Welcome to HostingForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Interpreting IISState log files from w3svc and iisadmin se..

  
   Web Hosting Problem Solving Community! (Home) -> IIS RSS
Next:  Virtual Directories Error  
Author Message
anonymous955

External


Since: Jan 16, 2004
Posts: 4



(Msg. 1) Posted: Fri Jan 16, 2004 4:16 pm
Post subject: Interpreting IISState log files from w3svc and iisadmin services stopping unexpe
Archived from groups: microsoft>public>inetserver>iis (more info?)
I have been experiencing problems on Windows 2000 Server with IIS 5.0 loaded. This box is running Proxy Server 2.0 and OWA for Exchange 5.5. The IISadmin and World Wide Web Publishing Service stops without warning and it does this frequently. The most annoying part of this is that this frequently shuts down our Internet access (for Proxy 2.0) and it also stops OWA from working. After reading some of the threads on this website, I decided to use the IISState.exe to diagnose my errors. I need some help interpreting them. If any of you can offer assistance in this area of diagnosis, I would appreciate it.

This is the first IISState log where the inetinfo.exe was using PID 4012. The second IISState log the PID was 1972.

Opened log file 'D:\iisstate\output\IISState-4012.log'

***********************
Starting new log output
IISState version 3.3.1

Thu Jan 15 22:26:07 2004

OS = Windows 2000
Executable: inetinfo.exe
PID = 4012

Note: Thread times are formatted as HH:MM:SS.ms

***********************


IIS has crashed...
Beginning Analysis
DLL (!FunctionName) that failed: ntdll!RtlDestroyHeap




Thread ID: 41
System Thread ID: 11a0
Kernel Time: 0:0:0.31
User Time: 0:0:0.93
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\EXCHMEM.dll -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0903d9ec 77fccdfb ntdll!RtlDestroyHeap+0x241
01 0903da20 77fcba0f ntdll!RtlFreeHeap+0x628
02 0903dbc8 6fff1921 ntdll!RtlSizeHeap+0x109
03 00000000 00000000 EXCHMEM!MpHeapAlloc+0x101
Closing open log file D:\iisstate\output\IISState-4012.log
Opened log file 'D:\iisstate\output\IISState-4012.log'

***********************
Starting new log output
IISState version 3.3.1

Thu Jan 15 22:26:09 2004

OS = Windows 2000
Executable: inetinfo.exe
PID = 4012

Note: Thread times are formatted as HH:MM:SS.ms

***********************




Thread ID: 0
System Thread ID: 11f0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ADVAPI32.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINNT\System32\inetsrv\inetinfo.exe
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0006f910 7c2e0135 ntdll!ZwReadFile+0xb
01 0006f93c 7c2dffbb ADVAPI32!StartServiceCtrlDispatcherW+0x509
02 0006f9b8 7c2e1995 ADVAPI32!StartServiceCtrlDispatcherW+0x38f
03 0006fbf4 01002884 ADVAPI32!StartServiceCtrlDispatcherA+0x72
04 0006fd30 01001e94 inetinfo+0x2884
05 77e179ec 2474ff50 inetinfo+0x1e94
06 0c24448d 00000000 0x2474ff50




Thread ID: 1
System Thread ID: 12ec
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\KERNEL32.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0059fd44 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 00000001 00000000 KERNEL32!WaitForSingleObject+0xf




Thread ID: 2
System Thread ID: 7b4
Kernel Time: 0:0:0.234
User Time: 0:0:0.171
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\IisRTL.DLL -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 006dfeac 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 006dff08 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 006dff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
03 00233978 000003e9 IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4




Thread ID: 3
System Thread ID: a78
Kernel Time: 0:0:0.281
User Time: 0:0:0.140
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0071feac 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 0071ff08 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
03 00233a28 000003ea IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4




Thread ID: 4
System Thread ID: a78
Kernel Time: 0:0:0.281
User Time: 0:0:0.140
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0071feac 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 0071ff08 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
03 00233a28 000003ea IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4




Thread ID: 5
System Thread ID: 810
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0a91ff6c 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 0a91ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 6
System Thread ID: be4
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\inetsrv\INFOCOMM.DLL -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 00e0fc6c 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 00e0fcc8 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 00e0fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
03 00c0a40c 00000000 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209




Thread ID: 7
System Thread ID: 12d4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\inetsrv\ISATQ.DLL -
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0148ff88 6d7029ef ntdll!NtRemoveIoCompletion+0xb
01 0148ffb4 7c4e987c ISATQ!CDirMonitor::RemoveEntry+0x183
02 0148ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 8
System Thread ID: be0
Kernel Time: 0:0:0.203
User Time: 0:0:0.140
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 014cff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff




Thread ID: 9
System Thread ID: 2f8
Kernel Time: 0:0:0.171
User Time: 0:0:0.203
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0150ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff




Thread ID: 10
System Thread ID: 1124
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\RPCRT4.DLL -
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\inetsrv\asp.dll -
ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ole32.dll -
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 017cfee4 77d809da ntdll!NtRemoveIoCompletion+0xb
01 017cff20 77d50ede RPCRT4!I_RpcTransGetAddressList+0x304c
02 017cff74 77d50d17 RPCRT4!TowerConstruct+0x4abd
03 017cffa8 77d41c6c RPCRT4!TowerConstruct+0x48f6
04 017cffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
05 017cffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 11
System Thread ID: 116c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0188ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
01 0188ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 0188ffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
03 0188ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 12
System Thread ID: a10
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 018cfd70 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 018cffb4 7c4e987c KERNEL32!WaitForMultipleObjects+0x17
02 018cffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 13
System Thread ID: 12a0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0191ff84 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 77f89103 8b000000 KERNEL32!WaitForSingleObject+0xf
02 180d8b64 00000000 0x8b000000




Thread ID: 14
System Thread ID: 13a4
Kernel Time: 0:0

 >> Stay informed about: Interpreting IISState log files from w3svc and iisadmin se.. 
Back to top
Login to vote
anonymous955

External


Since: Jan 16, 2004
Posts: 4



(Msg. 2) Posted: Fri Jan 16, 2004 4:31 pm
Post subject: RE: Interpreting IISState log files from w3svc and iisadmin services stopping un [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Here is some more of that log file:

Thread ID: 14
System Thread ID: 13a4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\inetsrv\w3svc.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\MSVCRT.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0198fec0 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 0198ff1c 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 0198ff38 65f09ccb USER32!MsgWaitForMultipleObjects+0x1d
03 0198ff7c 78008454 w3svc!HTTP_HEADER_MAPPER::Initialize+0x431
04 0198ffb4 7c4e987c MSVCRT!endthread+0xc1
05 0198ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 15
System Thread ID: 10b8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 019cfef8 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 019cff54 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 019cff70 65f09d47 USER32!MsgWaitForMultipleObjects+0x1d
03 019cffb4 7c4e987c w3svc!HTTP_HEADER_MAPPER::Initialize+0x4ad
04 019cffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 16
System Thread ID: 9d8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\msafd.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\WS2_32.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\inetsloc.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 01a4fd1c 74fd3c59 ntdll!NtWaitForSingleObject+0xb
01 01a4fe08 750312f5 msafd!WSPSetSockOpt+0xdaa
02 01a4fe6c 6e2b3b6e WS2_32!select+0xcb
03 01a4ffb4 7c4e987c inetsloc!TerminateSvcLocator+0xbe8
04 01a4ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 17
System Thread ID: 12c0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\wspwsp.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 01a8fe18 74fd3c59 ntdll!NtWaitForSingleObject+0xb
01 01a8ff04 5560f5fd msafd!WSPSetSockOpt+0xdaa
02 01a8ff24 750312f5 wspwsp!NSPStartup+0xa18
03 01a8ff88 6d7075bd WS2_32!select+0xcb
04 00c2ad64 00000458 ISATQ!SetIISCapTraceFlag+0x1ce5




Thread ID: 18
System Thread ID: 26c
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 01bdfaa4 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 01bdffb4 7c4e987c KERNEL32!WaitForMultipleObjects+0x17
02 01bdffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 19
System Thread ID: 1178
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for c:\inetpub\scripts\proxy\w3proxy.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07d3fe44 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 07d3ffb0 53b84602 KERNEL32!WaitForMultipleObjects+0x17
02 07d3ffec 00000000 w3proxy+0x4602




Thread ID: 20
System Thread ID: 2a8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07d7ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
01 07d7ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 07d7ffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
03 07d7ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 21
System Thread ID: bbc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07dcff90 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 07dcffec 00000000 KERNEL32!WaitForSingleObject+0xf




Thread ID: 22
System Thread ID: 1390
Kernel Time: 0:0:0.93
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07e0ff7c 53b9fdee ntdll!NtRemoveIoCompletion+0xb
01 07e0ffb4 7c4e987c w3proxy!RemoveWorkItem+0x1726
02 07e0ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 23
System Thread ID: 1270
Kernel Time: 0:0:0.31
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07e4ff7c 53b9fdee ntdll!NtRemoveIoCompletion+0xb
01 07e4ffb4 7c4e987c w3proxy!RemoveWorkItem+0x1726
02 07e4ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 24
System Thread ID: 1060
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07e8ff78 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 07e8ffb4 7c4e987c KERNEL32!WaitForSingleObject+0xf
02 07e8ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 25
System Thread ID: 10dc
Kernel Time: 0:0:0.31
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07ecff78 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 07ecffb4 7c4e987c KERNEL32!WaitForSingleObject+0xf
02 07ecffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 26
System Thread ID: 94c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07f0ff6c 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 07f0ffb4 7c4e987c KERNEL32!WaitForSingleObject+0xf
02 07f0ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 27
System Thread ID: 94c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07f0ff6c 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 07f0ffb4 7c4e987c KERNEL32!WaitForSingleObject+0xf
02 07f0ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 28
System Thread ID: c2c
Kernel Time: 0:0:0.62
User Time: 0:0:0.109
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07f8ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff




Thread ID: 29
System Thread ID: 103c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 080cff58 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 080cffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 30
System Thread ID: 1370
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\COMSVCS.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\TxfAux.Dll -
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0810fb94 77d3a2c7 ntdll!ZwRequestWaitReplyPort+0xb
01 0810fba0 77b23b2c RPCRT4!I_RpcSendReceive+0x2c
02 0810fbc0 77b239f7 ole32!DllDebugObjectRPCHook+0x12a
03 0810fbd8 77b20aa5 ole32!WdtpInterfacePointer_UserSize+0x1b54
04 0810fc18 77b23870 ole32!StgGetIFillLockBytesOnFile+0x19f30
05 0810fc88 77ab6ac3 ole32!WdtpInterfacePointer_UserSize+0x19cd
06 0810fce0 77d90328 ole32!UpdateDCOMSettings+0xad78
07 0810fcfc 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
08 0810ff44 77d95f85 RPCRT4!NdrClientCall2+0x4f5
09 0810ff60 77d77fcb RPCRT4!NdrStubCall2+0xb03
0a 0810ff70 787f372e RPCRT4!NdrServerMarshall+0x1311
0b 78868f0c ffffffff COMSVCS!RegisterComEvents+0x6768
0c 00124df8 78868f0c 0xffffffff
0d 00000000 00000000 COMSVCS!RegisterComEvents+0x7bf46




Thread ID: 31
System Thread ID: 1380
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0818ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
01 0818ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 0818ffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
03 0818ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 32
System Thread ID: 1310
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 082cffb4 7c4e987c ntdll!NtRemoveIoCompletion+0xb
01 082cffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 33
System Thread ID: 1224
Kernel Time: 0:0:0.31
User Time: 0:0:0.46
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0830ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff




Thread ID: 34
System Thread ID: cb0
Kernel Time: 0:0:0.140
User Time: 0:0:0.125
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0834ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff




Thread ID: 35
System Thread ID: 12dc
Kernel Time: 0:0:0.31
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0838ff7c 53b9fdee ntdll!NtRemoveIoCompletion+0xb
01 0838ffb4 7c4e987c w3proxy!RemoveWorkItem+0x1726
02 0838ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 36
System Thread ID: 1114
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08effec0 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08efff1c 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08efff38 74a01e69 USER32!MsgWaitForMultipleObjects+0x1d
03 08efff7c 78008454 asp!GetExtensionVersion+0x2deb
04 08efffb4 7c4e987c MSVCRT!endthread+0xc1
05 08efffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 37
System Thread ID: e5c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08f3fec0 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08f3ff1c 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08f3ff38 74a01eca USER32!MsgWaitForMultipleObjects+0x1d
03 08f3ff7c 78008454 asp!GetExtensionVersion+0x2e4c
04 08f3ffb4 7c4e987c MSVCRT!endthread+0xc1
05 08f3ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 38
System Thread ID: e24
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** WARNING: Unable to verify checksum for C:\WINNT\System32\pdm.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\pdm.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: PDM (Debugger) Thread.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08f7fe2c 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08f7fe88 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08f7fea4 4a00886c USER32!MsgWaitForMultipleObjects+0x1d
03 08f7ff7c 7c4f566c pdm+0x886c
04 08f7ffb0 4a008a09 KERNEL32!ReleaseSemaphore+0x12
05 08f7ffb4 7c4e987c pdm+0x8a09
06 08f7ffcc 77f83383 KERNEL32!SetThreadExecutionState+0x227
07 7ff94000 08f80000 ntdll!LdrLoadDll+0x122
08 08f7ffdc 7c4ff0b4 0x8f80000
09 ffffffff 00000000 KERNEL32!SetProcessPriorityBoost+0x56




Thread ID: 39
System Thread ID: e60
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08fbffb4 7c4e987c ntdll!ZwDelayExecution+0xb
01 08fbffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 40
System Thread ID: 1064
Kernel Time: 0:0:0.109
User Time: 0:0:0.593
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08fffe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08fffed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08fffef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 00161020 00000cac COMSVCS!Ordinal7+0x29d5




Thread ID: 41
System Thread ID: 11a0
Kernel Time: 0:0:0.31
User Time: 0:0:0.93
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0903d9ec 77fccdfb ntdll!RtlDestroyHeap+0x241
01 0903da20 77fcba0f ntdll!RtlFreeHeap+0x628
02 0903dbc8 6fff1921 ntdll!RtlSizeHeap+0x109
03 00000000 00000000 EXCHMEM!MpHeapAlloc+0x101




Thread ID: 42
System Thread ID: 12d0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0907fe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 0907fed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 0907fef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 00161090 00000cac COMSVCS!Ordinal7+0x29d5




Thread ID: 43
System Thread ID: 1088
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 090bfe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 090bfed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 090bfef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 001610c8 00000cac COMSVCS!Ordinal7+0x29d5




Thread ID: 44
System Thread ID: 12b0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 090ffe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 090ffed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 090ffef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 00161100 00000cac COMSVCS!Ordinal7+0x29d5




Thread ID: 45
System Thread ID: 11d4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0913fe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 0913fed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 0913fef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 08190e88 00000cac COMSVCS!Ordinal7+0x29d5




Thread ID: 46
System Thread ID: a14
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0917fe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 0917fed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 0917fef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 00161138 00000cac COMSVCS!Ordinal7+0x29d5




Thread ID: 47
System Thread ID: 1384
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 091bfe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 091bfed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 091bfef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 08196590 00000cac COMSVCS!Ordinal7+0x29d5




Thread ID: 48
System Thread ID: 107c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0991ffb4 7c4e987c ntdll!NtRemoveIoCompletion+0xb
01 0991ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 49
System Thread ID: 12bc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\MAPI32.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 09b5fe68 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 09b5fec4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 09b5fee0 6fae6526 USER32!MsgWaitForMultipleObjects+0x1d
03 77e15772 40e80824 MAPI32!GetAttribIMsgOnIStg+0x6026
04 74ff016a c5200000 0x40e80824
05 0c440001 00000000 0xc5200000




Thread ID: 50
System Thread ID: 1288
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 09b9fe68 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 09b9fec4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 09b9fee0 6fae6526 USER32!MsgWaitForMultipleObjects+0x1d
03 77e15772 40e80824 MAPI32!GetAttribIMsgOnIStg+0x6026
04 74ff016a c5200000 0x40e80824
05 0c440001 00000000 0xc5200000




Thread ID: 51
System Thread ID: 1070
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 09bdfe68 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 09bdfec4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 09bdfee0 6fae6526 USER32!MsgWaitForMultipleObjects+0x1d
03 77e15772 40e80824 MAPI32!GetAttribIMsgOnIStg+0x6026
04 74ff016a c5200000 0x40e80824
05 0c440001 00000000 0xc5200000




Thread ID: 52
System Thread ID: a4c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 09c1fe68 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 09c1fec4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 09c1fee0 6fae6526 USER32!MsgWaitForMultipleObjects+0x1d
03 77e15772 40e80824 MAPI32!GetAttribIMsgOnIStg+0x6026
04 74ff016a c5200000 0x40e80824
05 0c440001 00000000 0xc5200000




Thread ID: 53
System Thread ID: 11dc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 09c5fef4 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 09c5ff50 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 09c5ff6c 6fad7316 USER32!MsgWaitForMultipleObjects+0x1d
03 77f89103 8b000000 MAPI32!BMAPIResolveName+0x3b16
04 180d8b64 00000000 0x8b000000




Thread ID: 54
System Thread ID: 11e4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0a95ff6c 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 0a95ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 55
System Thread ID: 984
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0a99ff6c 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 0a99ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 56
System Thread ID: 121c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0a9dff6c 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 0a9dffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 57
System Thread ID: 1004
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0aa1ff6c 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 0aa1ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 58
System Thread ID: 133c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0aa5ff6c 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 0aa5ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 59
System Thread ID: 1308
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0aa9ff6c 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 0aa9ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 60
System Thread ID: 1300
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0aadff6c 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 0aadffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 61
System Thread ID: 1334
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0ab1ff6c 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 0ab1ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 62
System Thread ID: 131c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0ab5ff6c 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 0ab5ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 63
System Thread ID: 1108
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0ab9ff6c 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 0ab9ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17

*****

Dump name is formatted as: PID-Timestamp.dmp

Creating D:\iisstate\output\4012-1074234394.dmp - mini user dump

*****

Closing open log file D:\iisstate\output\IISState-4012.log

 >> Stay informed about: Interpreting IISState log files from w3svc and iisadmin se.. 
Back to top
Login to vote
anonymous955

External


Since: Jan 16, 2004
Posts: 4



(Msg. 3) Posted: Fri Jan 16, 2004 4:41 pm
Post subject: RE: Interpreting IISState log files from w3svc and iisadmin services stopping un [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
And this is the PID 1972 logs

Opened log file 'D:\iisstate\output\IISState-1972.log'

***********************
Starting new log output
IISState version 3.3.1

Thu Jan 15 23:45:42 2004

OS = Windows 2000
Executable: inetinfo.exe
PID = 1972

Note: Thread times are formatted as HH:MM:SS.ms

***********************


IIS has crashed...
Beginning Analysis
DLL (!FunctionName) that failed: ntdll!RtlDestroyHeap




Thread ID: 35
System Thread ID: 794
Kernel Time: 0:0:0.78
User Time: 0:0:0.375
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\EXCHMEM.dll -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08e7e428 77fccdfb ntdll!RtlDestroyHeap+0x241
01 08e7e45c 77fcba0f ntdll!RtlFreeHeap+0x628
02 08e7e604 77f90dc9 ntdll!RtlSizeHeap+0x109
03 08e7e798 6fff19b2 ntdll!RtlEqualPrefixSid+0x5d5
04 0000100a 00000000 EXCHMEM!MpHeapReAlloc+0x32
Closing open log file D:\iisstate\output\IISState-1972.log
Opened log file 'D:\iisstate\output\IISState-1972.log'

***********************
Starting new log output
IISState version 3.3.1

Fri Jan 16 00:45:43 2004

OS = Windows 2000
Executable: inetinfo.exe
PID = 1972

Note: Thread times are formatted as HH:MM:SS.ms

***********************




Thread ID: 0
System Thread ID: fac
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ADVAPI32.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINNT\System32\inetsrv\inetinfo.exe
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0006f910 7c2e0135 ntdll!ZwReadFile+0xb
01 0006f93c 7c2dffbb ADVAPI32!StartServiceCtrlDispatcherW+0x509
02 0006f9b8 7c2e1995 ADVAPI32!StartServiceCtrlDispatcherW+0x38f
03 0006fbf4 01002884 ADVAPI32!StartServiceCtrlDispatcherA+0x72
04 0006fd30 01001e94 inetinfo+0x2884
05 77e179ec 2474ff50 inetinfo+0x1e94
06 0c24448d 00000000 0x2474ff50




Thread ID: 1
System Thread ID: 984
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\KERNEL32.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0059fd44 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 00000001 00000000 KERNEL32!WaitForSingleObject+0xf




Thread ID: 2
System Thread ID: 94c
Kernel Time: 0:0:0.203
User Time: 0:0:0.140
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\IisRTL.DLL -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 006dfeac 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 006dff08 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 006dff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
03 00233978 000003e9 IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4




Thread ID: 3
System Thread ID: 810
Kernel Time: 0:0:0.281
User Time: 0:0:0.78
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0071feac 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 0071ff08 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
03 00233a28 000003ea IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4




Thread ID: 4
System Thread ID: 810
Kernel Time: 0:0:0.281
User Time: 0:0:0.78
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0071feac 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 0071ff08 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
03 00233a28 000003ea IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4




Thread ID: 5
System Thread ID: a4c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\RPCRT4.DLL -
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\inetsrv\asp.dll -
ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ole32.dll -
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 00e4ffa8 77d41c6c ntdll!ZwDelayExecution+0xb
01 00e4ffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
02 00e4ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 6
System Thread ID: 3f0
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 00e8ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
01 00e8ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 00e8ffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
03 00e8ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 7
System Thread ID: 103c
Kernel Time: 0:0:0.31
User Time: 0:0:0.15
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\inetsrv\INFOCOMM.DLL -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 00ecfc6c 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 00ecfcc8 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 00ecfce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
03 00c4bb3c 00000000 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209




Thread ID: 8
System Thread ID: 1370
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\inetsrv\ISATQ.DLL -
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0148ff88 6d7029ef ntdll!NtRemoveIoCompletion+0xb
01 0148ffb4 7c4e987c ISATQ!CDirMonitor::RemoveEntry+0x183
02 0148ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 9
System Thread ID: 13a4
Kernel Time: 0:0:0.31
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 014cff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff




Thread ID: 10
System Thread ID: 1178
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0150ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff




Thread ID: 11
System Thread ID: 140
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 017cfee4 77d809da ntdll!NtRemoveIoCompletion+0xb
01 017cff20 77d50ede RPCRT4!I_RpcTransGetAddressList+0x304c
02 017cff74 77d50d17 RPCRT4!TowerConstruct+0x4abd
03 017cffa8 77d41c6c RPCRT4!TowerConstruct+0x48f6
04 017cffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
05 017cffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 12
System Thread ID: 1070
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0188ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
01 0188ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 0188ffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
03 0188ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 13
System Thread ID: a78
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 018cfd70 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 018cffb4 7c4e987c KERNEL32!WaitForMultipleObjects+0x17
02 018cffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 14
System Thread ID: 1064
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0191ff84 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 77f89103 8b000000 KERNEL32!WaitForSingleObject+0xf
02 180d8b64 00000000 0x8b000000




Thread ID: 15
System Thread ID: cb0
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\inetsrv\w3svc.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\MSVCRT.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0198fec0 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 0198ff1c 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 0198ff38 65f09ccb USER32!MsgWaitForMultipleObjects+0x1d
03 0198ff7c 78008454 w3svc!HTTP_HEADER_MAPPER::Initialize+0x431
04 0198ffb4 7c4e987c MSVCRT!endthread+0xc1
05 0198ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 16
System Thread ID: 1384
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 019cfef8 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 019cff54 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 019cff70 65f09d47 USER32!MsgWaitForMultipleObjects+0x1d
03 019cffb4 7c4e987c w3svc!HTTP_HEADER_MAPPER::Initialize+0x4ad
04 019cffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 17
System Thread ID: a14
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\msafd.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\WS2_32.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\inetsloc.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 01a4fd1c 74fd3c59 ntdll!NtWaitForSingleObject+0xb
01 01a4fe08 750312f5 msafd!WSPSetSockOpt+0xdaa
02 01a4fe6c 6e2b3b6e WS2_32!select+0xcb
03 01a4ffb4 7c4e987c inetsloc!TerminateSvcLocator+0xbe8
04 01a4ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 18
System Thread ID: 11d4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\wspwsp.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 01a8fe18 74fd3c59 ntdll!NtWaitForSingleObject+0xb
01 01a8ff04 5560f5fd msafd!WSPSetSockOpt+0xdaa
02 01a8ff24 750312f5 wspwsp!NSPStartup+0xa18
03 01a8ff88 6d7075bd WS2_32!select+0xcb
04 00c6c1ec 000004c4 ISATQ!SetIISCapTraceFlag+0x1ce5




Thread ID: 19
System Thread ID: 12b0
Kernel Time: 0:0:0.93
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 01bdfaa4 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 01bdffb4 7c4e987c KERNEL32!WaitForMultipleObjects+0x17
02 01bdffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 20
System Thread ID: 1088
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for c:\inetpub\scripts\proxy\w3proxy.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07d3fe44 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 07d3ffb0 53b84602 KERNEL32!WaitForMultipleObjects+0x17
02 07d3ffec 00000000 w3proxy+0x4602




Thread ID: 21
System Thread ID: 12d0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07d7ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
01 07d7ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 07d7ffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
03 07d7ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 22
System Thread ID: 11a0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07dcff90 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 07dcffec 00000000 KERNEL32!WaitForSingleObject+0xf




Thread ID: 23
System Thread ID: e60
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07e0ff7c 53b9fdee ntdll!NtRemoveIoCompletion+0xb
01 07e0ffb4 7c4e987c w3proxy!RemoveWorkItem+0x1726
02 07e0ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 24
System Thread ID: e24
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07e4ff7c 53b9fdee ntdll!NtRemoveIoCompletion+0xb
01 07e4ffb4 7c4e987c w3proxy!RemoveWorkItem+0x1726
02 07e4ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 25
System Thread ID: e5c
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07e8ff78 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 07e8ffb4 7c4e987c KERNEL32!WaitForSingleObject+0xf
02 07e8ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 26
System Thread ID: 1114
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07ecff78 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 07ecffb4 7c4e987c KERNEL32!WaitForSingleObject+0xf
02 07ecffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 27
System Thread ID: 1308
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 07f0ff6c 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
01 07f0ffb4 7c4e987c KERNEL32!WaitForSingleObject+0xf
02 07f0ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 28
System Thread ID: bbc
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 080cff58 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
01 080cffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 29
System Thread ID: 2a8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\COMSVCS.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\TxfAux.Dll -
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0810fb94 77d3a2c7 ntdll!ZwRequestWaitReplyPort+0xb
01 0810fba0 77b23b2c RPCRT4!I_RpcSendReceive+0x2c
02 0810fbc0 77b239f7 ole32!DllDebugObjectRPCHook+0x12a
03 0810fbd8 77b20aa5 ole32!WdtpInterfacePointer_UserSize+0x1b54
04 0810fc18 77b23870 ole32!StgGetIFillLockBytesOnFile+0x19f30
05 0810fc88 77ab6ac3 ole32!WdtpInterfacePointer_UserSize+0x19cd
06 0810fce0 77d90328 ole32!UpdateDCOMSettings+0xad78
07 0810fcfc 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
08 0810ff44 77d95f85 RPCRT4!NdrClientCall2+0x4f5
09 0810ff60 77d77fcb RPCRT4!NdrStubCall2+0xb03
0a 0810ff70 787f372e RPCRT4!NdrServerMarshall+0x1311
0b 78868f0c ffffffff COMSVCS!RegisterComEvents+0x6768
0c 0011edb8 78868f0c 0xffffffff
0d 00000000 00000000 COMSVCS!RegisterComEvents+0x7bf46




Thread ID: 30
System Thread ID: ff8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 081cff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff




Thread ID: 31
System Thread ID: ec4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08d3fec0 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08d3ff1c 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08d3ff38 74a01e69 USER32!MsgWaitForMultipleObjects+0x1d
03 08d3ff7c 78008454 asp!GetExtensionVersion+0x2deb
04 08d3ffb4 7c4e987c MSVCRT!endthread+0xc1
05 08d3ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 32
System Thread ID: 12dc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08d7fec0 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08d7ff1c 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08d7ff38 74a01eca USER32!MsgWaitForMultipleObjects+0x1d
03 08d7ff7c 78008454 asp!GetExtensionVersion+0x2e4c
04 08d7ffb4 7c4e987c MSVCRT!endthread+0xc1
05 08d7ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 33
System Thread ID: 1390
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** WARNING: Unable to verify checksum for C:\WINNT\System32\pdm.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\System32\pdm.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: PDM (Debugger) Thread.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08dbfe2c 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08dbfe88 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08dbfea4 4a00886c USER32!MsgWaitForMultipleObjects+0x1d
03 08dbff7c 7c4f566c pdm+0x886c
04 08dbffb0 4a008a09 KERNEL32!ReleaseSemaphore+0x12
05 08dbffb4 7c4e987c pdm+0x8a09
06 08dbffcc 77f83383 KERNEL32!SetThreadExecutionState+0x227
07 7ff99000 08dc0000 ntdll!LdrLoadDll+0x122
08 08dbffdc 7c4ff0b4 0x8dc0000
09 ffffffff 00000000 KERNEL32!SetProcessPriorityBoost+0x56




Thread ID: 34
System Thread ID: 1288
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08e3ffb4 7c4e987c ntdll!ZwDelayExecution+0xb
01 08e3ffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 35
System Thread ID: 794
Kernel Time: 0:0:0.78
User Time: 0:0:0.375
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08e7e428 77fccdfb ntdll!RtlDestroyHeap+0x241
01 08e7e45c 77fcba0f ntdll!RtlFreeHeap+0x628
02 08e7e604 77f90dc9 ntdll!RtlSizeHeap+0x109
03 08e7e798 6fff19b2 ntdll!RtlEqualPrefixSid+0x5d5
04 0000100a 00000000 EXCHMEM!MpHeapReAlloc+0x32




Thread ID: 36
System Thread ID: be0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08ebfe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08ebfed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08ebfef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 0015d5d0 00000904 COMSVCS!Ordinal7+0x29d5




Thread ID: 37
System Thread ID: 133c
Kernel Time: 0:0:0.93
User Time: 0:0:0.296
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08effe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08effed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08effef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 0015d9b8 00000904 COMSVCS!Ordinal7+0x29d5




Thread ID: 38
System Thread ID: 2f8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08f3fe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08f3fed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08f3fef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 0015e270 00000904 COMSVCS!Ordinal7+0x29d5




Thread ID: 39
System Thread ID: 1300
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08f7fe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08f7fed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08f7fef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 0015e6d0 00000904 COMSVCS!Ordinal7+0x29d5




Thread ID: 40
System Thread ID: c14
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08fbfe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08fbfed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08fbfef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 0015eb20 00000904 COMSVCS!Ordinal7+0x29d5




Thread ID: 41
System Thread ID: 10fc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 08fffe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 08fffed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 08fffef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 0015e2a8 00000904 COMSVCS!Ordinal7+0x29d5




Thread ID: 42
System Thread ID: 990
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0903fe78 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 0903fed4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 0903fef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 0015f3d8 00000904 COMSVCS!Ordinal7+0x29d5




Thread ID: 43
System Thread ID: fe0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0989ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff




Thread ID: 44
System Thread ID: 1218
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 098dffb4 7c4e987c ntdll!NtRemoveIoCompletion+0xb
01 098dffec 00000000 KERNEL32!SetThreadExecutionState+0x227




Thread ID: 45
System Thread ID: 1254
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\MAPI32.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 09b3fe68 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 09b3fec4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 09b3fee0 6fae6526 USER32!MsgWaitForMultipleObjects+0x1d
03 77e15772 40e80824 MAPI32!GetAttribIMsgOnIStg+0x6026
04 74ff016a c5200000 0x40e80824
05 0c440001 00000000 0xc5200000




Thread ID: 46
System Thread ID: 12d8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 09b7fe68 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 09b7fec4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 09b7fee0 6fae6526 USER32!MsgWaitForMultipleObjects+0x1d
03 77e15772 40e80824 MAPI32!GetAttribIMsgOnIStg+0x6026
04 74ff016a c5200000 0x40e80824
05 0c440001 00000000 0xc5200000




Thread ID: 47
System Thread ID: 1284
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 09bbfe68 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 09bbfec4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 09bbfee0 6fae6526 USER32!MsgWaitForMultipleObjects+0x1d
03 77e15772 40e80824 MAPI32!GetAttribIMsgOnIStg+0x6026
04 74ff016a c5200000 0x40e80824
05 0c440001 00000000 0xc5200000




Thread ID: 48
System Thread ID: 100c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
00 09bffe68 77e13990 ntdll!NtWaitForMultipleObjects+0xb
01 09bffec4 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
02 09bffee0 6fae6526 USER32!MsgWaitForMultipleObjects+0x1d
03 77e15772 40e80824 MAPI32!GetAttribIMsgOnIStg+0x6026
04 74ff016a c5200000 0x40e80824
05 0c440001 00000000 0xc5200000

*****

Dump name is formatted as: PID-Timestamp.dmp

Creating D:\iisstate\output\1972-1074267965.dmp - mini user dump

*****

Closing open log file D:\iisstate\output\IISState-1972.log
 >> Stay informed about: Interpreting IISState log files from w3svc and iisadmin se.. 
Back to top
Login to vote
patfilot

External


Since: Aug 24, 2003
Posts: 1478



(Msg. 4) Posted: Sat Jan 17, 2004 1:51 am
Post subject: Re: Interpreting IISState log files from w3svc and iisadmin services stopping un [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Bug in the Exchange Memory Manager (exchmem.dll). If you have already
applied the latest Exchange Service Pack, you will need to call MS-Support.

Pat

"donman" <anonymous RemoveThis @discussions.microsoft.com> wrote in message
news:63ED867F-46B1-4677-A244-F669EE93902A@microsoft.com...
 > And this is the PID 1972 logs
 >
 > Opened log file 'D:\iisstate\output\IISState-1972.log'
 >
 > ***********************
 > Starting new log output
 > IISState version 3.3.1
 >
 > Thu Jan 15 23:45:42 2004
 >
 > OS = Windows 2000
 > Executable: inetinfo.exe
 > PID = 1972
 >
 > Note: Thread times are formatted as HH:MM:SS.ms
 >
 > ***********************
 >
 >
 > IIS has crashed...
 > Beginning Analysis
 > DLL (!FunctionName) that failed: ntdll!RtlDestroyHeap
 >
 >
 >
 >
 > Thread ID: 35
 > System Thread ID: 794
 > Kernel Time: 0:0:0.78
 > User Time: 0:0:0.375
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\EXCHMEM.dll -
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 08e7e428 77fccdfb ntdll!RtlDestroyHeap+0x241
 > 01 08e7e45c 77fcba0f ntdll!RtlFreeHeap+0x628
 > 02 08e7e604 77f90dc9 ntdll!RtlSizeHeap+0x109
 > 03 08e7e798 6fff19b2 ntdll!RtlEqualPrefixSid+0x5d5
 > 04 0000100a 00000000 EXCHMEM!MpHeapReAlloc+0x32
 > Closing open log file D:\iisstate\output\IISState-1972.log
 > Opened log file 'D:\iisstate\output\IISState-1972.log'
 >
 > ***********************
 > Starting new log output
 > IISState version 3.3.1
 >
 > Fri Jan 16 00:45:43 2004
 >
 > OS = Windows 2000
 > Executable: inetinfo.exe
 > PID = 1972
 >
 > Note: Thread times are formatted as HH:MM:SS.ms
 >
 > ***********************
 >
 >
 >
 >
 > Thread ID: 0
 > System Thread ID: fac
 > Kernel Time: 0:0:0.15
 > User Time: 0:0:0.0
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\ADVAPI32.dll -
 > *** ERROR: Module load completed but symbols could not be loaded for
C:\WINNT\System32\inetsrv\inetinfo.exe
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 0006f910 7c2e0135 ntdll!ZwReadFile+0xb
 > 01 0006f93c 7c2dffbb ADVAPI32!StartServiceCtrlDispatcherW+0x509
 > 02 0006f9b8 7c2e1995 ADVAPI32!StartServiceCtrlDispatcherW+0x38f
 > 03 0006fbf4 01002884 ADVAPI32!StartServiceCtrlDispatcherA+0x72
 > 04 0006fd30 01001e94 inetinfo+0x2884
 > 05 77e179ec 2474ff50 inetinfo+0x1e94
 > 06 0c24448d 00000000 0x2474ff50
 >
 >
 >
 >
 > Thread ID: 1
 > System Thread ID: 984
 > Kernel Time: 0:0:0.15
 > User Time: 0:0:0.0
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\KERNEL32.dll -
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 0059fd44 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
 > 01 00000001 00000000 KERNEL32!WaitForSingleObject+0xf
 >
 >
 >
 >
 > Thread ID: 2
 > System Thread ID: 94c
 > Kernel Time: 0:0:0.203
 > User Time: 0:0:0.140
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\USER32.dll -
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\IisRTL.DLL -
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 006dfeac 77e13990 ntdll!NtWaitForMultipleObjects+0xb
 > 01 006dff08 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
 > 02 006dff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
 > 03 00233978 000003e9
IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4
 >
 >
 >
 >
 > Thread ID: 3
 > System Thread ID: 810
 > Kernel Time: 0:0:0.281
 > User Time: 0:0:0.78
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 0071feac 77e13990 ntdll!NtWaitForMultipleObjects+0xb
 > 01 0071ff08 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
 > 02 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
 > 03 00233a28 000003ea
IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4
 >
 >
 >
 >
 > Thread ID: 4
 > System Thread ID: 810
 > Kernel Time: 0:0:0.281
 > User Time: 0:0:0.78
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 0071feac 77e13990 ntdll!NtWaitForMultipleObjects+0xb
 > 01 0071ff08 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
 > 02 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
 > 03 00233a28 000003ea
IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4
 >
 >
 >
 >
 > Thread ID: 5
 > System Thread ID: a4c
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\RPCRT4.DLL -
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: *** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\System32\inetsrv\asp.dll -
 > ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\ole32.dll -
 > OLE32.dll Symbols not found. Unable to proceed with DCOM check.
 > Continuing other analysis.
 >
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 00e4ffa8 77d41c6c ntdll!ZwDelayExecution+0xb
 > 01 00e4ffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
 > 02 00e4ffec 00000000 KERNEL32!SetThreadExecutionState+0x227
 >
 >
 >
 >
 > Thread ID: 6
 > System Thread ID: 3f0
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.15
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > OLE32.dll Symbols not found. Unable to proceed with DCOM check.
 > Continuing other analysis.
 >
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 00e8ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
 > 01 00e8ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
 > 02 00e8ffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
 > 03 00e8ffec 00000000 KERNEL32!SetThreadExecutionState+0x227
 >
 >
 >
 >
 > Thread ID: 7
 > System Thread ID: 103c
 > Kernel Time: 0:0:0.31
 > User Time: 0:0:0.15
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\System32\inetsrv\INFOCOMM.DLL -
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 00ecfc6c 77e13990 ntdll!NtWaitForMultipleObjects+0xb
 > 01 00ecfcc8 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
 > 02 00ecfce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
 > 03 00c4bb3c 00000000 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
 >
 >
 >
 >
 > Thread ID: 8
 > System Thread ID: 1370
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\System32\inetsrv\ISATQ.DLL -
 > Thread Type: HTTP Listener
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 0148ff88 6d7029ef ntdll!NtRemoveIoCompletion+0xb
 > 01 0148ffb4 7c4e987c ISATQ!CDirMonitor::RemoveEntry+0x183
 > 02 0148ffec 00000000 KERNEL32!SetThreadExecutionState+0x227
 >
 >
 >
 >
 > Thread ID: 9
 > System Thread ID: 13a4
 > Kernel Time: 0:0:0.31
 > User Time: 0:0:0.0
 > Thread Type: HTTP Listener
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 014cff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
 > 01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
 > 02 6aec8b55 00000000 0xe65868ff
 >
 >
 >
 >
 > Thread ID: 10
 > System Thread ID: 1178
 > Kernel Time: 0:0:0.15
 > User Time: 0:0:0.15
 > Thread Type: HTTP Listener
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 0150ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
 > 01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
 > 02 6aec8b55 00000000 0xe65868ff
 >
 >
 >
 >
 > Thread ID: 11
 > System Thread ID: 140
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > OLE32.dll Symbols not found. Unable to proceed with DCOM check.
 > Continuing other analysis.
 >
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 017cfee4 77d809da ntdll!NtRemoveIoCompletion+0xb
 > 01 017cff20 77d50ede RPCRT4!I_RpcTransGetAddressList+0x304c
 > 02 017cff74 77d50d17 RPCRT4!TowerConstruct+0x4abd
 > 03 017cffa8 77d41c6c RPCRT4!TowerConstruct+0x48f6
 > 04 017cffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
 > 05 017cffec 00000000 KERNEL32!SetThreadExecutionState+0x227
 >
 >
 >
 >
 > Thread ID: 12
 > System Thread ID: 1070
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > OLE32.dll Symbols not found. Unable to proceed with DCOM check.
 > Continuing other analysis.
 >
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 0188ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
 > 01 0188ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
 > 02 0188ffb4 7c4e987c RPCRT4!I_RpcServerInqTransportType+0x1a0
 > 03 0188ffec 00000000 KERNEL32!SetThreadExecutionState+0x227
 >
 >
 >
 >
 > Thread ID: 13
 > System Thread ID: a78
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 018cfd70 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
 > 01 018cffb4 7c4e987c KERNEL32!WaitForMultipleObjects+0x17
 > 02 018cffec 00000000 KERNEL32!SetThreadExecutionState+0x227
 >
 >
 >
 >
 > Thread ID: 14
 > System Thread ID: 1064
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 0191ff84 7c4f1b1b ntdll!NtWaitForSingleObject+0xb
 > 01 77f89103 8b000000 KERNEL32!WaitForSingleObject+0xf
 > 02 180d8b64 00000000 0x8b000000
 >
 >
 >
 >
 > Thread ID: 15
 > System Thread ID: cb0
 > Kernel Time: 0:0:0.15
 > User Time: 0:0:0.0
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\System32\inetsrv\w3svc.dll -
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\MSVCRT.dll -
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 0198fec0 77e13990 ntdll!NtWaitForMultipleObjects+0xb
 > 01 0198ff1c 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
 > 02 0198ff38 65f09ccb USER32!MsgWaitForMultipleObjects+0x1d
 > 03 0198ff7c 78008454 w3svc!HTTP_HEADER_MAPPER::Initialize+0x431
 > 04 0198ffb4 7c4e987c MSVCRT!endthread+0xc1
 > 05 0198ffec 00000000 KERNEL32!SetThreadExecutionState+0x227
 >
 >
 >
 >
 > Thread ID: 16
 > System Thread ID: 1384
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 019cfef8 77e13990 ntdll!NtWaitForMultipleObjects+0xb
 > 01 019cff54 77e13a5c USER32!MsgWaitForMultipleObjectsEx+0xe0
 > 02 019cff70 65f09d47 USER32!MsgWaitForMultipleObjects+0x1d
 > 03 019cffb4 7c4e987c w3svc!HTTP_HEADER_MAPPER::Initialize+0x4ad
 > 04 019cffec 00000000 KERNEL32!SetThreadExecutionState+0x227
 >
 >
 >
 >
 > Thread ID: 17
 > System Thread ID: a14
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\msafd.dll -
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\WS2_32.DLL -
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\system32\inetsloc.dll -
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 01a4fd1c 74fd3c59 ntdll!NtWaitForSingleObject+0xb
 > 01 01a4fe08 750312f5 msafd!WSPSetSockOpt+0xdaa
 > 02 01a4fe6c 6e2b3b6e WS2_32!select+0xcb
 > 03 01a4ffb4 7c4e987c inetsloc!TerminateSvcLocator+0xbe8
 > 04 01a4ffec 00000000 KERNEL32!SetThreadExecutionState+0x227
 >
 >
 >
 >
 > Thread ID: 18
 > System Thread ID: 11d4
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > *** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\WINNT\System32\wspwsp.dll -
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: HTTP Listener
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 01a8fe18 74fd3c59 ntdll!NtWaitForSingleObject+0xb
 > 01 01a8ff04 5560f5fd msafd!WSPSetSockOpt+0xdaa
 > 02 01a8ff24 750312f5 wspwsp!NSPStartup+0xa18
 > 03 01a8ff88 6d7075bd WS2_32!select+0xcb
 > 04 00c6c1ec 000004c4 ISATQ!SetIISCapTraceFlag+0x1ce5
 >
 >
 >
 >
 > Thread ID: 19
 > System Thread ID: 12b0
 > Kernel Time: 0:0:0.93
 > User Time: 0:0:0.0
 > Thread Status: Thread is in a WAIT state.
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Stack unwind information not available. Following frames may be
wrong.
 > 00 01bdfaa4 7c4fabfb ntdll!NtWaitForMultipleObjects+0xb
 > 01 01bdffb4 7c4e987c KERNEL32!WaitForMultipleObjects+0x17
 > 02 01bdffec 00000000 KERNEL32!SetThreadExecutionState+0x227
 >
 >
 >
 >
 > Thread ID: 20
 > System Thread ID: 1088
 > Kernel Time: 0:0:0.0