0xbe1a0
22 04df1d30 04d81070 0xd11b060
23 04e72de8 04df1d30 0x4d81070
24 03279220 04e72de8 0x4df1d30
25 0a217b18 03279220 0x4e72de8
26 0ab453e0 0a217b18 0x3279220
27 0013bfa0 0ab453e0 0xa217b18
28 000c3930 0013bfa0 0xab453e0
29 000c1b30 000c3930 0x13bfa0
2a 000c07f0 000c1b30 0xc3930
2b 000c2580 000c07f0 0xc1b30
2c 7886c960 000c2580 0xc07f0
2d 00102828 7886c960 0xc2580
2e 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
2f 000c31b0 0c7d6d38 0x102828
30 000be1a0 000c31b0 0xc7d6d38
31 0d11b060 000be1a0 0xc31b0




Thread ID: 38
System Thread ID: 1bb1c
Kernel Time: 0:0:18.875
User Time: 0:7:32.500
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 1a59fe28 7c573c23 ntdll!NtContinue+0xc
01 1a59fe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 1a59fed4 77e11ace USER32!MessageTable+0x29e
03 1a59fef0 787c3911 USER32!MessageTable+0x386
04 0c7d6d38 00102828 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 000c31b0 0c7d6d38 0x102828
06 000be1a0 000c31b0 0xc7d6d38
07 0d11b060 000be1a0 0xc31b0
08 04d81070 0d11b060 0xbe1a0
09 04df1d30 04d81070 0xd11b060
0a 04e72de8 04df1d30 0x4d81070
0b 03279220 04e72de8 0x4df1d30
0c 0a217b18 03279220 0x4e72de8
0d 0ab453e0 0a217b18 0x3279220
0e 0013bfa0 0ab453e0 0xa217b18
0f 000c3930 0013bfa0 0xab453e0
10 000c1b30 000c3930 0x13bfa0
11 000c07f0 000c1b30 0xc3930
12 000c2580 000c07f0 0xc1b30
13 7886c960 000c2580 0xc07f0
14 00102828 7886c960 0xc2580
15 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
16 000c31b0 0c7d6d38 0x102828
17 000be1a0 000c31b0 0xc7d6d38
18 0d11b060 000be1a0 0xc31b0
19 04d81070 0d11b060 0xbe1a0
1a 04df1d30 04d81070 0xd11b060
1b 04e72de8 04df1d30 0x4d81070
1c 03279220 04e72de8 0x4df1d30
1d 0a217b18 03279220 0x4e72de8
1e 0ab453e0 0a217b18 0x3279220
1f 0013bfa0 0ab453e0 0xa217b18
20 000c3930 0013bfa0 0xab453e0
21 000c1b30 000c3930 0x13bfa0
22 000c07f0 000c1b30 0xc3930
23 000c2580 000c07f0 0xc1b30
24 7886c960 000c2580 0xc07f0
25 00102828 7886c960 0xc2580
26 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
27 000c31b0 0c7d6d38 0x102828
28 000be1a0 000c31b0 0xc7d6d38
29 0d11b060 000be1a0 0xc31b0
2a 04d81070 0d11b060 0xbe1a0
2b 04df1d30 04d81070 0xd11b060
2c 04e72de8 04df1d30 0x4d81070
2d 03279220 04e72de8 0x4df1d30
2e 0a217b18 03279220 0x4e72de8
2f 0ab453e0 0a217b18 0x3279220
30 0013bfa0 0ab453e0 0xa217b18
31 000c3930 0013bfa0 0xab453e0




Thread ID: 39
System Thread ID: 1bb54
Kernel Time: 0:0:1.484
User Time: 0:0:1.656
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 1a6fff74 77d37b4c ntdll!RtlTimeToTimeFields+0xf7
01 1a6fffa8 77d358d6 RPCRT4!NdrpConformantStringUnmarshall+0xda
02 1a6fffb4 7c57438b RPCRT4!LRPC_CASSOCIATION::AllocateCCall+0x1ef




Thread ID: 40
System Thread ID: 1bb68
Kernel Time: 0:0:17.453
User Time: 0:5:24.281
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 1a79fe28 7c573c23 ntdll!NtContinue+0xc
01 1a79fe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
02 1a79fed4 77e11ace USER32!MessageTable+0x29e
03 1a79fef0 787c3911 USER32!MessageTable+0x386
04 000be1a0 000c31b0 COMSVCS!CMtaActivity::AsyncCall+0x923
WARNING: Frame IP not in any known module. Following frames may be
wrong.
05 0d11b060 000be1a0 0xc31b0
06 04d81070 0d11b060 0xbe1a0
07 04df1d30 04d81070 0xd11b060
08 04e72de8 04df1d30 0x4d81070
09 03279220 04e72de8 0x4df1d30
0a 0a217b18 03279220 0x4e72de8
0b 0ab453e0 0a217b18 0x3279220
0c 0013bfa0 0ab453e0 0xa217b18
0d 000c3930 0013bfa0 0xab453e0
0e 000c1b30 000c3930 0x13bfa0
0f 000c07f0 000c1b30 0xc3930
10 000c2580 000c07f0 0xc1b30
11 7886c960 000c2580 0xc07f0
12 00102828 7886c960 0xc2580
13 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
14 000c31b0 0c7d6d38 0x102828
15 000be1a0 000c31b0 0xc7d6d38
16 0d11b060 000be1a0 0xc31b0
17 04d81070 0d11b060 0xbe1a0
18 04df1d30 04d81070 0xd11b060
19 04e72de8 04df1d30 0x4d81070
1a 03279220 04e72de8 0x4df1d30
1b 0a217b18 03279220 0x4e72de8
1c 0ab453e0 0a217b18 0x3279220
1d 0013bfa0 0ab453e0 0xa217b18
1e 000c3930 0013bfa0 0xab453e0
1f 000c1b30 000c3930 0x13bfa0
20 000c07f0 000c1b30 0xc3930
21 000c2580 000c07f0 0xc1b30
22 7886c960 000c2580 0xc07f0
23 00102828 7886c960 0xc2580
24 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
25 000c31b0 0c7d6d38 0x102828
26 000be1a0 000c31b0 0xc7d6d38
27 0d11b060 000be1a0 0xc31b0
28 04d81070 0d11b060 0xbe1a0
29 04df1d30 04d81070 0xd11b060
2a 04e72de8 04df1d30 0x4d81070
2b 03279220 04e72de8 0x4df1d30
2c 0a217b18 03279220 0x4e72de8
2d 0ab453e0 0a217b18 0x3279220
2e 0013bfa0 0ab453e0 0xa217b18
2f 000c3930 0013bfa0 0xab453e0
30 000c1b30 000c3930 0x13bfa0
31 000c07f0 000c1b30 0xc3930




Thread ID: 41
System Thread ID: 1d0f0
Kernel Time: 0:0:0.812
User Time: 0:0:0.921
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0232ff74 77d37b4c ntdll!RtlTimeToTimeFields+0xf7
01 0232ffa8 77d358d6 RPCRT4!NdrpConformantStringUnmarshall+0xda
02 0232ffb4 7c57438b RPCRT4!LRPC_CASSOCIATION::AllocateCCall+0x1ef




Thread ID: 42
System Thread ID: 1d0f4
Kernel Time: 0:0:1.62
User Time: 0:0:0.968
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0236ff74 77d37b4c ntdll!RtlTimeToTimeFields+0xf7
01 0236ffa8 77d358d6 RPCRT4!NdrpConformantStringUnmarshall+0xda
02 0236ffb4 7c57438b RPCRT4!LRPC_CASSOCIATION::AllocateCCall+0x1ef




Thread ID: 43
System Thread ID: 1f3fc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 00a5ff60 7c573b28 ntdll!ZwWriteFile+0xc
01 00a5ff88 77ab510c KERNEL32!WaitForSingleObjectEx+0x66
02 00007530 00000000 ole32!CFrameFilter::OnMessage+0x71

*****

Dump name is formatted as: PID-Timestamp.dmp

Creating C:\iisstate\output\2232-1095359554.dmp - mini user dump

*****

Closing open log file C:\iisstate\output\IISState-2232.log

 >> Stay informed about: IISState log help 
Back to top
Login to vote
patfilot

External


Since: Aug 24, 2003
Posts: 1478



(Msg. 2) Posted: Thu Sep 16, 2004 10:31 pm
Post subject: Re: IISState log help [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
I can't really tell you much about the IISState log file b/c symbols were
not available. IISState needs to be able to reach microsoft.com at least 1
time to download symbols. That will yield better analysis and a clearer
picture of what is going on.


Pat

"Jane S" <jane_s_2004 RemoveThis @yahoo.com> wrote in message
news:ce39d912.0409161428.3b5481d2@posting.google.com...
 > Hi! I would be greateful if you could help me interpret the following
 > log file...
 >
 > Our website hangs periodically, once in 1-2 days. I reviewed logs from
 > IIS Debug tool; it shows that some threads take really long time (over
 > 30 min). Here is part of that log:
 >
 > 0:000> !runaway
 > *** WARNING: symbols timestamp is wrong 0x4060ef9c 0x3c1fe60f for
 > C:\WINNT\system32\KERNEL32.DLL
 > User Mode Time
 > Thread Time
 > a8c 0 days 0:37:46.546
 > a9c 0 days 0:36:44.921
 > a78 0 days 0:36:14.671
 > a94 0 days 0:36:07.015
 > a80 0 days 0:35:11.718
 > a88 0 days 0:34:42.281
 > a84 0 days 0:33:08.765
 > 2754 0 days 0:29:54.296
 > 8908 0 days 0:15:09.203
 > 9b70 0 days 0:13:21.140
 > a70c 0 days 0:10:55.531
 > b05c 0 days 0:09:17.671
 > b050 0 days 0:09:05.265
 > d074 0 days 0:03:37.750
 > d820 0 days 0:03:24.468
 > e3b4 0 days 0:01:26.640
 > 8c0 0 days 0:00:15.578
 > 8c4 0 days 0:00:15.187
 >
 > When the server was re-started, we ran IISState on it, and created a
 > log when the server became very slow (did not hang completely yet). In
 > the log created by IISState, i don't see any reference to specific ASP
 > pages, only "Unable to locate ASP page" notes.
 > Could you point me to how to extract information about what
 > specifically causing the server slow down and hang?
 >
 > Thanks a lot!
 >
 > -------------------
 > Opened log file 'C:\iisstate\output\IISState-2232.log'
 >
 > ***********************
 > Starting new log output
 > IISState version 3.3.1
 >
 > Thu Sep 16 14:31:47 2004
 >
 > OS = Windows 2000
 > Executable: dllhost.exe
 > PID = 2232
 >
 > Note: Thread times are formatted as HH:MM:SS.ms
 >
 > ***********************
 >
 >
 >
 >
 > Thread ID: 0
 > System Thread ID: 8b4
 > Kernel Time: 0:0:0.46
 > User Time: 0:0:0.15
 > *** WARNING: symbols timestamp is wrong 0x4060ef9b 0x3af32050 for
 > C:\WINNT\system32\ntdll.dll
 > *** WARNING: symbols timestamp is wrong 0x4060ef9c 0x3c1fe60f for
 > C:\WINNT\system32\KERNEL32.DLL
 > *** WARNING: symbols timestamp is wrong 0x4050da31 0x3bdfa42d for
 > C:\WINNT\system32\ole32.dll
 > *** WARNING: symbols timestamp is wrong 0x3e7b8905 0x3a440524 for
 > C:\WINNT\system32\dllhost.exe
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0006fd28 7c573b28 ntdll!ZwWriteFile+0xc
 > 01 0006fd50 7c573b50 KERNEL32!WaitForSingleObjectEx+0x66
 > 02 0006fd60 77aaa701 KERNEL32!WaitForSingleObject+0x4
 > 03 0006ff24 010014c6 ole32!OleMetafilePictFromIconAndLabel+0x12d
 > 04 0006ffc0 7c581af6 dllhost!WinMainCRTStartup+0x156
 > 05 0006fff0 00000000 KERNEL32!GetLocaleInfoW+0x4c3
 >
 >
 >
 >
 > Thread ID: 1
 > System Thread ID: 8c4
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > *** WARNING: symbols timestamp is wrong 0x4060ef9c 0x3bdfa41e for
 > C:\WINNT\system32\USER32.DLL
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 008fff14 77e115d7 USER32!ValidateHwnd
 > 01 008fff30 77abbad5 USER32!HMValidateHandle+0x8a
 > 02 008fff70 77abba23 ole32!UtQueryPictFormat+0x17
 > 03 008fff8c 77abb95e ole32!UtReadOlePresStmHeader+0xcb
 > 04 008fffa8 77ab5046 ole32!CLSIDFromOle1Class+0x50
 > 05 008fffbc 000002ca ole32!DdeCommonWndProc+0x159
 >
 >
 >
 >
 > Thread ID: 2
 > System Thread ID: 8cc
 > Kernel Time: 0:0:0.15
 > User Time: 0:0:0.0
 > *** WARNING: symbols timestamp is wrong 0x4050da32 0x3c1fe617 for
 > C:\WINNT\system32\TxfAux.Dll
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 00a0fc80 6de8b9d0 ntdll!_allmul+0x25
 > 01 00a0fd94 6de8b908 TxfAux!WORK_QUEUE::WorkerLoop+0x100
 > 02 00a0ffb4 7c57438b TxfAux!WORK_QUEUE::WorkerLoop+0x38
 >
 >
 >
 >
 > Thread ID: 3
 > System Thread ID: 8c8
 > Kernel Time: 0:0:7.781
 > User Time: 0:0:7.328
 > *** WARNING: symbols timestamp is wrong 0x4050da31 0x3bdfa422 for
 > C:\WINNT\system32\RPCRT4.DLL
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: *** ERROR: Symbol file could not be found. Defaulted
 > to export symbols for C:\WINNT\System32\inetsrv\asp.dll -
 > ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > No remote call being made
 >
 > # ChildEBP RetAddr
 > 00 00c6ff74 77d359a3 ntdll!NtRemoveIoCompletion+0x5
 > 01 00c6ffa8 77d358d6
 > RPCRT4!LRPC_CASSOCIATION::ActuallyAllocateCCall+0x67
 > 02 00c6ffb4 7c57438b RPCRT4!LRPC_CASSOCIATION::AllocateCCall+0x1ef
 >
 >
 >
 >
 > Thread ID: 4
 > System Thread ID: 914
 > Kernel Time: 0:0:0.46
 > User Time: 0:0:0.15
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 00caff08 7c573c23 ntdll!NtContinue+0xc
 > 01 00caff58 7c578f0d KERNEL32!GetQueuedCompletionStatus+0x65
 > 02 00caffec 00000000 KERNEL32!TransactNamedPipe+0x14d
 >
 >
 >
 >
 > Thread ID: 5
 > System Thread ID: 918
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > *** WARNING: symbols timestamp is wrong 0x4050da33 0x3c1fe62d for
 > C:\WINNT\system32\COMSVCS.DLL
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > No remote call being made
 >
 > # ChildEBP RetAddr
 > 00 00cefb94 77d3ac56 ntdll!RtlMultiByteToUnicodeN+0xd8
 > 01 00cefba0 77b25b87 RPCRT4!OSF_CCONNECTION::TransClose+0x6f
 > 02 00cefbc0 77b25a52 ole32!_NULL_IMPORT_DESCRIPTOR+0x47f3
 > 03 00cefbd8 77b22ab6 ole32!_NULL_IMPORT_DESCRIPTOR+0x46be
 > 04 00cefc18 77b258c6 ole32!CDocFile::CopyTo+0x129
 > 05 00cefc88 77ab74c3 ole32!_NULL_IMPORT_DESCRIPTOR+0x4532
 > 06 00cefce0 77d94c1a ole32!CDIFat::Fixup+0x498
 > 07 00cefcfc 77d9487d RPCRT4!NdrpSetupBeginClientCall+0x9b
 > 08 00cefd68 77aa9581 RPCRT4!CStdAsyncProxyBuffer_Release+0x12
 > 09 00ceff44 77d95136 ole32!CClientSecurity::CopyProxy+0x11
 > 0a 00ceff60 77d46e75 RPCRT4!NdrValidateBothAndLockAsyncHandle+0x8
 > 0b 00ceff60 77d46e75 RPCRT4!LRPC_BINDING_HANDLE::BindingCopy+0x7a
 > 0c 00ceff70 787f5818 RPCRT4!LRPC_BINDING_HANDLE::BindingCopy+0x7a
 >
 >
 >
 >
 > Thread ID: 6
 > System Thread ID: 91c
 > Kernel Time: 0:0:0.15
 > User Time: 0:0:0.15
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 00d2fee0 7c573a4e ntdll!NtRemoveIoCompletion+0x5
 > 01 00d2ff00 7c573a22 KERNEL32!BasepMapModuleHandle+0x28
 > 02 77f82091 4affc033 KERNEL32!TlsGetValue+0x11
 > WARNING: Frame IP not in any known module. Following frames may be
 > wrong.
 > 03 0424548b 00000000 0x4affc033
 >
 >
 >
 >
 > Thread ID: 7
 > System Thread ID: 920
 > Kernel Time: 0:1:21.781
 > User Time: 0:0:33.140
 > *** WARNING: symbols timestamp is wrong 0x3ef274f0 0x3cab7f89 for
 > C:\WINNT\system32\IISRTL.DLL
 > *** ERROR: Symbol file could not be found. Defaulted to export
 > symbols for -
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 00fafe5c 7c573c23 ntdll!NtContinue+0xc
 > 01 00fafeac 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
 > 02 00faff08 77e11ace USER32!MessageTable+0x29e
 > 03 00faff24 6e5a5a7c USER32!MessageTable+0x386
 > 04 00faff78 78008593
 > IISRTL!CRtlResource::SetDefaultSpinAdjustmentFactor+0x23
 > WARNING: Stack unwind information not available. Following frames may
 > be wrong.
 > 05 00faffb4 7c57438b MSVCRT!endthreadex+0x93
 >
 >
 >
 >
 > Thread ID: 8
 > System Thread ID: 924
 > Kernel Time: 0:1:18.796
 > User Time: 0:0:33.750
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 00fefe5c 7c573c23 ntdll!NtContinue+0xc
 > 01 00fefeac 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
 > 02 00feff08 77e11ace USER32!MessageTable+0x29e
 > 03 00feff24 6e5a5a7c USER32!MessageTable+0x386
 > 04 00feff78 78008593
 > IISRTL!CRtlResource::SetDefaultSpinAdjustmentFactor+0x23
 > WARNING: Stack unwind information not available. Following frames may
 > be wrong.
 > 05 00feffb4 7c57438b MSVCRT!endthreadex+0x93
 >
 >
 >
 >
 > Thread ID: 9
 > System Thread ID: 928
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > *** WARNING: symbols timestamp is wrong 0x3ef274f2 0x3cab7f89 for
 > C:\WINNT\System32\inetsrv\ISATQ.DLL
 > Thread Type: HTTP Listener
 > # ChildEBP RetAddr
 > 00 0110ff7c 6d702957 ntdll!_allmul+0x25
 > 01 7c310dd6 f76868ff ISATQ!`string'+0x3
 > WARNING: Frame IP not in any known module. Following frames may be
 > wrong.
 > 02 6aec8b55 00000000 0xf76868ff
 >
 >
 >
 >
 > Thread ID: 10
 > System Thread ID: 92c
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: HTTP Listener
 > # ChildEBP RetAddr
 > 00 0114ff7c 6d702957 ntdll!_allmul+0x25
 > 01 7c310dd6 f76868ff ISATQ!`string'+0x3
 > WARNING: Frame IP not in any known module. Following frames may be
 > wrong.
 > 02 6aec8b55 00000000 0xf76868ff
 >
 >
 >
 >
 > Thread ID: 11
 > System Thread ID: b08
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > No remote call being made
 >
 > # ChildEBP RetAddr
 > 00 01f6fee4 77d31394 ntdll!_allmul+0x25
 > 01 01f6ff20 77d3e93f RPCRT4!InitializeDLL+0x78
 > 02 01f6ff74 77d3e8c2 RPCRT4!UnicodeToAnsiString+0x14
 > 03 01f6ffa8 77d358d6 RPCRT4!MinOf+0x1
 > 04 01f6ffb4 7c57438b RPCRT4!LRPC_CASSOCIATION::AllocateCCall+0x1ef
 > 05 01f6ffd4 77f87c5e KERNEL32!NlsStrLenW+0x44
 >
 >
 >
 >
 > Thread ID: 12
 > System Thread ID: b18
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: ASP
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > # ChildEBP RetAddr
 > 00 0202fe70 7c573c23 ntdll!NtContinue+0xc
 > 01 0202fec0 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
 > 02 0202ff1c 77e11ace USER32!MessageTable+0x29e
 > 03 0202ff38 74a01e69 USER32!MessageTable+0x386
 > WARNING: Stack unwind information not available. Following frames may
 > be wrong.
 > 04 0202ff7c 78008454 asp!GetExtensionVersion+0x2deb
 > 05 0202ffb4 7c57438b MSVCRT!endthread+0xc1
 >
 >
 >
 >
 > Thread ID: 13
 > System Thread ID: b1c
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: ASP
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > # ChildEBP RetAddr
 > 00 0206fe70 7c573c23 ntdll!NtContinue+0xc
 > 01 0206fec0 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
 > 02 0206ff1c 77e11ace USER32!MessageTable+0x29e
 > 03 0206ff38 74a01eca USER32!MessageTable+0x386
 > WARNING: Stack unwind information not available. Following frames may
 > be wrong.
 > 04 0206ff7c 78008454 asp!GetExtensionVersion+0x2e4c
 > 05 0206ffb4 7c57438b MSVCRT!endthread+0xc1
 >
 >
 >
 >
 > Thread ID: 14
 > System Thread ID: b20
 > Kernel Time: 0:0:0.187
 > User Time: 0:0:0.62
 > *** WARNING: Unable to verify checksum for
 > *** ERROR: Symbol file could not be found. Defaulted to export
 > symbols for -
 > Thread Type: PDM (Debugger) Thread.
 > # ChildEBP RetAddr
 > 00 020afddc 7c573c23 ntdll!NtContinue+0xc
 > 01 020afe2c 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
 > 02 020afe88 77e11ace USER32!MessageTable+0x29e
 > 03 020afea4 4a00886c USER32!MessageTable+0x386
 > 04 020aff7c 7c574499 pdm+0x886c
 > 05 020affb0 4a008a09 KERNEL32!MulDiv+0x37
 > 06 020affcc 77f82a06 pdm+0x8a09
 >
 >
 >
 >
 > Thread ID: 15
 > System Thread ID: b74
 > Kernel Time: 0:0:0.62
 > User Time: 0:0:0.62
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0212ff9c 77f842c4 ntdll!NtRemoveIoCompletion+0x5
 > 01 0212ffb4 7c57438b ntdll!NtSetValueKey+0x5
 > 02 0212ffd4 7c57a1b8 KERNEL32!NlsStrLenW+0x44
 > 03 0212ffdc 7c57e597 KERNEL32!LongCompareStringW+0xf22
 > 04 ffffffff 00000000 KERNEL32!`string'+0x1f
 >
 >
 >
 >
 > Thread ID: 16
 > System Thread ID: b78
 > Kernel Time: 0:3:5.78
 > User Time: 1:8:31.687
 > Thread Type: Idle ASP thread
 > # ChildEBP RetAddr
 > 00 0216fe28 7c573c23 ntdll!NtContinue+0xc
 > 01 0216fe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
 > 02 0216fed4 77e11ace USER32!MessageTable+0x29e
 > 03 0216fef0 787c3911 USER32!MessageTable+0x386
 > 04 000c07f0 000c1b30 COMSVCS!CMtaActivity::AsyncCall+0x923
 > WARNING: Frame IP not in any known module. Following frames may be
 > wrong.
 > 05 000c2580 000c07f0 0xc1b30
 > 06 7886c960 000c2580 0xc07f0
 > 07 00102828 7886c960 0xc2580
 > 08 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 09 000c31b0 0c7d6d38 0x102828
 > 0a 000be1a0 000c31b0 0xc7d6d38
 > 0b 0d11b060 000be1a0 0xc31b0
 > 0c 04d81070 0d11b060 0xbe1a0
 > 0d 04df1d30 04d81070 0xd11b060
 > 0e 04e72de8 04df1d30 0x4d81070
 > 0f 03279220 04e72de8 0x4df1d30
 > 10 0a217b18 03279220 0x4e72de8
 > 11 0ab453e0 0a217b18 0x3279220
 > 12 0013bfa0 0ab453e0 0xa217b18
 > 13 000c3930 0013bfa0 0xab453e0
 > 14 000c1b30 000c3930 0x13bfa0
 > 15 000c07f0 000c1b30 0xc3930
 > 16 000c2580 000c07f0 0xc1b30
 > 17 7886c960 000c2580 0xc07f0
 > 18 00102828 7886c960 0xc2580
 > 19 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 1a 000c31b0 0c7d6d38 0x102828
 > 1b 000be1a0 000c31b0 0xc7d6d38
 > 1c 0d11b060 000be1a0 0xc31b0
 > 1d 04d81070 0d11b060 0xbe1a0
 > 1e 04df1d30 04d81070 0xd11b060
 > 1f 04e72de8 04df1d30 0x4d81070
 > 20 03279220 04e72de8 0x4df1d30
 > 21 0a217b18 03279220 0x4e72de8
 > 22 0ab453e0 0a217b18 0x3279220
 > 23 0013bfa0 0ab453e0 0xa217b18
 > 24 000c3930 0013bfa0 0xab453e0
 > 25 000c1b30 000c3930 0x13bfa0
 > 26 000c07f0 000c1b30 0xc3930
 > 27 000c2580 000c07f0 0xc1b30
 > 28 7886c960 000c2580 0xc07f0
 > 29 00102828 7886c960 0xc2580
 > 2a 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 2b 000c31b0 0c7d6d38 0x102828
 > 2c 000be1a0 000c31b0 0xc7d6d38
 > 2d 0d11b060 000be1a0 0xc31b0
 > 2e 04d81070 0d11b060 0xbe1a0
 > 2f 04df1d30 04d81070 0xd11b060
 > 30 04e72de8 04df1d30 0x4d81070
 > 31 03279220 04e72de8 0x4df1d30
 >
 >
 >
 >
 > Thread ID: 17
 > System Thread ID: b7c
 > Kernel Time: 0:2:59.343
 > User Time: 1:7:28.703
 > Thread Type: Idle ASP thread
 > # ChildEBP RetAddr
 > 00 021afe28 7c573c23 ntdll!NtContinue+0xc
 > 01 021afe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
 > 02 021afed4 77e11ace USER32!MessageTable+0x29e
 > 03 021afef0 787c3911 USER32!MessageTable+0x386
 > 04 000c1b30 000c3930 COMSVCS!CMtaActivity::AsyncCall+0x923
 > WARNING: Frame IP not in any known module. Following frames may be
 > wrong.
 > 05 000c07f0 000c1b30 0xc3930
 > 06 000c2580 000c07f0 0xc1b30
 > 07 7886c960 000c2580 0xc07f0
 > 08 00102828 7886c960 0xc2580
 > 09 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 0a 000c31b0 0c7d6d38 0x102828
 > 0b 000be1a0 000c31b0 0xc7d6d38
 > 0c 0d11b060 000be1a0 0xc31b0
 > 0d 04d81070 0d11b060 0xbe1a0
 > 0e 04df1d30 04d81070 0xd11b060
 > 0f 04e72de8 04df1d30 0x4d81070
 > 10 03279220 04e72de8 0x4df1d30
 > 11 0a217b18 03279220 0x4e72de8
 > 12 0ab453e0 0a217b18 0x3279220
 > 13 0013bfa0 0ab453e0 0xa217b18
 > 14 000c3930 0013bfa0 0xab453e0
 > 15 000c1b30 000c3930 0x13bfa0
 > 16 000c07f0 000c1b30 0xc3930
 > 17 000c2580 000c07f0 0xc1b30
 > 18 7886c960 000c2580 0xc07f0
 > 19 00102828 7886c960 0xc2580
 > 1a 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 1b 000c31b0 0c7d6d38 0x102828
 > 1c 000be1a0 000c31b0 0xc7d6d38
 > 1d 0d11b060 000be1a0 0xc31b0
 > 1e 04d81070 0d11b060 0xbe1a0
 > 1f 04df1d30 04d81070 0xd11b060
 > 20 04e72de8 04df1d30 0x4d81070
 > 21 03279220 04e72de8 0x4df1d30
 > 22 0a217b18 03279220 0x4e72de8
 > 23 0ab453e0 0a217b18 0x3279220
 > 24 0013bfa0 0ab453e0 0xa217b18
 > 25 000c3930 0013bfa0 0xab453e0
 > 26 000c1b30 000c3930 0x13bfa0
 > 27 000c07f0 000c1b30 0xc3930
 > 28 000c2580 000c07f0 0xc1b30
 > 29 7886c960 000c2580 0xc07f0
 > 2a 00102828 7886c960 0xc2580
 > 2b 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 2c 000c31b0 0c7d6d38 0x102828
 > 2d 000be1a0 000c31b0 0xc7d6d38
 > 2e 0d11b060 000be1a0 0xc31b0
 > 2f 04d81070 0d11b060 0xbe1a0
 > 30 04df1d30 04d81070 0xd11b060
 > 31 04e72de8 04df1d30 0x4d81070
 >
 >
 >
 >
 > Thread ID: 18
 > System Thread ID: b88
 > Kernel Time: 0:3:2.546
 > User Time: 1:7:14.609
 > Thread Type: Idle ASP thread
 > # ChildEBP RetAddr
 > 00 0226fe28 7c573c23 ntdll!NtContinue+0xc
 > 01 0226fe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
 > 02 0226fed4 77e11ace USER32!MessageTable+0x29e
 > 03 0226fef0 787c3911 USER32!MessageTable+0x386
 > 04 000c31b0 0c7d6d38 COMSVCS!CMtaActivity::AsyncCall+0x923
 > WARNING: Frame IP not in any known module. Following frames may be
 > wrong.
 > 05 000be1a0 000c31b0 0xc7d6d38
 > 06 0d11b060 000be1a0 0xc31b0
 > 07 04d81070 0d11b060 0xbe1a0
 > 08 04df1d30 04d81070 0xd11b060
 > 09 04e72de8 04df1d30 0x4d81070
 > 0a 03279220 04e72de8 0x4df1d30
 > 0b 0a217b18 03279220 0x4e72de8
 > 0c 0ab453e0 0a217b18 0x3279220
 > 0d 0013bfa0 0ab453e0 0xa217b18
 > 0e 000c3930 0013bfa0 0xab453e0
 > 0f 000c1b30 000c3930 0x13bfa0
 > 10 000c07f0 000c1b30 0xc3930
 > 11 000c2580 000c07f0 0xc1b30
 > 12 7886c960 000c2580 0xc07f0
 > 13 00102828 7886c960 0xc2580
 > 14 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 15 000c31b0 0c7d6d38 0x102828
 > 16 000be1a0 000c31b0 0xc7d6d38
 > 17 0d11b060 000be1a0 0xc31b0
 > 18 04d81070 0d11b060 0xbe1a0
 > 19 04df1d30 04d81070 0xd11b060
 > 1a 04e72de8 04df1d30 0x4d81070
 > 1b 03279220 04e72de8 0x4df1d30
 > 1c 0a217b18 03279220 0x4e72de8
 > 1d 0ab453e0 0a217b18 0x3279220
 > 1e 0013bfa0 0ab453e0 0xa217b18
 > 1f 000c3930 0013bfa0 0xab453e0
 > 20 000c1b30 000c3930 0x13bfa0
 > 21 000c07f0 000c1b30 0xc3930
 > 22 000c2580 000c07f0 0xc1b30
 > 23 7886c960 000c2580 0xc07f0
 > 24 00102828 7886c960 0xc2580
 > 25 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 26 000c31b0 0c7d6d38 0x102828
 > 27 000be1a0 000c31b0 0xc7d6d38
 > 28 0d11b060 000be1a0 0xc31b0
 > 29 04d81070 0d11b060 0xbe1a0
 > 2a 04df1d30 04d81070 0xd11b060
 > 2b 04e72de8 04df1d30 0x4d81070
 > 2c 03279220 04e72de8 0x4df1d30
 > 2d 0a217b18 03279220 0x4e72de8
 > 2e 0ab453e0 0a217b18 0x3279220
 > 2f 0013bfa0 0ab453e0 0xa217b18
 > 30 000c3930 0013bfa0 0xab453e0
 > 31 000c1b30 000c3930 0x13bfa0
 >
 >
 >
 >
 > Thread ID: 19
 > System Thread ID: b90
 > Kernel Time: 0:3:1.703
 > User Time: 1:5:33.406
 > Thread Type: Idle ASP thread
 > # ChildEBP RetAddr
 > 00 022afe28 7c573c23 ntdll!NtContinue+0xc
 > 01 022afe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
 > 02 022afed4 77e11ace USER32!MessageTable+0x29e
 > 03 022afef0 787c3911 USER32!MessageTable+0x386
 > 04 000c3930 0013bfa0 COMSVCS!CMtaActivity::AsyncCall+0x923
 > WARNING: Frame IP not in any known module. Following frames may be
 > wrong.
 > 05 000c1b30 000c3930 0x13bfa0
 > 06 000c07f0 000c1b30 0xc3930
 > 07 000c2580 000c07f0 0xc1b30
 > 08 7886c960 000c2580 0xc07f0
 > 09 00102828 7886c960 0xc2580
 > 0a 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 0b 000c31b0 0c7d6d38 0x102828
 > 0c 000be1a0 000c31b0 0xc7d6d38
 > 0d 0d11b060 000be1a0 0xc31b0
 > 0e 04d81070 0d11b060 0xbe1a0
 > 0f 04df1d30 04d81070 0xd11b060
 > 10 04e72de8 04df1d30 0x4d81070
 > 11 03279220 04e72de8 0x4df1d30
 > 12 0a217b18 03279220 0x4e72de8
 > 13 0ab453e0 0a217b18 0x3279220
 > 14 0013bfa0 0ab453e0 0xa217b18
 > 15 000c3930 0013bfa0 0xab453e0
 > 16 000c1b30 000c3930 0x13bfa0
 > 17 000c07f0 000c1b30 0xc3930
 > 18 000c2580 000c07f0 0xc1b30
 > 19 7886c960 000c2580 0xc07f0
 > 1a 00102828 7886c960 0xc2580
 > 1b 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 1c 000c31b0 0c7d6d38 0x102828
 > 1d 000be1a0 000c31b0 0xc7d6d38
 > 1e 0d11b060 000be1a0 0xc31b0
 > 1f 04d81070 0d11b060 0xbe1a0
 > 20 04df1d30 04d81070 0xd11b060
 > 21 04e72de8 04df1d30 0x4d81070
 > 22 03279220 04e72de8 0x4df1d30
 > 23 0a217b18 03279220 0x4e72de8
 > 24 0ab453e0 0a217b18 0x3279220
 > 25 0013bfa0 0ab453e0 0xa217b18
 > 26 000c3930 0013bfa0 0xab453e0
 > 27 000c1b30 000c3930 0x13bfa0
 > 28 000c07f0 000c1b30 0xc3930
 > 29 000c2580 000c07f0 0xc1b30
 > 2a 7886c960 000c2580 0xc07f0
 > 2b 00102828 7886c960 0xc2580
 > 2c 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 2d 000c31b0 0c7d6d38 0x102828
 > 2e 000be1a0 000c31b0 0xc7d6d38
 > 2f 0d11b060 000be1a0 0xc31b0
 > 30 04d81070 0d11b060 0xbe1a0
 > 31 04df1d30 04d81070 0xd11b060
 >
 >
 >
 >
 > Thread ID: 20
 > System Thread ID: b94
 > Kernel Time: 0:0:1.46
 > User Time: 0:0:0.453
 > Thread Type: Idle ASP thread
 > # ChildEBP RetAddr
 > 00 022efe28 7c573c23 ntdll!NtContinue+0xc
 > 01 022efe78 77e119e6 KERNEL32!GetQueuedCompletionStatus+0x65
 > 02 022efed4 77e11ace USER32!MessageTable+0x29e
 > 03 022efef0 787c3911 USER32!MessageTable+0x386
 > 04 000c2580 000c07f0 COMSVCS!CMtaActivity::AsyncCall+0x923
 > WARNING: Frame IP not in any known module. Following frames may be
 > wrong.
 > 05 7886c960 000c2580 0xc07f0
 > 06 00102828 7886c960 0xc2580
 > 07 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 08 000c31b0 0c7d6d38 0x102828
 > 09 000be1a0 000c31b0 0xc7d6d38
 > 0a 0d11b060 000be1a0 0xc31b0
 > 0b 04d81070 0d11b060 0xbe1a0
 > 0c 04df1d30 04d81070 0xd11b060
 > 0d 04e72de8 04df1d30 0x4d81070
 > 0e 03279220 04e72de8 0x4df1d30
 > 0f 0a217b18 03279220 0x4e72de8
 > 10 0ab453e0 0a217b18 0x3279220
 > 11 0013bfa0 0ab453e0 0xa217b18
 > 12 000c3930 0013bfa0 0xab453e0
 > 13 000c1b30 000c3930 0x13bfa0
 > 14 000c07f0 000c1b30 0xc3930
 > 15 000c2580 000c07f0 0xc1b30
 > 16 7886c960 000c2580 0xc07f0
 > 17 00102828 7886c960 0xc2580
 > 18 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 19 000c31b0 0c7d6d38 0x102828
 > 1a 000be1a0 000c31b0 0xc7d6d38
 > 1b 0d11b060 000be1a0 0xc31b0
 > 1c 04d81070 0d11b060 0xbe1a0
 > 1d 04df1d30 04d81070 0xd11b060
 > 1e 04e72de8 04df1d30 0x4d81070
 > 1f 03279220 04e72de8 0x4df1d30
 > 20 0a217b18 03279220 0x4e72de8
 > 21 0ab453e0 0a217b18 0x3279220
 > 22 0013bfa0 0ab453e0 0xa217b18
 > 23 000c3930 0013bfa0 0xab453e0
 > 24 000c1b30 000c3930 0x13bfa0
 > 25 000c07f0 000c1b30 0xc3930
 > 26 000c2580 000c07f0 0xc1b30
 > 27 7886c960 000c2580 0xc07f0
 > 28 00102828 7886c960 0xc2580
 > 29 0c7d6d38 00102828 COMSVCS!___PchSym_ <PERF> (COMSVCS+0x12c960)
 > 2a 000c31b0 0c7d6d38 0x102828
 > 2b 000be1a0 000c31b0 0xc7d6d38
 > 2c 0d11b060 000be1a0 0xc31b0
 > 2d 04d81070 0d11b060 0xbe1a0
 > 2e 04df1d30 04d81070 0xd11b060
 > 2f 04e72de8 04df1d30 0x4d81070
 > 30 03279220 04e72de8 0x4df1d30
 > 31 0a217b18 03279220 0x4e72de8
 >
 >
 >
 >
 > Thread ID: 21
 > System Thread ID: ba4
 > Kernel Time: 0:0:9.953
 > User Time: 0:0:9.843
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > No remote call being made
 >
 > # ChildEBP RetAddr
 > 00 023cff74 77d37b4c ntdll!RtlTimeToTimeFields+0xf7
 > 01 023cffa8 77d358d6 RPCRT4!NdrpConformantStringUnmarshall+0xda
 > 02 023cffb4 7c57438b RPCRT4!LRPC_CASSOCIATION::AllocateCCall+0x1ef
 >
 >
 >
 >
 > Thread ID: 22
 > System Thread ID: c1c
 > Kernel Time: 0:0:0.93
 > User Time: 0:0:0.31
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0286ffb4 7c57438b ntdll!_allmul+0x25
 >
 >
 >
 >
 > Thread ID: 23
 > System Thread ID: 820
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > *** ERROR: Symbol file could not be found. Defaulted to export
 > symbols for C:\WINNT\system32\NETAPI32.dll -
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 030bff88 751a4848 ntdll!NtContinue+0xc
 > WARNING: Stack unwind information not available. Following frames may
 > be wrong.
 > 01 030bffb4 7c57438b NETAPI32!RxRemoteApi+0x17a6
 > 02 030bffc0 77f88b43 KERNEL32!NlsStrLenW+0x44
 > 03 030bffec 00000000 ntdll!RtlpStatusTable+0x66b
 >
 >
 >
 >
 > Thread ID: 24
 > System Thread ID: c98
 > Kernel Time: 0:0:0.171
 > User Time: 0:0:0.609
 > *** ERROR: Symbol file could not be found. Defaulted to export
 > symbols for C:\Program Files\Common Files\System\OLE DB\oledb32.dll -
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 030fff5c 7c573b28 ntdll!ZwWriteFile+0xc
 > 01 030fff84 7c573b50 KERNEL32!WaitForSingleObjectEx+0x66
 > 02 030fff94 1f93cf88 KERNEL32!WaitForSingleObject+0x4
 > WARNING: Stack unwind information not available. Following frames may
 > be wrong.
 > 03 030fffb4 7c57438b oledb32!DllGetClassObject+0xa470
 >
 >
 >
 >
 > Thread ID: 25
 > System Thread ID: c8c
 > Kernel Time: 0:0:0.515
 > User Time: 0:0:0.468
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0313ff58 7c573b28 ntdll!ZwWriteFile+0xc
 > 01 0313ff80 7c573b50 KERNEL32!WaitForSingleObjectEx+0x66
 > 02 0313ff90 1f93d152 KERNEL32!WaitForSingleObject+0x4
 > WARNING: Stack unwind information not available. Following frames may
 > be wrong.
 > 03 0313ffb4 7c57438b oledb32!DllGetClassObject+0xa63a
 >
 >
 >
 >
 > Thread ID: 26
 > System Thread ID: 598
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.15
 > Thread Type: Idle ASP thread
 > # ChildEBP RetAddr
 > 00 0317fd54 7c573b28 ntdll!ZwWriteFile+0xc
 > 01 0317fd7c 7c573b50 KERNEL32!WaitForSingleObjectEx+0x66
 > 02 0317fd8c 7878db85 KERNEL32!WaitForSingleObject+0x4
 > 03 0317fd9c 0216dce8
 > COMSVCS!CHolder::SafeDispenserDriver::CreateResource+0x83
 > WARNING: Frame IP not in any known module. Following frames may be
 > wrong.
 > 04 00116120 00119ccc 0x216dce8
 > 05 00116120 00119ccc 0x119ccc
 > 06 00000000 00000000 0x119ccc
 >
 >
 >
 >
 > Thread ID: 27
 > System Thread ID: b64
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0