Welcome to HostingForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

iisstate analysis please

  
   Web Hosting Problem Solving Community! (Home) -> IIS RSS
Next:  Access to web page with IIS 5  
Author Message
anonymous77

External


Since: Oct 14, 2003
Posts: 468



(Msg. 1) Posted: Tue Feb 10, 2004 11:14 am
Post subject: iisstate analysis please
Archived from groups: microsoft>public>inetserver>iis (more info?)
Opened log file 'C:\iisstate\output\IISState-2080.log'

***********************
Starting new log output
IISState version 3.3.1

Tue Feb 10 10:58:42 2004

OS = Windows 2000
Executable: dllhost.exe
PID = 2080

Note: Thread times are formatted as HH:MM:SS.ms

***********************




Thread ID: 0
System Thread ID: 70c
Kernel Time: 0:0:0.31
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\ntdll.dll -
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\KERNEL32.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0006fd50 77e8b32b ntdll!NtWaitForSingleObject+0xb
01 00000000 00000000 KERNEL32!WaitForSingleObject+0xf




Thread ID: 1
System Thread ID: 8b0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\ole32.dll -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0090ff30 77abaf4d USER32!GetMenuItemRect+0x19
01 0090ff70 77abae9b ole32!CoInstall+0x7cd
02 0090ff8c 77abadd6 ole32!CoInstall+0x71b
03 00007530 00000000 ole32!CoInstall+0x656




Thread ID: 2
System Thread ID: 8a8
Kernel Time: 0:0:0.31
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\System32\TxfAux.Dll -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00a1fc98 6de8b953 ntdll!ZwRemoveIoCompletion+0xb
01 00a1fd94 6de8b8a8 TxfAux!Log+0x5e3
02 00a1ffb4 77e8b2d8 TxfAux!Log+0x538
03 00a1ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 3
System Thread ID: 3cc
Kernel Time: 0:0:1.500
User Time: 0:0:2.93
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\RPCRT4.dll -
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: *** ERROR: Symbol file could not be
found. Defaulted to export symbols for C:\WINNT\System32
\inetsrv\asp.dll -
ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00a9ff74 77d56d9e ntdll!ZwReplyWaitReceivePortEx+0xb
01 00a9ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 00a9ffb4 77e8b2d8 RPCRT4!
I_RpcServerInqTransportType+0x1a0
03 00a9ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 4
System Thread ID: 534
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00c1ff58 77ea9c13 ntdll!ZwWaitForMultipleObjects+0xb
01 00c1ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 5
System Thread ID: 554
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\System32\COMSVCS.DLL -
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\System32\NETAPI32.dll -
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00c5fb94 77d3a2c7 ntdll!ZwRequestWaitReplyPort+0xb
01 00c5fba0 77b23b2c RPCRT4!I_RpcSendReceive+0x2c
02 00c5fbc0 77b239f7 ole32!DllDebugObjectRPCHook+0x12a
03 00c5fbd8 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
04 00c5fc18 77b23870 ole32!
StgGetIFillLockBytesOnFile+0x19f30
05 00c5fc88 77ab6ac3 ole32!
WdtpInterfacePointer_UserSize+0x19cd
06 00c5fce0 77d90328 ole32!UpdateDCOMSettings+0xad78
07 00c5fcfc 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
08 00c5ff44 77d95f85 RPCRT4!NdrClientCall2+0x4f5
09 00c5ff60 77d77fcb RPCRT4!NdrStubCall2+0xb03
0a 00c5ff70 787f212e RPCRT4!NdrServerMarshall+0x1311
0b 78866e84 ffffffff COMSVCS!RegisterComEvents+0x6758
0c 0008af50 78866e84 0xffffffff
0d 00000000 00000000 COMSVCS!RegisterComEvents+0x7b4ae




Thread ID: 6
System Thread ID: 574
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00c9ff04 77ea9d5f ntdll!NtDelayExecution+0xb
01 77f87f20 4affc033 KERNEL32!Sleep+0xb
02 0424548b 00044b00 0x4affc033
03 00000500 00000000 0x44b00




Thread ID: 7
System Thread ID: 578
Kernel Time: 0:1:57.609
User Time: 0:0:48.968
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\IisRTL.DLL -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00f1feb0 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 00f1ff0c 77e1e9c8 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 00f1ff28 6e5abc1d USER32!MsgWaitForMultipleObjects+0x1d
03 00406b90 000003e9 IisRTL!ScheduleAdjustTime+0x1dd




Thread ID: 8
System Thread ID: 51c
Kernel Time: 0:1:40.937
User Time: 0:0:56.46
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 00f5feb0 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 00f5ff0c 77e1e9c8 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 00f5ff28 6e5abc1d USER32!MsgWaitForMultipleObjects+0x1d
03 00406c40 000003ea IisRTL!ScheduleAdjustTime+0x1dd




Thread ID: 9
System Thread ID: 498
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\System32\inetsrv\ISATQ.DLL -
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0108ff7c 6d7088db ntdll!ZwRemoveIoCompletion+0xb
01 77de5761 922868ff ISATQ!AtqGetCapTraceInfo+0x7d0
02 6aec8b55 00000000 0x922868ff




Thread ID: 10
System Thread ID: 520
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 010cff7c 6d7088db ntdll!ZwRemoveIoCompletion+0xb
01 77de5761 922868ff ISATQ!AtqGetCapTraceInfo+0x7d0
02 6aec8b55 00000000 0x922868ff




Thread ID: 11
System Thread ID: 794
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0124fee4 77d809da ntdll!ZwRemoveIoCompletion+0xb
01 0124ff20 77d50ede RPCRT4!
I_RpcTransGetAddressList+0x304c
02 0124ff74 77d50d17 RPCRT4!TowerConstruct+0x4abd
03 0124ffa8 77d41c6c RPCRT4!TowerConstruct+0x48f6
04 0124ffb4 77e8b2d8 RPCRT4!
I_RpcServerInqTransportType+0x1a0
05 0124ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 12
System Thread ID: 548
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for -
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 01e3fec4 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 01e3ff20 77e1e9c8 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 01e3ff3c 74a11086 USER32!MsgWaitForMultipleObjects+0x1d
03 01e3ff80 7800c9eb asp!AspStatusHtmlDump+0x2f69
04 01e3ffb4 77e8b2d8 MSVCRT!beginthread+0xce
05 01e3ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 13
System Thread ID: 998
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** WARNING: Unable to verify checksum for
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for -
Thread Type: PDM (Debugger) Thread.
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 01ebfe2c 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 01ebfe88 77e1e9c8 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 01ebfea4 4a00886c USER32!MsgWaitForMultipleObjects+0x1d
03 01ebff7c 77ea9872 pdm+0x886c
04 01ebffb0 4a008a09 KERNEL32!ReleaseSemaphore+0x12
05 01ebffb4 77e8b2d8 pdm+0x8a09
06 01ebffc0 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 14
System Thread ID: 564
Kernel Time: 0:0:0.328
User Time: 0:0:1.515
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\MSVBVM60.DLL -
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\ecommerce\DLL\RIC\ebRICBT.dll -
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\system32\OLEAUT32.dll -
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for -
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 01efdbc4 77aa97a0 USER32!BlockInput+0x5f
01 01efdbec 77ab32d5 ole32!CoGetPSClsid+0xd96
02 01efdc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
03 01efdc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
04 01efdc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
05 01efdc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
06 01efdd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
07 01efdd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
08 01efdd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
09 01efdfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0a 01efdfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0b 01efdfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0c 01efe044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0d 01efe28c 77b0e45a ole32!CoInstall+0x46ec
0e 01efe2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 01efea20 77a6be58 ole32!CoInstall+0x5f33
10 01efea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
11 01efea78 66028e3b ole32!CoCreateInstance+0x35
12 01efeb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
13 01efed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
14 01efed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
15 01eff688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
16 01eff6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
17 01eff74c 75a4f45c vbscript!DllRegisterServer+0x7feb
18 01eff99c 01eff674 vbscript!DllRegisterServer+0xb1ab
19 083b0000 00720057 0x1eff674
1a 002e0065 00000000 0x720057




Thread ID: 15
System Thread ID: 990
Kernel Time: 0:0:0.203
User Time: 0:0:0.546
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 01f3db68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 01f3dbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 01f3dbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 01f3dc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 01f3dc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 01f3dc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 01f3dc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 01f3dd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 01f3dd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 01f3dd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 01f3dfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 01f3dfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 01f3dfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 01f3e044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 01f3e28c 77b0e45a ole32!CoInstall+0x46ec
0f 01f3e2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 01f3ea20 77a6be58 ole32!CoInstall+0x5f33
11 01f3ea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 01f3ea78 66028e3b ole32!CoCreateInstance+0x35
13 01f3eb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 01f3ed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 01f3ed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 01f3f688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 01f3f6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 01f3f74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 01f3f99c 01f3f674 vbscript!DllRegisterServer+0xb1ab
1a 04b40000 00000000 0x1f3f674




Thread ID: 16
System Thread ID: 9b4
Kernel Time: 0:0:2.593
User Time: 0:0:29.546
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 01f7db68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 01f7dbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 01f7dbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 01f7dc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 01f7dc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 01f7dc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 01f7dc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 01f7dd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 01f7dd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 01f7dd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 01f7dfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 01f7dfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 01f7dfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 01f7e044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 01f7e28c 77b0e45a ole32!CoInstall+0x46ec
0f 01f7e2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 01f7ea20 77a6be58 ole32!CoInstall+0x5f33
11 01f7ea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 01f7ea78 66028e3b ole32!CoCreateInstance+0x35
13 01f7eb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 01f7ed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 01f7ed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 01f7f688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 01f7f6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 01f7f74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 01f7f99c 01f7f674 vbscript!DllRegisterServer+0xb1ab
1a 04b80000 04b802a0 0x1f7f674
1b 04bc5828 00000001 0x4b802a0




Thread ID: 17
System Thread ID: 99c
Kernel Time: 0:0:0.718
User Time: 0:0:6.500
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 01fbdb68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 01fbdbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 01fbdbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 01fbdc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 01fbdc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 01fbdc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 01fbdc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 01fbdd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 01fbdd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 01fbdd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 01fbdfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 01fbdfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 01fbdfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 01fbe044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 01fbe28c 77b0e45a ole32!CoInstall+0x46ec
0f 01fbe2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 01fbea20 77a6be58 ole32!CoInstall+0x5f33
11 01fbea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 01fbea78 66028e3b ole32!CoCreateInstance+0x35
13 01fbeb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 01fbed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 01fbed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 01fbf688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 01fbf6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 01fbf74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 01fbf99c 01fbf674 vbscript!DllRegisterServer+0xb1ab
1a 058f0000 00690072 0x1fbf674
1b 0057002e 00000000 0x690072




Thread ID: 18
System Thread ID: 9a8
Kernel Time: 0:0:0.750
User Time: 0:0:3.890
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 01ffdb68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 01ffdbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 01ffdbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 01ffdc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 01ffdc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 01ffdc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 01ffdc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 01ffdd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 01ffdd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 01ffdd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 01ffdfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 01ffdfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 01ffdfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 01ffe044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 01ffe28c 77b0e45a ole32!CoInstall+0x46ec
0f 01ffe2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 01ffea20 77a6be58 ole32!CoInstall+0x5f33
11 01ffea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 01ffea78 66028e3b ole32!CoCreateInstance+0x35
13 01ffeb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 01ffed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 01ffed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 01fff688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 01fff6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 01fff74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 01fff99c 01fff674 vbscript!DllRegisterServer+0xb1ab
1a 059b0000 00200026 0x1fff674
1b 00200044 02029475 0x200026
1c 02029474 00000000 0x2029475




Thread ID: 19
System Thread ID: 9b0
Kernel Time: 0:0:6.531
User Time: 0:0:46.250
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0203db68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 0203dbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 0203dbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 0203dc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 0203dc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 0203dc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 0203dc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 0203dd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 0203dd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 0203dd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 0203dfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 0203dfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 0203dfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 0203e044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 0203e28c 77b0e45a ole32!CoInstall+0x46ec
0f 0203e2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 0203ea20 77a6be58 ole32!CoInstall+0x5f33
11 0203ea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 0203ea78 66028e3b ole32!CoCreateInstance+0x35
13 0203eb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 0203ed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 0203ed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 0203f688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 0203f6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 0203f74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 0203f99c 0203f674 vbscript!DllRegisterServer+0xb1ab
1a 05ad0000 00000000 0x203f674




Thread ID: 20
System Thread ID: 568
Kernel Time: 0:0:0.156
User Time: 0:0:1.437
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0207db68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 0207dbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 0207dbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 0207dc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 0207dc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 0207dc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 0207dc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 0207dd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 0207dd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 0207dd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 0207dfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 0207dfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 0207dfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 0207e044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 0207e28c 77b0e45a ole32!CoInstall+0x46ec
0f 0207e2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 0207ea20 77a6be58 ole32!CoInstall+0x5f33
11 0207ea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 0207ea78 66028e3b ole32!CoCreateInstance+0x35
13 0207eb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 0207ed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 0207ed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 0207f688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 0207f6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 0207f74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 0207f99c 0207f674 vbscript!DllRegisterServer+0xb1ab
1a 04c00000 ffffffff 0x207f674
1b ffffffff 00000000 0xffffffff




Thread ID: 21
System Thread ID: 9a4
Kernel Time: 0:0:0.562
User Time: 0:0:5.484
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 020bdb68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 020bdbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 020bdbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 020bdc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 020bdc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 020bdc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 020bdc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 020bdd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 020bdd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 020bdd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 020bdfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 020bdfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 020bdfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 020be044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 020be28c 77b0e45a ole32!CoInstall+0x46ec
0f 020be2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 020bea20 77a6be58 ole32!CoInstall+0x5f33
11 020bea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 020bea78 66028e3b ole32!CoCreateInstance+0x35
13 020beb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 020bed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 020bed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 020bf688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 020bf6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 020bf74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 020bf99c 020bf674 vbscript!DllRegisterServer+0xb1ab
1a 08250000 00000000 0x20bf674




Thread ID: 22
System Thread ID: 98c
Kernel Time: 0:0:0.265
User Time: 0:0:1.625
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 020fdb68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 020fdbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 020fdbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 020fdc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 020fdc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 020fdc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 020fdc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 020fdd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 020fdd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 020fdd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 020fdfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 020fdfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 020fdfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 020fe044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 020fe28c 77b0e45a ole32!CoInstall+0x46ec
0f 020fe2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 020fea20 77a6be58 ole32!CoInstall+0x5f33
11 020fea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 020fea78 66028e3b ole32!CoCreateInstance+0x35
13 020feb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 020fed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 020fed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 020ff688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 020ff6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 020ff74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 020ff99c 020ff674 vbscript!DllRegisterServer+0xb1ab
1a 08530000 73580e00 0x20ff674
1b 0073a00e 00000000 0x73580e00




Thread ID: 23
System Thread ID: 7ec
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0215ffb4 77e8b2d8 ntdll!NtDelayExecution+0xb
01 0215ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 24
System Thread ID: 9ac
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 021dffb4 77e8b2d8 ntdll!ZwRemoveIoCompletion+0xb
01 021dffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 25
System Thread ID: 7a4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 030cffb4 77e8b2d8 ntdll!ZwWaitForMultipleObjects+0xb
01 030cffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 26
System Thread ID: 380
Kernel Time: 0:0:0.265
User Time: 0:0:0.703
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0351ff80 77e8b32b ntdll!NtWaitForSingleObject+0xb
01 0351ffb4 77e8b2d8 KERNEL32!WaitForSingleObject+0xf
02 0351ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 27
System Thread ID: 468
Kernel Time: 0:0:0.609
User Time: 0:0:0.390
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0355ff78 77e8b32b ntdll!NtWaitForSingleObject+0xb
01 0355ffb4 77e8b2d8 KERNEL32!WaitForSingleObject+0xf
02 0355ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 28
System Thread ID: 960
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0359fd7c 77e8b32b ntdll!NtWaitForSingleObject+0xb
01 00000000 00000000 KERNEL32!WaitForSingleObject+0xf




Thread ID: 29
System Thread ID: 834
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Microsoft Site
Server\bin\collator.dll -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 04ffff2c 77ea9c13 ntdll!ZwWaitForMultipleObjects+0xb
01 04ffff88 5ae0a720 KERNEL32!WaitForMultipleObjects+0x17
02 04ffffb4 77e8b2d8 collator!NlMakeICommand+0xc488
03 04ffffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 30
System Thread ID: 924
Kernel Time: 0:0:1.984
User Time: 0:0:29.781
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0605db68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 0605dbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 0605dbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 0605dc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 0605dc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 0605dc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 0605dc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 0605dd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 0605dd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 0605dd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 0605dfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 0605dfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 0605dfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 0605e044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 0605e28c 77b0e45a ole32!CoInstall+0x46ec
0f 0605e2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 0605ea20 77a6be58 ole32!CoInstall+0x5f33
11 0605ea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 0605ea78 66028e3b ole32!CoCreateInstance+0x35
13 0605eb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 0605ed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 0605ed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 0605f688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 0605f6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 0605f74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 0605f99c 0605f674 vbscript!DllRegisterServer+0xb1ab
1a 04af0000 00000102 0x605f674




Thread ID: 31
System Thread ID: 7b0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0709ff7c 6d7088db ntdll!ZwRemoveIoCompletion+0xb
01 77de5761 922868ff ISATQ!AtqGetCapTraceInfo+0x7d0
02 6aec8b55 00000000 0x922868ff




Thread ID: 32
System Thread ID: 828
Kernel Time: 0:0:0.453
User Time: 0:0:2.62
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 07b5db68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 07b5dbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 07b5dbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 07b5dc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 07b5dc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 07b5dc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 07b5dc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 07b5dd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 07b5dd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 07b5dd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 07b5dfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 07b5dfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 07b5dfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 07b5e044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 07b5e28c 77b0e45a ole32!CoInstall+0x46ec
0f 07b5e2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 07b5ea20 77a6be58 ole32!CoInstall+0x5f33
11 07b5ea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 07b5ea78 66028e3b ole32!CoCreateInstance+0x35
13 07b5eb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 07b5ed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 07b5ed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 07b5f688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 07b5f6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 07b5f74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 07b5f99c 07b5f674 vbscript!DllRegisterServer+0xb1ab
1a 00400000 00000100 0x7b5f674




Thread ID: 33
System Thread ID: 91c
Kernel Time: 0:0:0.296
User Time: 0:0:1.796
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 089ddb68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 089ddbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 089ddbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 089ddc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 089ddc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 089ddc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 089ddc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 089ddd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 089ddd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 089ddd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 089ddfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 089ddfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 089ddfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 089de044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 089de28c 77b0e45a ole32!CoInstall+0x46ec
0f 089de2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 089dea20 77a6be58 ole32!CoInstall+0x5f33
11 089dea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 089dea78 66028e3b ole32!CoCreateInstance+0x35
13 089deb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 089ded04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 089ded2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 089df688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 089df6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 089df74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 089df99c 089df674 vbscript!DllRegisterServer+0xb1ab
1a 058d0000 00000022 0x89df674




Thread ID: 34
System Thread ID: 80c
Kernel Time: 0:0:5.125
User Time: 0:0:48.781
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 090fdb68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 090fdbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 090fdbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 090fdc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 090fdc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 090fdc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 090fdc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 090fdd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 090fdd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 090fdd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 090fdfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 090fdfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 090fdfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 090fe044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 090fe28c 77b0e45a ole32!CoInstall+0x46ec
0f 090fe2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 090fea20 77a6be58 ole32!CoInstall+0x5f33
11 090fea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 090fea78 66028e3b ole32!CoCreateInstance+0x35
13 090feb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 090fed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 090fed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 090ff688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 090ff6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 090ff74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 090ff99c 090ff674 vbscript!DllRegisterServer+0xb1ab
1a 02240000 94bc9c9f 0x90ff674
1b b6869297 00000000 0x94bc9c9f




Thread ID: 35
System Thread ID: 940
Kernel Time: 0:0:1.62
User Time: 0:0:9.468
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0921db68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 0921dbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 0921dbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 0921dc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 0921dc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 0921dc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 0921dc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 0921dd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 0921dd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 0921dd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 0921dfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 0921dfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 0921dfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 0921e044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 0921e28c 77b0e45a ole32!CoInstall+0x46ec
0f 0921e2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 0921ea20 77a6be58 ole32!CoInstall+0x5f33
11 0921ea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 0921ea78 66028e3b ole32!CoCreateInstance+0x35
13 0921eb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 0921ed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 0921ed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 0921f688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 0921f6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 0921f74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 0921f99c 0921f674 vbscript!DllRegisterServer+0xb1ab
1a 05900000 00000000 0x921f674




Thread ID: 36
System Thread ID: 7a0
Kernel Time: 0:0:4.46
User Time: 0:0:49.140
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0986e29c 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 0986e2f8 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 0986e320 77ab32d5 ole32!CoGetPSClsid+0xd96
03 0986e348 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 0986e368 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 0986e380 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 0986e3c0 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 0986e438 77ab6a37 ole32!CoGetPSClsid+0xc01
08 0986e490 77d90328 ole32!UpdateDCOMSettings+0xacec
09 0986e4ac 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 0986e6f4 779b2465 RPCRT4!NdrClientCall2+0x4f5
0b 0986eabc 00000000 OLEAUT32!Ordinal400+0x2465




Thread ID: 37
System Thread ID: 800
Kernel Time: 0:0:1.31
User Time: 0:0:1.687
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 09c6ff74 77d56d9e ntdll!ZwReplyWaitReceivePortEx+0xb
01 09c6ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 09c6ffb4 77e8b2d8 RPCRT4!
I_RpcServerInqTransportType+0x1a0
03 09c6ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 38
System Thread ID: 968
Kernel Time: 0:0:2.937
User Time: 0:0:6.765
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 09cedb68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 09cedbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 09cedbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 09cedc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 09cedc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 09cedc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 09cedc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 09cedd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 09cedd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 09cedd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 09cedfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 09cedfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 09cedfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 09cee044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 09cee28c 77b0e45a ole32!CoInstall+0x46ec
0f 09cee2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 09ceea20 77a6be58 ole32!CoInstall+0x5f33
11 09ceea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 09ceea78 66028e3b ole32!CoCreateInstance+0x35
13 09ceeb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 09ceed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 09ceed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 09cef688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 09cef6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 09cef74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 09cef99c 09cef674 vbscript!DllRegisterServer+0xb1ab
1a 04bb0000 00080102 0x9cef674
1b 0005004d 00000000 0x80102




Thread ID: 39
System Thread ID: 738
Kernel Time: 0:0:0.875
User Time: 0:0:10.453
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 09d9db68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 09d9dbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 09d9dbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 09d9dc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 09d9dc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 09d9dc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 09d9dc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 09d9dd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 09d9dd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 09d9dd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 09d9dfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 09d9dfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 09d9dfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 09d9e044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 09d9e28c 77b0e45a ole32!CoInstall+0x46ec
0f 09d9e2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 09d9ea20 77a6be58 ole32!CoInstall+0x5f33
11 09d9ea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 09d9ea78 66028e3b ole32!CoCreateInstance+0x35
13 09d9eb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 09d9ed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 09d9ed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 09d9f688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 09d9f6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 09d9f74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 09d9f99c 09d9f674 vbscript!DllRegisterServer+0xb1ab
1a 08340000 0276046e 0x9d9f674
1b 000000ee 00000000 0x276046e




Thread ID: 40
System Thread ID: 948
Kernel Time: 0:0:3.609
User Time: 0:0:43.937
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 09e2db68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 09e2dbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 09e2dbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 09e2dc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 09e2dc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 09e2dc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 09e2dc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 09e2dd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 09e2dd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 09e2dd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 09e2dfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 09e2dfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 09e2dfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 09e2e044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 09e2e28c 77b0e45a ole32!CoInstall+0x46ec
0f 09e2e2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 09e2ea20 77a6be58 ole32!CoInstall+0x5f33
11 09e2ea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 09e2ea78 66028e3b ole32!CoCreateInstance+0x35
13 09e2eb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 09e2ed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 09e2ed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 09e2f688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 09e2f6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 09e2f74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 09e2f99c 09e2f674 vbscript!DllRegisterServer+0xb1ab
1a 08210000 000a000d 0x9e2f674
1b 006e0065 00000000 0xa000d




Thread ID: 41
System Thread ID: 868
Kernel Time: 0:0:3.968
User Time: 0:0:49.515
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 09eadb68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 09eadbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 09eadbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 09eadc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 09eadc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 09eadc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 09eadc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 09eadd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 09eadd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 09eadd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 09eadfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 09eadfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 09eadfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 09eae044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 09eae28c 77b0e45a ole32!CoInstall+0x46ec
0f 09eae2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 09eaea20 77a6be58 ole32!CoInstall+0x5f33
11 09eaea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 09eaea78 66028e3b ole32!CoCreateInstance+0x35
13 09eaeb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 09eaed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 09eaed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 09eaf688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 09eaf6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 09eaf74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 09eaf99c 09eaf674 vbscript!DllRegisterServer+0xb1ab
1a 04c10000 00000000 0x9eaf674




Thread ID: 42
System Thread ID: 6dc
Kernel Time: 0:0:5.281
User Time: 0:0:50.875
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 09eedb68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 09eedbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 09eedbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 09eedc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 09eedc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 09eedc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 09eedc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 09eedd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 09eedd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 09eedd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 09eedfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 09eedfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 09eedfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 09eee044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 09eee28c 77b0e45a ole32!CoInstall+0x46ec
0f 09eee2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 09eeea20 77a6be58 ole32!CoInstall+0x5f33
11 09eeea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 09eeea78 66028e3b ole32!CoCreateInstance+0x35
13 09eeeb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 09eeed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 09eeed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 09eef688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 09eef6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 09eef74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 09eef99c 09eef674 vbscript!DllRegisterServer+0xb1ab
1a 04c00000 ffffffff 0x9eef674
1b ffffffff 00000000 0xffffffff




Thread ID: 43
System Thread ID: 730
Kernel Time: 0:0:3.234
User Time: 0:0:29.421
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0a11e29c 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 0a11e2f8 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 0a11e320 77ab32d5 ole32!CoGetPSClsid+0xd96
03 0a11e348 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 0a11e368 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 0a11e380 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 0a11e3c0 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 0a11e438 77ab6a37 ole32!CoGetPSClsid+0xc01
08 0a11e490 77d90328 ole32!UpdateDCOMSettings+0xacec
09 0a11e4ac 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 0a11e6f4 779b2465 RPCRT4!NdrClientCall2+0x4f5
0b 0a11eabc 00000000 OLEAUT32!Ordinal400+0x2465




Thread ID: 44
System Thread ID: 654
Kernel Time: 0:0:3.515
User Time: 0:0:36.625
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0a1bdb68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 0a1bdbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 0a1bdbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 0a1bdc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 0a1bdc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 0a1bdc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 0a1bdc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 0a1bdd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 0a1bdd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 0a1bdd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 0a1bdfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 0a1bdfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 0a1bdfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 0a1be044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 0a1be28c 77b0e45a ole32!CoInstall+0x46ec
0f 0a1be2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 0a1bea20 77a6be58 ole32!CoInstall+0x5f33
11 0a1bea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 0a1bea78 66028e3b ole32!CoCreateInstance+0x35
13 0a1beb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 0a1bed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 0a1bed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 0a1bf688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 0a1bf6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 0a1bf74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 0a1bf99c 0a1bf674 vbscript!DllRegisterServer+0xb1ab
1a 04bd0000 00000000 0xa1bf674




Thread ID: 45
System Thread ID: 884
Kernel Time: 0:0:3.765
User Time: 0:0:44.328
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0b59e29c 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 0b59e2f8 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 0b59e320 77ab32d5 ole32!CoGetPSClsid+0xd96
03 0b59e348 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 0b59e368 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 0b59e380 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 0b59e3c0 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 0b59e438 77ab6a37 ole32!CoGetPSClsid+0xc01
08 0b59e490 77d90328 ole32!UpdateDCOMSettings+0xacec
09 0b59e4ac 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 0b59e6f4 779b2465 RPCRT4!NdrClientCall2+0x4f5
0b 0b59eabc 00000000 OLEAUT32!Ordinal400+0x2465




Thread ID: 46
System Thread ID: 190
Kernel Time: 0:0:2.62
User Time: 0:0:21.500
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0b65e29c 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 0b65e2f8 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 0b65e320 77ab32d5 ole32!CoGetPSClsid+0xd96
03 0b65e348 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 0b65e368 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 0b65e380 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 0b65e3c0 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 0b65e438 77ab6a37 ole32!CoGetPSClsid+0xc01
08 0b65e490 77d90328 ole32!UpdateDCOMSettings+0xacec
09 0b65e4ac 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 0b65e6f4 779b2465 RPCRT4!NdrClientCall2+0x4f5
0b 0b65eabc 00000000 OLEAUT32!Ordinal400+0x2465




Thread ID: 47
System Thread ID: 92c
Kernel Time: 0:0:4.250
User Time: 0:0:47.968
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0cfbdb68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 0cfbdbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 0cfbdbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 0cfbdc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 0cfbdc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 0cfbdc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 0cfbdc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 0cfbdd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 0cfbdd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 0cfbdd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 0cfbdfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 0cfbdfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 0cfbdfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 0cfbe044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 0cfbe28c 77b0e45a ole32!CoInstall+0x46ec
0f 0cfbe2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 0cfbea20 77a6be58 ole32!CoInstall+0x5f33
11 0cfbea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 0cfbea78 66028e3b ole32!CoCreateInstance+0x35
13 0cfbeb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 0cfbed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 0cfbed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 0cfbf688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 0cfbf6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 0cfbf74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 0cfbf99c 0cfbf674 vbscript!DllRegisterServer+0xb1ab
1a 152b0000 00000105 0xcfbf674




Thread ID: 48
System Thread ID: 9d0
Kernel Time: 0:0:4.625
User Time: 0:0:48.578
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 0d07db68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 0d07dbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 0d07dbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 0d07dc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 0d07dc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 0d07dc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 0d07dc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 0d07dd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 0d07dd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 0d07dd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 0d07dfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 0d07dfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 0d07dfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 0d07e044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 0d07e28c 77b0e45a ole32!CoInstall+0x46ec
0f 0d07e2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 0d07ea20 77a6be58 ole32!CoInstall+0x5f33
11 0d07ea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 0d07ea78 66028e3b ole32!CoCreateInstance+0x35
13 0d07eb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 0d07ed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 0d07ed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 0d07f688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 0d07f6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 0d07f74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 0d07f99c 0d07f674 vbscript!DllRegisterServer+0xb1ab
1a 04c80000 000033cd 0xd07f674




Thread ID: 49
System Thread ID: 9fc
Kernel Time: 0:0:3.31
User Time: 0:0:43.375
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 04dedbc4 77aa97a0 USER32!DrawFocusRect+0x2b
01 04dedbec 77ab32d5 ole32!CoGetPSClsid+0xd96
02 04dedc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
03 04dedc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
04 04dedc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
05 04dedc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
06 04dedd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
07 04dedd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
08 04dedd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
09 04dedfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0a 04dedfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0b 04dedfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0c 04dee044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0d 04dee28c 77b0e45a ole32!CoInstall+0x46ec
0e 04dee2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
0f 04deea20 77a6be58 ole32!CoInstall+0x5f33
10 04deea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
11 04deea78 66028e3b ole32!CoCreateInstance+0x35
12 04deeb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
13 04deed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
14 04deed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
15 04def688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
16 04def6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
17 04def74c 75a4f45c vbscript!DllRegisterServer+0x7feb
18 04def99c 04def674 vbscript!DllRegisterServer+0xb1ab
19 08340000 0276046e 0x4def674
1a 000000ee 00000000 0x276046e




Thread ID: 50
System Thread ID: b54
Kernel Time: 0:0:1.484
User Time: 0:0:18.687
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM
check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available.
Following frames may be wrong.
00 099fdb68 77e1e97b ntdll!ZwWaitForMultipleObjects+0xb
01 099fdbc4 77aa97a0 USER32!
MsgWaitForMultipleObjectsEx+0x153
02 099fdbec 77ab32d5 ole32!CoGetPSClsid+0xd96
03 099fdc14 77b23ad5 ole32!UpdateDCOMSettings+0x758a
04 099fdc34 77b239f7 ole32!DllDebugObjectRPCHook+0xd3
05 099fdc4c 77b20aa5 ole32!
WdtpInterfacePointer_UserSize+0x1b54
06 099fdc8c 77aa960b ole32!
StgGetIFillLockBytesOnFile+0x19f30
07 099fdd04 77ab6ac3 ole32!CoGetPSClsid+0xc01
08 099fdd5c 77d90328 ole32!UpdateDCOMSettings+0xad78
09 099fdd78 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
0a 099fdfc0 77d95f85 RPCRT4!NdrClientCall2+0x4f5
0b 099fdfdc 77d77fcb RPCRT4!NdrStubCall2+0xb03
0c 099fdfec 77aaba89 RPCRT4!NdrServerMarshall+0x1311
0d 099fe044 77abee6c ole32!CoWaitForMultipleHandles+0x1265
0e 099fe28c 77b0e45a ole32!CoInstall+0x46ec
0f 099fe2a8 77ac06b3 ole32!
StgGetIFillLockBytesOnFile+0x78e5
10 099fea20 77a6be58 ole32!CoInstall+0x5f33
11 099fea48 77a6be23 ole32!CoCreateInstanceEx+0x2b
12 099fea78 66028e3b ole32!CoCreateInstance+0x35
13 099feb18 05fac567 MSVBVM60!rtcCreateObject2+0x62
14 099fed04 779d7b9d ebRICBT!DllCanUnloadNow+0x1829
15 099fed2c 6602a1ce OLEAUT32!DispCallFunc+0x15d
16 099ff688 66029fc7 MSVBVM60!BASIC_CLASS_Invoke+0x259
17 099ff6e4 75a4c29c MSVBVM60!BASIC_CLASS_Invoke+0x52
18 099ff74c 75a4f45c vbscript!DllRegisterServer+0x7feb
19 099ff99c 099ff674 vbscript!DllRegisterServer+0xb1ab
1a 04c70000 6e6f6974 0x99ff674
1b 63656c65 00000000 0x6e6f6974




Thread ID: 51
System Thread ID: a48
Kernel Time: 0:0:1.875
User Time: 0:0:16.843
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Una...(message truncated)

 >> Stay informed about: iisstate analysis please 
Back to top
Login to vote
patfilot

External


Since: Aug 24, 2003
Posts: 1478



(Msg. 2) Posted: Tue Feb 10, 2004 11:28 am
Post subject: Re: iisstate analysis please [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
ebRICBT.dll is trying to create an object in another apartment/process, but
I can't tell where or what because the symbols were not downloaded, but that
may give you a place to start.

Suggestions:
1) Allow the machine that you are using to run IISState access to the
internet while IISState is running. This will allow the symbols to be
downloaded from microsoft.com. This will allow IISState to grab better
information and make analysis easier.

2) If possible, get the symbols for ebRICBT.dll and place them in the
directory w/the dll. IISState will detect them and can tell us what
class/function is trying to create the object and that may give us a clue as
well.


Pat

 >> Stay informed about: iisstate analysis please 
Back to top
Login to vote
anonymous77

External


Since: Oct 14, 2003
Posts: 468



(Msg. 3) Posted: Tue Feb 10, 2004 11:45 am
Post subject: Re: iisstate analysis please [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Thanks Pat. Can you let me know where you see this
happening in the log file? Next time I will open the
server to the net before running.

 >-----Original Message-----
 >ebRICBT.dll is trying to create an object in another
apartment/process, but
 >I can't tell where or what because the symbols were not
downloaded, but that
 >may give you a place to start.
 >
 >Suggestions:
 >1) Allow the machine that you are using to run IISState
access to the
 >internet while IISState is running. This will allow the
symbols to be
 >downloaded from microsoft.com. This will allow IISState
to grab better
 >information and make analysis easier.
 >
 >2) If possible, get the symbols for ebRICBT.dll and
place them in the
 >directory w/the dll. IISState will detect them and can
tell us what
 >class/function is trying to create the object and that
may give us a clue as
 >well.
 >
 >
 >Pat
 >
 >
 >.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: iisstate analysis please 
Back to top
Login to vote
scotsouza

External


Since: Feb 10, 2004
Posts: 2



(Msg. 4) Posted: Tue Feb 10, 2004 2:47 pm
Post subject: Re: iisstate analysis please [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
After looking at the entire output file how were you able to determine it
was the ebRICBT.dll??

Scott



"Pat [MSFT]" <patfilot.DeleteThis@online.microsoft.com> wrote in message
news:OoUs8L$7DHA.1948@TK2MSFTNGP12.phx.gbl...
 > ebRICBT.dll is trying to create an object in another apartment/process,
but
 > I can't tell where or what because the symbols were not downloaded, but
that
 > may give you a place to start.
 >
 > Suggestions:
 > 1) Allow the machine that you are using to run IISState access to the
 > internet while IISState is running. This will allow the symbols to be
 > downloaded from microsoft.com. This will allow IISState to grab better
 > information and make analysis easier.
 >
 > 2) If possible, get the symbols for ebRICBT.dll and place them in the
 > directory w/the dll. IISState will detect them and can tell us what
 > class/function is trying to create the object and that may give us a clue
as
 > well.
 >
 >
 > Pat
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: iisstate analysis please 
Back to top
Login to vote
scotsouza

External


Since: Feb 10, 2004
Posts: 2



(Msg. 5) Posted: Tue Feb 10, 2004 3:09 pm
Post subject: Re: iisstate analysis please [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Perhaps he just searched for DllCanUnloadNow and saw all the references to
ebRICBT???????


"Scott Souza" <scotsouza.DeleteThis@hotmail.com> wrote in message
news:u$5klW$7DHA.1428@TK2MSFTNGP12.phx.gbl...
 > After looking at the entire output file how were you able to determine it
 > was the ebRICBT.dll??
 >
 > Scott
 >
 >
 >
 > "Pat [MSFT]" <patfilot.DeleteThis@online.microsoft.com> wrote in message
 > news:OoUs8L$7DHA.1948@TK2MSFTNGP12.phx.gbl...
  > > ebRICBT.dll is trying to create an object in another apartment/process,
 > but
  > > I can't tell where or what because the symbols were not downloaded, but
 > that
  > > may give you a place to start.
  > >
  > > Suggestions:
  > > 1) Allow the machine that you are using to run IISState access to the
  > > internet while IISState is running. This will allow the symbols to be
  > > downloaded from microsoft.com. This will allow IISState to grab better
  > > information and make analysis easier.
  > >
  > > 2) If possible, get the symbols for ebRICBT.dll and place them in the
  > > directory w/the dll. IISState will detect them and can tell us what
  > > class/function is trying to create the object and that may give us a
clue
 > as
  > > well.
  > >
  > >
  > > Pat
  > >
  > >
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: iisstate analysis please 
Back to top
Login to vote
someone9

External


Since: Aug 25, 2003
Posts: 2419



(Msg. 6) Posted: Wed Feb 11, 2004 1:10 am
Post subject: Re: iisstate analysis please [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
One word: Experience.

You definitely need to get good symbols -- getting a stack trace is useless
without valid symbols. For example, that's why you keep seeing
"ebRICBT!DllCanUnloadNow+0x1829" -- without symbols, the best thing we can
figure out is that it's a function that is 0x1829 bytes offset from the
DllCanUnloadNow function, which is pretty useless. The same goes for all
the other DLLs that are a part of Windows.

--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Scott Souza" <scotsouza.RemoveThis@hotmail.com> wrote in message
news:u7THYi$7DHA.2472@TK2MSFTNGP10.phx.gbl...
Perhaps he just searched for DllCanUnloadNow and saw all the references to
ebRICBT???????


"Scott Souza" <scotsouza.RemoveThis@hotmail.com> wrote in message
news:u$5klW$7DHA.1428@TK2MSFTNGP12.phx.gbl...
 > After looking at the entire output file how were you able to determine it
 > was the ebRICBT.dll??
 >
 > Scott
 >
 >
 >
 > "Pat [MSFT]" <patfilot.RemoveThis@online.microsoft.com> wrote in message
 > news:OoUs8L$7DHA.1948@TK2MSFTNGP12.phx.gbl...
  > > ebRICBT.dll is trying to create an object in another apartment/process,
 > but
  > > I can't tell where or what because the symbols were not downloaded, but
 > that
  > > may give you a place to start.
  > >
  > > Suggestions:
  > > 1) Allow the machine that you are using to run IISState access to the
  > > internet while IISState is running. This will allow the symbols to be
  > > downloaded from microsoft.com. This will allow IISState to grab better
  > > information and make analysis easier.
  > >
  > > 2) If possible, get the symbols for ebRICBT.dll and place them in the
  > > directory w/the dll. IISState will detect them and can tell us what
  > > class/function is trying to create the object and that may give us a
clue
 > as
  > > well.
  > >
  > >
  > > Pat
  > >
  > >
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: iisstate analysis please 
Back to top
Login to vote
patfilot

External


Since: Aug 24, 2003
Posts: 1478



(Msg. 7) Posted: Wed Feb 11, 2004 1:59 am
Post subject: Re: iisstate analysis please [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Acutally, when you lack symbols, because most COM objects will export only 4
functions, one of which is DllCanUnloadNow(), which is why you see it often.
But that's not why I selected it.

The reason was that when you see a lot of threads w/OLE32 (owns most of the
COM control interfaces) calling RPCRT4 (helps with marshalling) from an ASP
page (evidenced by VBScript also being on the stack) you have a strong
indication that cross apartment (or process) marshalling is going on. I
don't know that the VB object in question (it is VB b/c the call directly
above it is MSVBVM60) is a problem in and of itself, I just think that it is
related to the problem b/c it is inducing the marshalling.

So basically, the problem in this log is that a bunch of ASP pages called a
COM object which then, for reasons unknown, is trying to marshal a call to a
destination unknown.

Pat

"Scott Souza" <scotsouza.DeleteThis@hotmail.com> wrote in message
news:u7THYi$7DHA.2472@TK2MSFTNGP10.phx.gbl...
 > Perhaps he just searched for DllCanUnloadNow and saw all the references to
 > ebRICBT???????
 >
 >
 > "Scott Souza" <scotsouza.DeleteThis@hotmail.com> wrote in message
 > news:u$5klW$7DHA.1428@TK2MSFTNGP12.phx.gbl...
  > > After looking at the entire output file how were you able to determine
it
  > > was the ebRICBT.dll??
  > >
  > > Scott
  > >
  > >
  > >
  > > "Pat [MSFT]" <patfilot.DeleteThis@online.microsoft.com> wrote in message
  > > news:OoUs8L$7DHA.1948@TK2MSFTNGP12.phx.gbl...
   > > > ebRICBT.dll is trying to create an object in another
apartment/process,
  > > but
   > > > I can't tell where or what because the symbols were not downloaded,
but
  > > that
   > > > may give you a place to start.
   > > >
   > > > Suggestions:
   > > > 1) Allow the machine that you are using to run IISState access to the
   > > > internet while IISState is running. This will allow the symbols to be
   > > > downloaded from microsoft.com. This will allow IISState to grab
better
   > > > information and make analysis easier.
   > > >
   > > > 2) If possible, get the symbols for ebRICBT.dll and place them in the
   > > > directory w/the dll. IISState will detect them and can tell us what
   > > > class/function is trying to create the object and that may give us a
 > clue
  > > as
   > > > well.
   > > >
   > > >
   > > > Pat
   > > >
   > > >
  > >
  > >
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: iisstate analysis please 
Back to top
Login to vote
Display posts from previous:   
   Web Hosting Problem Solving Community! (Home) -> IIS All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]