Welcome to HostingForumz.com!
FAQFAQ   SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log in/Register/PasswordLog in/Register/Password

IISState log

  
   Web Hosting Problem Solving Community! (Home) -> IIS RSS
Related Topics:
IISState Log Help - Hi everyone. This is my first time using IISState so I thought I'm post my log to make sure I was reading it From my reading it looks like the Oracle client is causing it to crash. Is that true? Here is the log (I've truncated it for size): ..

IISState Log: 100% CPU on OWA - Platform: Outlook Web Access (service pack 4 from Exch 5.5 SP4) on Windows 2000 Adv Server & IIS 5.0 with all Service Packs and Patches. Problem: hit 100% CPU hang. Action: Used iisstate against the PID. Instead of..

Help with IISState.log - Hello to all of you! We are problems with our IIS 6 server. There are ASP scripts and ASP.NET running. Often we receive a HTTP timeout when a reqest to an ASP page is made. Meanwhile the ASP.NET are running as..

CPU 100% And IISState - Can anyone tell me how to execute iisstate when the system is at 100% CPU? Because my server can't run any other programs because the CPU is hogged by dllhost. Thanks a lot.

IISSTATE - I am trying to find the version of IISState to install on my W2K (SP4) system so I can try degugging a web hang on a web running in a isolated state. Every serach I do on IISState seems to reference IIS 6, while I need it for IIS 5. where can I find..
Next:  IIS: Running multiple web sites on iis 5.0 on Windows 2000 Prof..  
Author Message
hoyty

External


Since: Sep 06, 2004
Posts: 5



(Msg. 1) Posted: Fri Sep 10, 2004 9:22 am
Post subject: IISState log
Archived from groups: microsoft>public>inetserver>iis (more info?)
My server has been rock solid for years until 9/6/04. At that point IIS
just started crashing over and over. It seems to do it multiple (50+) times
and then will work for 12 hours or so and start up again. Thanks for any
pointers. Here is what came out of IISState:
***********************
Starting new log output
IISState version 3.3.1

Fri Sep 10 03:32:08 2004

OS = Windows 2003 Server
Executable: inetinfo.exe
PID = 5920

Note: Thread times are formatted as HH:MM:SS.ms

***********************


IIS has crashed...
Beginning Analysis
DLL (!FunctionName) that failed:




Thread ID: 9
System Thread ID: 220
Kernel Time: 0:0:0.265
User Time: 0:0:0.171
Thread Type: Other
# ChildEBP RetAddr
WARNING: Frame IP not in any known module. Following frames may be wrong.
00 0176fed8 d7df9645 0xd4df9645
01 d3df9645 00000000 0xd7df9645
Closing open log file C:\iisstate\output\IISState-5920.log
Opened log file 'C:\iisstate\output\IISState-5920.log'

***********************
Starting new log output
IISState version 3.3.1

Fri Sep 10 03:32:08 2004

OS = Windows 2003 Server
Executable: inetinfo.exe
PID = 5920

Note: Thread times are formatted as HH:MM:SS.ms

***********************




Thread ID: 0
System Thread ID: 16a8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0006f9a8 77f4303b SharedUserData!SystemCallStub+0x4
01 0006f9ac 77e4905d ntdll!NtReadFile+0xc
02 0006fa14 77db51f1 kernel32!ReadFile+0x16c
03 0006fa40 77db5297 ADVAPI32!ScGetPipeInput+0x28
04 0006fab0 77dfa7f1 ADVAPI32!ScDispatcherLoop+0x4c
05 0006fcec 01002655 ADVAPI32!StartServiceCtrlDispatcherA+0x91
06 0006fe1c 010027ea inetinfo!StartDispatchTable+0x214
07 0006ff44 01003160 inetinfo!main+0x104
08 0006ffc0 77e4f38c inetinfo!mainCRTStartup+0x12f
09 0006fff0 00000000 kernel32!BaseProcessStart+0x23




Thread ID: 1
System Thread ID: 20e8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0083fe18 77f43741 SharedUserData!SystemCallStub+0x4
01 0083fe1c 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0083fe8c 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0083fe9c 01002cf9 kernel32!WaitForSingleObject+0xf
04 0083ffb8 77e4a990 inetinfo!W3SVCThreadEntry+0x3b
05 0083ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 2
System Thread ID: 89c
Kernel Time: 0:0:0.46
User Time: 0:0:0.250

I am running it again to see if anything different comes out.

 >> Stay informed about: IISState log 
Back to top
Login to vote
hoyty

External


Since: Sep 06, 2004
Posts: 5



(Msg. 2) Posted: Fri Sep 10, 2004 10:36 pm
Post subject: Re: IISState log [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
A better log:
***********************
Starting new log output
IISState version 3.3.1

Fri Sep 10 07:36:51 2004

OS = Windows 2003 Server
Executable: inetinfo.exe
PID = 6192

Note: Thread times are formatted as HH:MM:SS.ms

***********************


IIS has crashed...
Beginning Analysis
DLL (!FunctionName) that failed:




Thread ID: 14
System Thread ID: 1f38
Kernel Time: 0:0:0.109
User Time: 0:0:0.93
Thread Type: Other
# ChildEBP RetAddr
WARNING: Frame IP not in any known module. Following frames may be wrong.
00 018afed8 cfdf9645 0xccdf9645
01 cbdf9645 00000000 0xcfdf9645
Closing open log file C:\iisstate\output\IISState-6192.log
Opened log file 'C:\iisstate\output\IISState-6192.log'

***********************
Starting new log output
IISState version 3.3.1

Fri Sep 10 07:36:51 2004

OS = Windows 2003 Server
Executable: inetinfo.exe
PID = 6192

Note: Thread times are formatted as HH:MM:SS.ms

***********************




Thread ID: 0
System Thread ID: 24b0
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0006f9a8 77f4303b SharedUserData!SystemCallStub+0x4
01 0006f9ac 77e4905d ntdll!NtReadFile+0xc
02 0006fa14 77db51f1 kernel32!ReadFile+0x16c
03 0006fa40 77db5297 ADVAPI32!ScGetPipeInput+0x28
04 0006fab0 77dfa7f1 ADVAPI32!ScDispatcherLoop+0x4c
05 0006fcec 01002655 ADVAPI32!StartServiceCtrlDispatcherA+0x91
06 0006fe1c 010027ea inetinfo!StartDispatchTable+0x214
07 0006ff44 01003160 inetinfo!main+0x104
08 0006ffc0 77e4f38c inetinfo!mainCRTStartup+0x12f
09 0006fff0 00000000 kernel32!BaseProcessStart+0x23




Thread ID: 1
System Thread ID: 1ef8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0083fe18 77f43741 SharedUserData!SystemCallStub+0x4
01 0083fe1c 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0083fe8c 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0083fe9c 01002cf9 kernel32!WaitForSingleObject+0xf
04 0083ffb8 77e4a990 inetinfo!W3SVCThreadEntry+0x3b
05 0083ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 2
System Thread ID: 22d8
Kernel Time: 0:0:0.46
User Time: 0:0:0.234
Thread Type: Other
# ChildEBP RetAddr
00 0087fcc4 77f43741 SharedUserData!SystemCallStub+0x4
01 0087fcc8 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0087fd38 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0087fd48 649f24ac kernel32!WaitForSingleObject+0xf
04 0087fd70 010023b6 iisadmin!ServiceEntry+0x214
05 0087ffa8 77db571b inetinfo!InetinfoStartService+0x2a6
06 0087ffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
07 0087ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 3
System Thread ID: d2c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 00a7ff9c 77f4262b SharedUserData!SystemCallStub+0x4
01 00a7ffa0 77f6b5b2 ntdll!NtDelayExecution+0xc
02 00a7ffb8 77e4a990 ntdll!RtlpTimerThread+0x45
03 00a7ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 4
System Thread ID: 23a0
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 00abff7c 77f430c7 SharedUserData!SystemCallStub+0x4
01 00abff80 71b246f7 ntdll!ZwRemoveIoCompletion+0xc
02 00abffb8 77e4a990 mswsock!SockAsyncThread+0x67
03 00abffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 5
System Thread ID: 1fd0
Kernel Time: 0:0:0.0
User Time: 0:0:0.31
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 00b8feb0 77f4372d SharedUserData!SystemCallStub+0x4
01 00b8feb4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 00b8ff5c 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 00b8ff74 6e0b377a kernel32!WaitForMultipleObjects+0x17
04 00b8ffa0 6e0b6012 COADMIN!NOTIFY_CONTEXT::GetNextContext+0x68
05 00b8ffb8 77e4a990 COADMIN!NOTIFY_CONTEXT::NotifyThreadProc+0x62
06 00b8ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 6
System Thread ID: 2130
Kernel Time: 0:0:0.15
User Time: 0:0:0.78
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0144fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0144fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0144ff8c 77c60829 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0144ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0144ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0144ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0144ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 7
System Thread ID: 221c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 00edff70 77f430c7 SharedUserData!SystemCallStub+0x4
01 00edff74 77f7e6ae ntdll!ZwRemoveIoCompletion+0xc
02 00edffb8 77e4a990 ntdll!RtlpWorkerThread+0x3b
03 00edffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 8
System Thread ID: ad0
Kernel Time: 0:0:0.187
User Time: 0:0:0.500
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0154fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0154fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0154ff8c 77c60829 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0154ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0154ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0154ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0154ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 9
System Thread ID: 1cf4
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 015cfcec 77f4372d SharedUserData!SystemCallStub+0x4
01 015cfcf0 77f75297 ntdll!NtWaitForMultipleObjects+0xc
02 015cffb8 77e4a990 ntdll!RtlpWaitThread+0x158
03 015cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 10
System Thread ID: 25f4
Kernel Time: 0:0:0.234
User Time: 0:0:0.328
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0158fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0158fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0158ff8c 77c60829 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0158ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0158ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0158ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0158ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 11
System Thread ID: 2240
Kernel Time: 0:0:0.140
User Time: 0:0:0.375
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 014cfe20 77f4313f SharedUserData!SystemCallStub+0x4
01 014cfe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 014cff8c 77c60829 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 014cff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 014cffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 014cffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 014cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 12
System Thread ID: 100c
Kernel Time: 0:0:0.46
User Time: 0:0:0.46
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0150fbc0 77f4372d SharedUserData!SystemCallStub+0x4
01 0150fbc4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0150fc6c 77d076f5 kernel32!WaitForMultipleObjectsEx+0x11a
03 0150fcc8 77d077f5 USER32!RealMsgWaitForMultipleObjectsEx+0x13f
04 0150fce4 643f5723 USER32!MsgWaitForMultipleObjects+0x1d
05 0150fd30 6930d973 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x22f
06 0150fd70 010023b6 ftpsvc2!ServiceEntry+0xac
07 0150ffa8 77db571b inetinfo!InetinfoStartService+0x2a6
08 0150ffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
09 0150ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 13
System Thread ID: 2418
Kernel Time: 0:0:0.218
User Time: 0:0:0.62
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0186ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0186ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0186ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
03 0186ffb8 77e4a990 ISATQ!AtqPoolThread+0x40
04 0186ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 14
System Thread ID: 1f38
Kernel Time: 0:0:0.109
User Time: 0:0:0.93
Thread Type: Other
# ChildEBP RetAddr
WARNING: Frame IP not in any known module. Following frames may be wrong.
00 018afed8 cfdf9645 0xccdf9645
01 cbdf9645 00000000 0xcfdf9645




Thread ID: 15
System Thread ID: 2740
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 00e9ff70 77f430c7 SharedUserData!SystemCallStub+0x4
01 00e9ff74 77f7e6ae ntdll!ZwRemoveIoCompletion+0xc
02 00e9ffb8 77e4a990 ntdll!RtlpWorkerThread+0x3b
03 00e9ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 16
System Thread ID: c40
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 01cafeb4 77f430c7 SharedUserData!SystemCallStub+0x4
01 01cafeb8 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 01cafee4 77c80bd1 kernel32!GetQueuedCompletionStatus+0x27
03 01caff20 77c80a78 RPCRT4!COMMON_ProcessCalls+0x9f
04 01caff8c 77c58159 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x115
05 01caff90 77c60771 RPCRT4!ProcessIOEventsWrapper+0x9
06 01caffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
07 01caffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
08 01caffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 17
System Thread ID: 2774
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 01cefecc 77f4372d SharedUserData!SystemCallStub+0x4
01 01cefed0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 01ceff78 6930882e kernel32!WaitForMultipleObjectsEx+0x11a
03 01ceffb0 77f4308b ftpsvc2!PASV_ACCEPT_CONTEXT::AcceptThreadFunc+0x32
04 01ceffb8 77e4a990 ntdll!NtRegisterThreadTerminatePort+0xc
05 01ceffc4 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 18
System Thread ID: 6c4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01d7fe38 77f43741 SharedUserData!SystemCallStub+0x4
01 01d7fe3c 71b23ac3 ntdll!ZwWaitForSingleObject+0xc
02 01d7fe78 71b239d1 mswsock!SockWaitForSingleObject+0x19b
03 01d7ff3c 71c016c9 mswsock!WSPSelect+0x229
04 01d7ff8c 63ec4696 WS2_32!select+0xb9
05 01d7ffb4 63ec4700 ISATQ!ATQ_BMON_SET::BmonThreadFunc+0x22
06 01d7ffb8 77e4a990 ISATQ!BmonThreadFunc+0x9
07 01d7ffc4 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 19
System Thread ID: 2500
Kernel Time: 0:0:0.78
User Time: 0:0:0.62
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\pop3svc.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 01dbfbb8 77f4372d SharedUserData!SystemCallStub+0x4
01 01dbfbbc 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 01dbfc64 77d076f5 kernel32!WaitForMultipleObjectsEx+0x11a
03 01dbfcc0 77d077f5 USER32!RealMsgWaitForMultipleObjectsEx+0x13f
04 01dbfcdc 685a366e USER32!MsgWaitForMultipleObjects+0x1d
05 01dbfd28 61926a40 LNFOCOMM!IIS_SERVICE::StartServiceOperation+0x1d9
WARNING: Stack unwind information not available. Following frames may be
wrong.
06 01dbfd70 010023b6 pop3svc!ServiceEntry+0x1ae
07 01dbffa8 77db571b inetinfo!InetinfoStartService+0x2a6
08 01dbffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
09 01dbffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 20
System Thread ID: 25b0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\pttrace.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0727fec8 77f4372d SharedUserData!SystemCallStub+0x4
01 0727fecc 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0727ff74 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 0727ff8c 62e62374 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 0727ffb8 77e4a990 pttrace!TermAsyncTrace+0x501
05 0727ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 21
System Thread ID: 242c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 072bfecc 77f4372d SharedUserData!SystemCallStub+0x4
01 072bfed0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 072bff78 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 072bff90 62e618ff kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 072bffb8 77e4a990 pttrace!DebugAssert+0x51b
05 072bffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 22
System Thread ID: 1aec
Kernel Time: 0:0:2.281
User Time: 0:0:0.656
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0733fe08 77f4372d SharedUserData!SystemCallStub+0x4
01 0733fe0c 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0733feb4 77d076f5 kernel32!WaitForMultipleObjectsEx+0x11a
03 0733ff10 77d077f5 USER32!RealMsgWaitForMultipleObjectsEx+0x13f
04 0733ff2c 679cbbc6 USER32!MsgWaitForMultipleObjects+0x1d
05 0733ff84 77bc91ed LisRTL!SchedulerWorkerThread+0xa7
06 0733ffb8 77e4a990 msvcrt!_endthreadex+0x95
07 0733ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 23
System Thread ID: 2564
Kernel Time: 0:0:1.312
User Time: 0:0:1.31
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0737fe08 77f4372d SharedUserData!SystemCallStub+0x4
01 0737fe0c 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0737feb4 77d076f5 kernel32!WaitForMultipleObjectsEx+0x11a
03 0737ff10 77d077f5 USER32!RealMsgWaitForMultipleObjectsEx+0x13f
04 0737ff2c 679cbbc6 USER32!MsgWaitForMultipleObjects+0x1d
05 0737ff84 77bc91ed LisRTL!SchedulerWorkerThread+0xa7
06 0737ffb8 77e4a990 msvcrt!_endthreadex+0x95
07 0737ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 24
System Thread ID: 438
Kernel Time: 0:0:0.46
User Time: 0:0:0.15
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\LSATQ.dll -
Thread Type: Other
# ChildEBP RetAddr
00 0743ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0743ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0743ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 25
System Thread ID: 184
Kernel Time: 0:0:0.125
User Time: 0:0:0.296
Thread Type: Other
# ChildEBP RetAddr
00 0747ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0747ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0747ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 26
System Thread ID: 25a4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0754fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0754fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0754ff8c 77c60829 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0754ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0754ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0754ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0754ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 27
System Thread ID: 2088
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 075cfd1c 77f43741 SharedUserData!SystemCallStub+0x4
01 075cfd20 71b23ac3 ntdll!ZwWaitForSingleObject+0xc
02 075cfd5c 71b239d1 mswsock!SockWaitForSingleObject+0x19b
03 075cfe20 71c016c9 mswsock!WSPSelect+0x229
04 075cfe70 6e2b3b6e WS2_32!select+0xb9
05 075cffb8 77e4a990 inetsloc!SocketListenThread+0x51
06 075cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 28
System Thread ID: 2010
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0760fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0760fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0760ff8c 77c60829 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0760ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0760ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0760ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0760ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 29
System Thread ID: 22cc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\dsaccess.DLL -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0764fecc 77f4372d SharedUserData!SystemCallStub+0x4
01 0764fed0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0764ff78 62ee40ee kernel32!WaitForMultipleObjectsEx+0x11a
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 0764ffb0 62ee4213 dsaccess!HrDeleteObjectGuid+0x14e32
04 0764ffb8 77e4a990 dsaccess!HrDeleteObjectGuid+0x14f57
05 0764ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 30
System Thread ID: 1bf0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0768f694 77f4372d SharedUserData!SystemCallStub+0x4
01 0768f698 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0768f740 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 0768f758 62ea97bf kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 0768ffb0 62eca92e dsaccess!ReleaseDsctx+0x553
05 0768ffb8 77e4a990 dsaccess!HrInitializeDs+0x3f1e
06 0768ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 31
System Thread ID: 2040
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\Epoxy.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 076dfe9c 77f4372d SharedUserData!SystemCallStub+0x4
01 076dfea0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 076dff48 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 076dff60 62f25006 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 076dffb0 62f254df Epoxy!CEpoxyQIF::operator=+0x2b7e
05 076dffb8 77e4a990 Epoxy!CEpoxyQIF::operator=+0x3057
06 076dffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 32
System Thread ID: 1b60
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0782ff04 77f43741 SharedUserData!SystemCallStub+0x4
01 0782ff08 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0782ff78 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0782ff88 62ea9720 kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 0782ffb8 77e4a990 dsaccess!ReleaseDsctx+0x4b4
05 0782ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 33
System Thread ID: 24e8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0788fe38 77f43741 SharedUserData!SystemCallStub+0x4
01 0788fe3c 71b23ac3 ntdll!ZwWaitForSingleObject+0xc
02 0788fe78 71b239d1 mswsock!SockWaitForSingleObject+0x19b
03 0788ff3c 71c016c9 mswsock!WSPSelect+0x229
04 0788ff8c 686264b5 WS2_32!select+0xb9
WARNING: Stack unwind information not available. Following frames may be
wrong.
05 00c9d8d4 00000be4 LSATQ!SetIISCapTraceFlag+0x1e3c




Thread ID: 34
System Thread ID: 2768
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 00f1ff70 77f430c7 SharedUserData!SystemCallStub+0x4
01 00f1ff74 77f7e6ae ntdll!ZwRemoveIoCompletion+0xc
02 00f1ffb8 77e4a990 ntdll!RtlpWorkerThread+0x3b
03 00f1ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 35
System Thread ID: 239c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 07a2fec8 77f4372d SharedUserData!SystemCallStub+0x4
01 07a2fecc 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 07a2ff74 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 07a2ff8c 69532430 kernel32!WaitForMultipleObjects+0x17
04 07a2ffb8 77e4a990 exstrace!RegNotifyThread+0x68
05 07a2ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 36
System Thread ID: 1de0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 07a6fecc 77f4372d SharedUserData!SystemCallStub+0x4
01 07a6fed0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 07a6ff78 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 07a6ff90 695319c0 kernel32!WaitForMultipleObjects+0x17
04 07a6ffb8 77e4a990 exstrace!WriteTraceThread+0x2f
05 07a6ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 37
System Thread ID: 2620
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 07beff18 77f43741 SharedUserData!SystemCallStub+0x4
01 07beff1c 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 07beff8c 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 07beff9c 01dc8673 kernel32!WaitForSingleObject+0xf
04 07beffb8 77e4a990 FCACHDLL!CScheduleThread::ScheduleThread+0x60
05 07beffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 38
System Thread ID: 1da4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\ifsproxy.dll -
Thread Type: Other
# ChildEBP RetAddr
00 07d2ff34 77f430c7 SharedUserData!SystemCallStub+0x4
01 07d2ff38 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 07d2ff64 62292084 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 07d2ffb8 77e4a990 ifsproxy!CIfsGlobals::operator=+0x7e
04 07d2ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 39
System Thread ID: 2398
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\iisif.dll -
Thread Type: Other
# ChildEBP RetAddr
00 07daff14 77f43741 SharedUserData!SystemCallStub+0x4
01 07daff18 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 07daff88 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 07daff98 618d377d kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 07daffb8 77e4a990 iisif!PROTCON::~PROTCON+0xe4f
05 07daffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 40
System Thread ID: 1a54
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 07defe94 77f4372d SharedUserData!SystemCallStub+0x4
01 07defe98 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 07deff40 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 07deff58 62f23a01 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 07deffb0 62f23cbb Epoxy!CEpoxyQIF::operator=+0x1579
05 07deffb8 77e4a990 Epoxy!CEpoxyQIF::operator=+0x1833
06 07deffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 41
System Thread ID: 2020
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\resvc.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 07d6fbb4 77f4372d SharedUserData!SystemCallStub+0x4
01 07d6fbb8 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 07d6fc60 77d076f5 kernel32!WaitForMultipleObjectsEx+0x11a
03 07d6fcbc 77d077f5 USER32!RealMsgWaitForMultipleObjectsEx+0x13f
04 07d6fcd8 685a366e USER32!MsgWaitForMultipleObjects+0x1d
05 07d6fd24 07e05fb8 LNFOCOMM!IIS_SERVICE::StartServiceOperation+0x1d9
WARNING: Stack unwind information not available. Following frames may be
wrong.
06 07d6fd70 010023b6 resvc!ServiceEntry+0x244
07 07d6ffa8 77db571b inetinfo!InetinfoStartService+0x2a6
08 07d6ffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
09 07d6ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 42
System Thread ID: 2574
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\tranmsg.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 07f9fecc 77f4372d SharedUserData!SystemCallStub+0x4
01 07f9fed0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 07f9ff78 07e51f3b kernel32!WaitForMultipleObjectsEx+0x11a
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 07f9ffb0 07e52060 tranmsg+0x1f3b
04 07f9ffb8 77e4a990 tranmsg+0x2060
05 07f9ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 43
System Thread ID: 388
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0805fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0805fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0805ff8c 77c60829 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0805ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0805ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0805ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0805ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 44
System Thread ID: 2794
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\imap4svc.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0809fbb8 77f4372d SharedUserData!SystemCallStub+0x4
01 0809fbbc 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0809fc64 77d076f5 kernel32!WaitForMultipleObjectsEx+0x11a
03 0809fcc0 77d077f5 USER32!RealMsgWaitForMultipleObjectsEx+0x13f
04 0809fcdc 685a366e USER32!MsgWaitForMultipleObjects+0x1d
05 0809fd28 6195419e LNFOCOMM!IIS_SERVICE::StartServiceOperation+0x1d9
WARNING: Stack unwind information not available. Following frames may be
wrong.
06 0809fd70 010023b6 imap4svc!ServiceEntry+0x1b1
07 0809ffa8 77db571b inetinfo!InetinfoStartService+0x2a6
08 0809ffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
09 0809ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 45
System Thread ID: 1bc8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0811fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0811fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0811ff8c 77c60829 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0811ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0811ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0811ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0811ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 46
System Thread ID: 218c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 081bfe94 77f4372d SharedUserData!SystemCallStub+0x4
01 081bfe98 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 081bff40 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 081bff58 62f23a01 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 081bffb0 62f23cbb Epoxy!CEpoxyQIF::operator=+0x1579
05 081bffb8 77e4a990 Epoxy!CEpoxyQIF::operator=+0x1833
06 081bffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 47
System Thread ID: 218c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 081bfe94 77f4372d SharedUserData!SystemCallStub+0x4
01 081bfe98 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 081bff40 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 081bff58 62f23a01 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 081bffb0 62f23cbb Epoxy!CEpoxyQIF::operator=+0x1579
05 081bffb8 77e4a990 Epoxy!CEpoxyQIF::operator=+0x1833
06 081bffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 48
System Thread ID: 22f8
Kernel Time: 0:0:0.46
User Time: 0:0:0.156
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 081ffbc0 77f4372d SharedUserData!SystemCallStub+0x4
01 081ffbc4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 081ffc6c 77d076f5 kernel32!WaitForMultipleObjectsEx+0x11a
03 081ffcc8 77d077f5 USER32!RealMsgWaitForMultipleObjectsEx+0x13f
04 081ffce4 643f5723 USER32!MsgWaitForMultipleObjects+0x1d
05 081ffd30 6b77305d INFOCOMM!IIS_SERVICE::StartServiceOperation+0x22f
06 081ffd70 010023b6 SMTPSVC!ServiceEntry+0x129
07 081fffa8 77db571b inetinfo!InetinfoStartService+0x2a6
08 081fffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
09 081fffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 49
System Thread ID: 2640
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 0823fec0 77f4372d SharedUserData!SystemCallStub+0x4
01 0823fec4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0823ff6c 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 0823ff84 6b78b2d6 kernel32!WaitForMultipleObjects+0x17
04 0823ffb8 77e4a990 SMTPSVC!TcpRegNotifyThread+0xdc
05 0823ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 50
System Thread ID: 2728
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 0827ff20 77f43741 SharedUserData!SystemCallStub+0x4
01 0827ff24 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0827ff94 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0827ffa4 6b78b17a kernel32!WaitForSingleObject+0xf
04 0827ffb8 77e4a990 SMTPSVC!FreeLibThread+0x2c
05 0827ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 51
System Thread ID: 274c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0871fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0871fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0871ff8c 77c60829 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0871ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0871ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0871ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0871ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 52
System Thread ID: 261c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0895fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0895fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0895ff8c 77c60829 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0895ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0895ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0895ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0895ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 53
System Thread ID: 2e0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\phatq.dll -
Thread Type: Other
# ChildEBP RetAddr
00 0899ff10 77f43741 SharedUserData!SystemCallStub+0x4
01 0899ff14 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0899ff84 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0899ff94 61fa5d20 kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 0899ffb8 77e4a990 phatq!DllCanUnloadNow+0x147fa
05 0899ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 54
System Thread ID: 1e14
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\reapi.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 08a2fe74 77f4372d SharedUserData!SystemCallStub+0x4
01 08a2fe78 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 08a2ff20 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 08a2ff38 621953ea kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 08a2ffb0 62195d57 reapi!StrDeinitialize+0x20292
05 08a2ffb8 77e4a990 reapi!StrDeinitialize+0x20bff
06 08a2ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 55
System Thread ID: 2798
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 08a5ab54 77f43741 SharedUserData!SystemCallStub+0x4
01 08a5ab58 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 08a5abc8 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 08a5abd8 62ea9478 kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 08a5abe8 087241b8 dsaccess!ReleaseDsctx+0x20c
05 00000000 00000000 0x87241b8




Thread ID: 56
System Thread ID: 15b8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 08aaff08 77f43741 SharedUserData!SystemCallStub+0x4
01 08aaff0c 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 08aaff7c 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 08aaff8c 621abcd2 kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 08aaffb0 621abe5c reapi!StrDeinitialize+0x36b7a
05 08aaffb8 77e4a990 reapi!StrDeinitialize+0x36d04
06 08aaffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 57
System Thread ID: 1ad0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 08b0feb4 77f4372d SharedUserData!SystemCallStub+0x4
01 08b0feb8 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 08b0ff60 62156688 kernel32!WaitForMultipleObjectsEx+0x11a
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 08b0ff98 62156422 reapi!ReiCachedServerFQDNToRG+0x103e
04 08b0ffb0 6218a4a0 reapi!ReiCachedServerFQDNToRG+0xdd8
05 08b0ffb8 77e4a990 reapi!StrDeinitialize+0x15348
06 08b0ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 58
System Thread ID: 26c8
Kernel Time: 0:0:0.15
User Time: 0:0:0.218
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 08b8fe80 77f4372d SharedUserData!SystemCallStub+0x4
01 08b8fe84 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 08b8ff2c 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 08b8ff44 61fa5bb0 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 08b8ffa4 6b77e8ae phatq!DllCanUnloadNow+0x1468a
05 08b8ffb8 77e4a990 SMTPSVC!PERSIST_QUEUE::QueueThreadRoutine+0x21
06 08b8ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 59
System Thread ID: 26a0
Kernel Time: 0:0:0.31
User Time: 0:0:0.46
Thread Type: Other
# ChildEBP RetAddr
00 08b4ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 08b4ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 08b4ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 60
System Thread ID: 25c0
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Exchsrvr\bin\drviis.dll -
Thread Type: Other
# ChildEBP RetAddr
00 08c1ff54 77f430c7 SharedUserData!SystemCallStub+0x4
01 08c1ff58 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 08c1ff84 08b94ca3 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 08c1ffb8 77e4a990 drviis!DllCanUnloadNow+0xa80
04 08c1ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 61
System Thread ID: 2308
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 08c5ff54 77f430c7 SharedUserData!SystemCallStub+0x4
01 08c5ff58 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 08c5ff84 08b94ca3 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 08c5ffb8 77e4a990 drviis!DllCanUnloadNow+0xa80
04 08c5ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 62
System Thread ID: 219c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 08c9ff54 77f430c7 SharedUserData!SystemCallStub+0x4
01 08c9ff58 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 08c9ff84 08b94ca3 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 08c9ffb8 77e4a990 drviis!DllCanUnloadNow+0xa80
04 08c9ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 63
System Thread ID: 264c
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 08cdff54 77f430c7 SharedUserData!SystemCallStub+0x4
01 08cdff58 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 08cdff84 08b94ca3 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 08cdffb8 77e4a990 drviis!DllCanUnloadNow+0xa80
04 08cdffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 64
System Thread ID: d10
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 08d3fe94 77f4372d SharedUserData!SystemCallStub+0x4
01 08d3fe98 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 08d3ff40 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 08d3ff58 62f23a01 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 08d3ffb0 62f23cbb Epoxy!CEpoxyQIF::operator=+0x1579
05 08d3ffb8 77e4a990 Epoxy!CEpoxyQIF::operator=+0x1833
06 08d3ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 65
System Thread ID: 1fd8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 089efe9c 77f4372d SharedUserData!SystemCallStub+0x4
01 089efea0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 089eff48 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
03 089eff60 07dfadc3 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 089effb0 07e11033 resvc!IIS_SERVICE::QueryInstanceCount+0x4cc
05 089effb8 77e4a990 resvc!ServiceEntry+0xb2bf
06 089effec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 66
System Thread ID: 2688
Kernel Time: 0:0:0.0
User Time: 0:0:0.31
Thread Type: Other
# ChildEBP RetAddr
00 08d8fe00 77f43741 SharedUserData!SystemCallStub+0x4
01 08d8fe04 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 08d8fe74 76f22745 kernel32!WaitForSingleObjectEx+0xac
03 08d8feb0 76f1428e WLDAP32!LdapWaitForResponseFromServer+0x430
04 08d8feec 76f1bfaf WLDAP32!ldap_result_with_error+0x107
05 08d8ff1c 62e8e509 WLDAP32!ldap_result+0x49
WARNING: Stack unwind information not available. Following frames may be
wrong.
06 08d8ff5c 62e8e2a7 dsaccess!HrSearchGuid+0xb6f
07 08d8ff8c 62ea7e03 dsaccess!HrSearchGuid+0x90d
08 08d8ffb8 77e4a990 dsaccess!AddCachedObjectWithFilter+0x5a4a
09 08d8ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 67
System Thread ID: 27e8
Kernel Time: 0:0:1.906
User Time: 0:0:3.984
*** WARNING: Unable to verify checksum for C:\Program Files\Sybari
Software\Antigen for Exchange\AntigenSmtpSink.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Sybari Software\Antigen for Exchange\AntigenSmtpSink.dll -
Thread Type: Other
# ChildEBP RetAddr
00 08eff828 77d06718 SharedUserData!SystemCallStub+0x4
01 08eff850 63003504 USER32!NtUserGetMessage+0xc
WARNING: Stack unwind information not available. Following frames may be
wrong.
02 00000000 00000000 AntigenSmtpSink!DllUnregisterServer+0x1f54




Thread ID: 68
System Thread ID: 1144
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 08dfff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 08dfff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 08dfff80 68628d05 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 69
System Thread ID: 2278
Kernel Time: 0:0:0.46
User Time: 0:0:0.78
Thread Type: Other
# ChildEBP RetAddr
00 0926ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0926ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0926ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 70
System Thread ID: 23e8
Kernel Time: 0:0:0.62
User Time: 0:0:0.171
Thread Type: Other
# ChildEBP RetAddr
00 08e3ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 08e3ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 08e3ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 71
System Thread ID: 1948
Kernel Time: 0:0:0.109
User Time: 0:0:0.78
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 08f6ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 08f6ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 08f6ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
03 08f6ffb8 77e4a990 ISATQ!AtqPoolThread+0x40
04 08f6ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 72
System Thread ID: 1ef0
Kernel Time: 0:0:0.93
User Time: 0:0:0.78
Thread Type: Other
# ChildEBP RetAddr
00 08faff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 08faff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 08faff80 68628d05 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 73
System Thread ID: 19ec
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 00f8ff10 77f43741 SharedUserData!SystemCallStub+0x4
01 00f8ff14 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 00f8ff84 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 00f8ff94 61fa5c2d kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 00f8ffb8 77e4a990 phatq!DllCanUnloadNow+0x14707
05 00f8ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 74
System Thread ID: 1730
Kernel Time: 0:0:0.62
User Time: 0:0:0.78
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0902ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0902ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0902ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
03 0902ffb8 77e4a990 ISATQ!AtqPoolThread+0x40
04 0902ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 75
System Thread ID: 1730
Kernel Time: 0:0:0.62
User Time: 0:0:0.78
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0902ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0902ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0902ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
03 0902ffb8 77e4a990 ISATQ!AtqPoolThread+0x40
04 0902ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 76
System Thread ID: 2544
Kernel Time: 0:0:0.15
User Time: 0:0:0.31
Thread Type: Other
# ChildEBP RetAddr
00 092eff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 092eff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 092eff80 68628d05 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 77
System Thread ID: 266c
Kernel Time: 0:0:0.31
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 0932ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0932ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0932ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 78
System Thread ID: 266c
Kernel Time: 0:0:0.31
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 0932ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0932ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0932ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 79
System Thread ID: 266c
Kernel Time: 0:0:0.31
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 0932ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0932ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0932ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 80
System Thread ID: 266c
Kernel Time: 0:0:0.31
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 0932ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0932ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0932ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 81
System Thread ID: 1f80
Kernel Time: 0:0:0.0
User Time: 0:0:0.31
Thread Type: Other
# ChildEBP RetAddr
00 0942fe00 77f43741 SharedUserData!SystemCallStub+0x4
01 0942fe04 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0942fe74 76f22745 kernel32!WaitForSingleObjectEx+0xac
03 0942feb0 76f1428e WLDAP32!LdapWaitForResponseFromServer+0x430
04 0942feec 76f1bfaf WLDAP32!ldap_result_with_error+0x107
05 0942ff1c 62e8e509 WLDAP32!ldap_result+0x49
WARNING: Stack unwind information not available. Following frames may be
wrong.
06 0942ff5c 62e8e2a7 dsaccess!HrSearchGuid+0xb6f
07 0942ff8c 62ea7e03 dsaccess!HrSearchGuid+0x90d
08 0942ffb8 77e4a990 dsaccess!AddCachedObjectWithFilter+0x5a4a
09 0942ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 82
System Thread ID: 21dc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0946ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0946ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0946ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
03 0946ffb8 77e4a990 ISATQ!AtqPoolThread+0x40
04 0946ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 83
System Thread ID: 279c
Kernel Time: 0:0:0.15
User Time: 0:0:0.46
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 094aff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 094aff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 094aff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
03 094affb8 77e4a990 ISATQ!AtqPoolThread+0x40
04 094affec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 84
System Thread ID: 279c
Kernel Time: 0:0:0.15
User Time: 0:0:0.46
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 094aff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 094aff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 094aff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
03 094affb8 77e4a990 ISATQ!AtqPoolThread+0x40
04 094affec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 85
System Thread ID: 2474
Kernel Time: 0:0:0.62
User Time: 0:0:0.78
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0952ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0952ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0952ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
03 0952ffb8 77e4a990 ISATQ!AtqPoolThread+0x40
04 0952ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 86
System Thread ID: 2474
Kernel Time: 0:0:0.62
User Time: 0:0:0.78
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0952ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 0952ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0952ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
03 0952ffb8 77e4a990 ISATQ!AtqPoolThread+0x40
04 0952ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 87
System Thread ID: 1970
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 095cff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 095cff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 095cff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
03 095cffb8 77e4a990 ISATQ!AtqPoolThread+0x40
04 095cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 88
System Thread ID: 1970
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 095cff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 095cff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 095cff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
03 095cffb8 77e4a990 ISATQ!AtqPoolThread+0x40
04 095cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 89
System Thread ID: 20d0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0966fecc 77f4372d SharedUserData!SystemCallStub+0x4
01 0966fed0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0966ff78 07e51f3b kernel32!WaitForMultipleObjectsEx+0x11a
WARNING: Stack unwind information not available. Following frames may be
wrong.
03 0966ffb0 07e52060 tranmsg+0x1f3b
04 0966ffb8 77e4a990 tranmsg+0x2060
05 0966ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 90
System Thread ID: 26ec
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\PROGRA~1\Exchsrvr\bin\miscat.dll -
Thread Type: Other
# ChildEBP RetAddr
00 096bff1c 77f43741 SharedUserData!SystemCallStub+0x4
01 096bff20 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 096bff90 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 096bffa0 0961d036 kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 096bffec 00000000 miscat!DllUnregisterServer+0x8b22




Thread ID: 91
System Thread ID: 1154
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 097aab54 77f43741 SharedUserData!SystemCallStub+0x4
01 097aab58 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 097aabc8 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 097aabd8 62ea9478 kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following frames may be
wrong.
04 097aabe8 08794d68 dsaccess!ReleaseDsctx+0x20c
05 00000000 00000000 0x8794d68
"Brian Hoyt" <hoyty.DeleteThis@hoyty.com> wrote in message
news:O5GdnS3sO8vWHdzcRVn-ow@speakeasy.net...
 > My server has been rock solid for years until 9/6/04. At that point IIS
 > just started crashing over and over. It seems to do it multiple (50+)
times
 > and then will work for 12 hours or so and start up again. Thanks for any
 > pointers. Here is what came out of IISState:
 > ***********************
 > Starting new log output
 > IISState version 3.3.1
 >
 > Fri Sep 10 03:32:08 2004
 >
 > OS = Windows 2003 Server
 > Executable: inetinfo.exe
 > PID = 5920
 >
 > Note: Thread times are formatted as HH:MM:SS.ms
 >
 > ***********************
 >
 >
 > IIS has crashed...
 > Beginning Analysis
 > DLL (!FunctionName) that failed:
 >
 >
 >
 >
 > Thread ID: 9
 > System Thread ID: 220
 > Kernel Time: 0:0:0.265
 > User Time: 0:0:0.171
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Frame IP not in any known module. Following frames may be wrong.
 > 00 0176fed8 d7df9645 0xd4df9645
 > 01 d3df9645 00000000 0xd7df9645
 > Closing open log file C:\iisstate\output\IISState-5920.log
 > Opened log file 'C:\iisstate\output\IISState-5920.log'
 >
 > ***********************
 > Starting new log output
 > IISState version 3.3.1
 >
 > Fri Sep 10 03:32:08 2004
 >
 > OS = Windows 2003 Server
 > Executable: inetinfo.exe
 > PID = 5920
 >
 > Note: Thread times are formatted as HH:MM:SS.ms
 >
 > ***********************
 >
 >
 >
 >
 > Thread ID: 0
 > System Thread ID: 16a8
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0006f9a8 77f4303b SharedUserData!SystemCallStub+0x4
 > 01 0006f9ac 77e4905d ntdll!NtReadFile+0xc
 > 02 0006fa14 77db51f1 kernel32!ReadFile+0x16c
 > 03 0006fa40 77db5297 ADVAPI32!ScGetPipeInput+0x28
 > 04 0006fab0 77dfa7f1 ADVAPI32!ScDispatcherLoop+0x4c
 > 05 0006fcec 01002655 ADVAPI32!StartServiceCtrlDispatcherA+0x91
 > 06 0006fe1c 010027ea inetinfo!StartDispatchTable+0x214
 > 07 0006ff44 01003160 inetinfo!main+0x104
 > 08 0006ffc0 77e4f38c inetinfo!mainCRTStartup+0x12f
 > 09 0006fff0 00000000 kernel32!BaseProcessStart+0x23
 >
 >
 >
 >
 > Thread ID: 1
 > System Thread ID: 20e8
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0083fe18 77f43741 SharedUserData!SystemCallStub+0x4
 > 01 0083fe1c 77e41817 ntdll!ZwWaitForSingleObject+0xc
 > 02 0083fe8c 77e4168f kernel32!WaitForSingleObjectEx+0xac
 > 03 0083fe9c 01002cf9 kernel32!WaitForSingleObject+0xf
 > 04 0083ffb8 77e4a990 inetinfo!W3SVCThreadEntry+0x3b
 > 05 0083ffec 00000000 kernel32!BaseThreadStart+0x34
 >
 >
 >
 >
 > Thread ID: 2
 > System Thread ID: 89c
 > Kernel Time: 0:0:0.46
 > User Time: 0:0:0.250
 >
 > I am running it again to see if anything different comes out.
 >
 ><!-- ~MESSAGE_AFTER~ -->

 >> Stay informed about: IISState log 
Back to top
Login to vote
patfilot

External


Since: Aug 24, 2003
Posts: 1478



(Msg. 3) Posted: Sat Sep 11, 2004 11:56 pm
Post subject: Re: IISState log [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
This is most likely a bug in the SMTP Service. Please contact MS-Support.

Pat

"Brian Hoyt" <hoyty RemoveThis @hoyty.com> wrote in message
news:O5GdnS3sO8vWHdzcRVn-ow@speakeasy.net...
 > My server has been rock solid for years until 9/6/04. At that point IIS
 > just started crashing over and over. It seems to do it multiple (50+)
 > times
 > and then will work for 12 hours or so and start up again. Thanks for any
 > pointers. Here is what came out of IISState:
 > ***********************
 > Starting new log output
 > IISState version 3.3.1
 >
 > Fri Sep 10 03:32:08 2004
 >
 > OS = Windows 2003 Server
 > Executable: inetinfo.exe
 > PID = 5920
 >
 > Note: Thread times are formatted as HH:MM:SS.ms
 >
 > ***********************
 >
 >
 > IIS has crashed...
 > Beginning Analysis
 > DLL (!FunctionName) that failed:
 >
 >
 >
 >
 > Thread ID: 9
 > System Thread ID: 220
 > Kernel Time: 0:0:0.265
 > User Time: 0:0:0.171
 > Thread Type: Other
 > # ChildEBP RetAddr
 > WARNING: Frame IP not in any known module. Following frames may be wrong.
 > 00 0176fed8 d7df9645 0xd4df9645
 > 01 d3df9645 00000000 0xd7df9645
 > Closing open log file C:\iisstate\output\IISState-5920.log
 > Opened log file 'C:\iisstate\output\IISState-5920.log'
 >
 > ***********************
 > Starting new log output
 > IISState version 3.3.1
 >
 > Fri Sep 10 03:32:08 2004
 >
 > OS = Windows 2003 Server
 > Executable: inetinfo.exe
 > PID = 5920
 >
 > Note: Thread times are formatted as HH:MM:SS.ms
 >
 > ***********************
 >
 >
 >
 >
 > Thread ID: 0
 > System Thread ID: 16a8
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0006f9a8 77f4303b SharedUserData!SystemCallStub+0x4
 > 01 0006f9ac 77e4905d ntdll!NtReadFile+0xc
 > 02 0006fa14 77db51f1 kernel32!ReadFile+0x16c
 > 03 0006fa40 77db5297 ADVAPI32!ScGetPipeInput+0x28
 > 04 0006fab0 77dfa7f1 ADVAPI32!ScDispatcherLoop+0x4c
 > 05 0006fcec 01002655 ADVAPI32!StartServiceCtrlDispatcherA+0x91
 > 06 0006fe1c 010027ea inetinfo!StartDispatchTable+0x214
 > 07 0006ff44 01003160 inetinfo!main+0x104
 > 08 0006ffc0 77e4f38c inetinfo!mainCRTStartup+0x12f
 > 09 0006fff0 00000000 kernel32!BaseProcessStart+0x23
 >
 >
 >
 >
 > Thread ID: 1
 > System Thread ID: 20e8
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0083fe18 77f43741 SharedUserData!SystemCallStub+0x4
 > 01 0083fe1c 77e41817 ntdll!ZwWaitForSingleObject+0xc
 > 02 0083fe8c 77e4168f kernel32!WaitForSingleObjectEx+0xac
 > 03 0083fe9c 01002cf9 kernel32!WaitForSingleObject+0xf
 > 04 0083ffb8 77e4a990 inetinfo!W3SVCThreadEntry+0x3b
 > 05 0083ffec 00000000 kernel32!BaseThreadStart+0x34
 >
 >
 >
 >
 > Thread ID: 2
 > System Thread ID: 89c
 > Kernel Time: 0:0:0.46
 > User Time: 0:0:0.250
 >
 > I am running it again to see if anything different comes out.
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IISState log 
Back to top
Login to vote
hoyty

External


Since: Sep 06, 2004
Posts: 5



(Msg. 4) Posted: Mon Sep 13, 2004 12:14 am
Post subject: Re: IISState log [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Apparently it was according to
<a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?kbid=827214." target="_blank">http://support.microsoft.com/default.aspx?kbid=827214.</a> It is weird how it
suddenly started showing up.
"Pat [MSFT]" <patfilot.TakeThisOut@online.microsoft.com> wrote in message
news:OrTnzxHmEHA.3632@TK2MSFTNGP09.phx.gbl...
 > This is most likely a bug in the SMTP Service. Please contact MS-Support.
 >
 > Pat
 >
 > "Brian Hoyt" <hoyty.TakeThisOut@hoyty.com> wrote in message
 > news:O5GdnS3sO8vWHdzcRVn-ow@speakeasy.net...
  > > My server has been rock solid for years until 9/6/04. At that point IIS
  > > just started crashing over and over. It seems to do it multiple (50+)
  > > times
  > > and then will work for 12 hours or so and start up again. Thanks for
any
  > > pointers. Here is what came out of IISState:
  > > ***********************
  > > Starting new log output
  > > IISState version 3.3.1
  > >
  > > Fri Sep 10 03:32:08 2004
  > >
  > > OS = Windows 2003 Server
  > > Executable: inetinfo.exe
  > > PID = 5920
  > >
  > > Note: Thread times are formatted as HH:MM:SS.ms
  > >
  > > ***********************
  > >
  > >
  > > IIS has crashed...
  > > Beginning Analysis
  > > DLL (!FunctionName) that failed:
  > >
  > >
  > >
  > >
  > > Thread ID: 9
  > > System Thread ID: 220
  > > Kernel Time: 0:0:0.265
  > > User Time: 0:0:0.171
  > > Thread Type: Other
  > > # ChildEBP RetAddr
  > > WARNING: Frame IP not in any known module. Following frames may be
wrong.
  > > 00 0176fed8 d7df9645 0xd4df9645
  > > 01 d3df9645 00000000 0xd7df9645
  > > Closing open log file C:\iisstate\output\IISState-5920.log
  > > Opened log file 'C:\iisstate\output\IISState-5920.log'
  > >
  > > ***********************
  > > Starting new log output
  > > IISState version 3.3.1
  > >
  > > Fri Sep 10 03:32:08 2004
  > >
  > > OS = Windows 2003 Server
  > > Executable: inetinfo.exe
  > > PID = 5920
  > >
  > > Note: Thread times are formatted as HH:MM:SS.ms
  > >
  > > ***********************
  > >
  > >
  > >
  > >
  > > Thread ID: 0
  > > System Thread ID: 16a8
  > > Kernel Time: 0:0:0.0
  > > User Time: 0:0:0.0
  > > Thread Type: Other
  > > # ChildEBP RetAddr
  > > 00 0006f9a8 77f4303b SharedUserData!SystemCallStub+0x4
  > > 01 0006f9ac 77e4905d ntdll!NtReadFile+0xc
  > > 02 0006fa14 77db51f1 kernel32!ReadFile+0x16c
  > > 03 0006fa40 77db5297 ADVAPI32!ScGetPipeInput+0x28
  > > 04 0006fab0 77dfa7f1 ADVAPI32!ScDispatcherLoop+0x4c
  > > 05 0006fcec 01002655 ADVAPI32!StartServiceCtrlDispatcherA+0x91
  > > 06 0006fe1c 010027ea inetinfo!StartDispatchTable+0x214
  > > 07 0006ff44 01003160 inetinfo!main+0x104
  > > 08 0006ffc0 77e4f38c inetinfo!mainCRTStartup+0x12f
  > > 09 0006fff0 00000000 kernel32!BaseProcessStart+0x23
  > >
  > >
  > >
  > >
  > > Thread ID: 1
  > > System Thread ID: 20e8
  > > Kernel Time: 0:0:0.0
  > > User Time: 0:0:0.0
  > > Thread Type: Other
  > > # ChildEBP RetAddr
  > > 00 0083fe18 77f43741 SharedUserData!SystemCallStub+0x4
  > > 01 0083fe1c 77e41817 ntdll!ZwWaitForSingleObject+0xc
  > > 02 0083fe8c 77e4168f kernel32!WaitForSingleObjectEx+0xac
  > > 03 0083fe9c 01002cf9 kernel32!WaitForSingleObject+0xf
  > > 04 0083ffb8 77e4a990 inetinfo!W3SVCThreadEntry+0x3b
  > > 05 0083ffec 00000000 kernel32!BaseThreadStart+0x34
  > >
  > >
  > >
  > >
  > > Thread ID: 2
  > > System Thread ID: 89c
  > > Kernel Time: 0:0:0.46
  > > User Time: 0:0:0.250
  > >
  > > I am running it again to see if anything different comes out.
  > >
  > >
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IISState log 
Back to top
Login to vote
adavis

External


Since: Sep 13, 2004
Posts: 9



(Msg. 5) Posted: Mon Sep 13, 2004 7:30 pm
Post subject: Re: IISState log [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
One of the following is likely to solve your issue:

Windows Sever 2003 (Not running Exchange 2003)
<a style='text-decoration: underline;' href="http://support.microsoft.com/?id=827214" target="_blank">http://support.microsoft.com/?id=827214</a>

Exchange Server 2003
<a style='text-decoration: underline;' href="http://support.microsoft.com/?id=885264" target="_blank">http://support.microsoft.com/?id=885264</a>

This posting is provided "AS IS" with no warranties, and confers no rights.

Thanks!
~Andrew Davis
Microsoft PSS Security

--------------------
 >NNTP-Posting-Date: Fri, 10 Sep 2004 18:36:45 -0500
 >From: "Brian Hoyt" <hoyty.RemoveThis@hoyty.com>
 >Newsgroups: microsoft.public.inetserver.iis
 >References: <O5GdnS3sO8vWHdzcRVn-ow.RemoveThis@speakeasy.net>
 >Subject: Re: IISState log
 >Date: Fri, 10 Sep 2004 19:36:45 -0400
 >X-Priority: 3
 >X-MSMail-Priority: Normal
 >X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
 >Message-ID: <Fq6dnRQCkfYQp9_cRVn-rA.RemoveThis@speakeasy.net>
 >Lines: 1852
 >NNTP-Posting-Host: 68.227.202.158
 >X-Trace:
sv3-v0Vn4kU62w0zUndl5RS3qHsRzs/6f5nPgQw9hYMWOnROCfV44nLryIQmsiTunhCe7qkItePE
RJmNGlh!3VMzZhOVZEfpJka4UYymrPO5xsw0Tkra0fzSUVOS/egsyErnXySz3AFXcAQLAqPGxhcX
MkggRSf/!/S3Ugw/SReFwDTsXIQ==
 >X-Complaints-To: abuse.RemoveThis@speakeasy.net
 >X-DMCA-Complaints-To: abuse.RemoveThis@speakeasy.net
 >X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
 >X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
complaint properly
 >X-Postfilter: 1.3.13
 >Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.s
ul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca.gi
ganews.com!nntp.giganews.com!local1.nntp.dca.giganews.com!nntp.speakeasy.net
!news.speakeasy.net.POSTED!not-for-mail
 >Xref: cpmsftngxa10.phx.gbl microsoft.public.inetserver.iis:318371
 >X-Tomcat-NG: microsoft.public.inetserver.iis
 >
 >A better log:
 >***********************
 >Starting new log output
 >IISState version 3.3.1
 >
 >Fri Sep 10 07:36:51 2004
 >
 >OS = Windows 2003 Server
 >Executable: inetinfo.exe
 >PID = 6192
 >
 >Note: Thread times are formatted as HH:MM:SS.ms
 >
 >***********************
 >
 >
 >IIS has crashed...
 >Beginning Analysis
 >DLL (!FunctionName) that failed:
 >
 >
 >
 >
 >Thread ID: 14
 >System Thread ID: 1f38
 >Kernel Time: 0:0:0.109
 >User Time: 0:0:0.93
 >Thread Type: Other
 > # ChildEBP RetAddr
 >WARNING: Frame IP not in any known module. Following frames may be wrong.
 >00 018afed8 cfdf9645 0xccdf9645
 >01 cbdf9645 00000000 0xcfdf9645
 >Closing open log file C:\iisstate\output\IISState-6192.log
 >Opened log file 'C:\iisstate\output\IISState-6192.log'
 >
 >***********************
 >Starting new log output
 >IISState version 3.3.1
 >
 >Fri Sep 10 07:36:51 2004
 >
 >OS = Windows 2003 Server
 >Executable: inetinfo.exe
 >PID = 6192
 >
 >Note: Thread times are formatted as HH:MM:SS.ms
 >
 >***********************
 >
 >
 >
 >
 >Thread ID: 0
 >System Thread ID: 24b0
 >Kernel Time: 0:0:0.15
 >User Time: 0:0:0.0
 >Thread Type: Other
 > # ChildEBP RetAddr
 >00 0006f9a8 77f4303b SharedUserData!SystemCallStub+0x4
 >01 0006f9ac 77e4905d ntdll!NtReadFile+0xc
 >02 0006fa14 77db51f1 kernel32!ReadFile+0x16c
 >03 0006fa40 77db5297 ADVAPI32!ScGetPipeInput+0x28
 >04 0006fab0 77dfa7f1 ADVAPI32!ScDispatcherLoop+0x4c
 >05 0006fcec 01002655 ADVAPI32!StartServiceCtrlDispatcherA+0x91
 >06 0006fe1c 010027ea inetinfo!StartDispatchTable+0x214
 >07 0006ff44 01003160 inetinfo!main+0x104
 >08 0006ffc0 77e4f38c inetinfo!mainCRTStartup+0x12f
 >09 0006fff0 00000000 kernel32!BaseProcessStart+0x23
 >
 >
 >
 >
 >Thread ID: 1
 >System Thread ID: 1ef8
 >Kernel Time: 0:0:0.0
 >User Time: 0:0:0.0
 >Thread Type: Other
 > # ChildEBP RetAddr
 >00 0083fe18 77f43741 SharedUserData!SystemCallStub+0x4
 >01 0083fe1c 77e41817 ntdll!ZwWaitForSingleObject+0xc
 >02 0083fe8c 77e4168f kernel32!WaitForSingleObjectEx+0xac
 >03 0083fe9c 01002cf9 kernel32!WaitForSingleObject+0xf
 >04 0083ffb8 77e4a990 inetinfo!W3SVCThreadEntry+0x3b
 >05 0083ffec 00000000 kernel32!BaseThreadStart+0x34
 >
 >
 >
 >
 >Thread ID: 2
 >System Thread ID: 22d8
 >Kernel Time: 0:0:0.46
 >User Time: 0:0:0.234
 >Thread Type: Other
 > # ChildEBP RetAddr
 >00 0087fcc4 77f43741 SharedUserData!SystemCallStub+0x4
 >01 0087fcc8 77e41817 ntdll!ZwWaitForSingleObject+0xc
 >02 0087fd38 77e4168f kernel32!WaitForSingleObjectEx+0xac
 >03 0087fd48 649f24ac kernel32!WaitForSingleObject+0xf
 >04 0087fd70 010023b6 iisadmin!ServiceEntry+0x214
 >05 0087ffa8 77db571b inetinfo!InetinfoStartService+0x2a6
 >06 0087ffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
 >07 0087ffec 00000000 kernel32!BaseThreadStart+0x34
 >
 >
 >
 >
 >Thread ID: 3
 >System Thread ID: d2c
 >Kernel Time: 0:0:0.0
 >User Time: 0:0:0.0
 >Thread Type: Other
 > # ChildEBP RetAddr
 >00 00a7ff9c 77f4262b SharedUserData!SystemCallStub+0x4
 >01 00a7ffa0 77f6b5b2 ntdll!NtDelayExecution+0xc
 >02 00a7ffb8 77e4a990 ntdll!RtlpTimerThread+0x45
 >03 00a7ffec 00000000 kernel32!BaseThreadStart+0x34
 >
 >
 >
 >
 >Thread ID: 4
 >System Thread ID: 23a0
 >Kernel Time: 0:0:0.15
 >User Time: 0:0:0.15
 >Thread Type: Other
 > # ChildEBP RetAddr
 >00 00abff7c 77f430c7 SharedUserData!SystemCallStub+0x4
 >01 00abff80 71b246f7 ntdll!ZwRemoveIoCompletion+0xc
 >02 00abffb8 77e4a990 mswsock!SockAsyncThread+0x67
 >03 00abffec 00000000 kernel32!BaseThreadStart+0x34
 >
 >
 >
 >
 >Thread ID: 5
 >System Thread ID: 1fd0
 >Kernel Time: 0:0:0.0
 >User Time: 0:0:0.31
 >Thread Status: Thread is in a WAIT state.
 >Thread Type: Other
 > # ChildEBP RetAddr
 >00 00b8feb0 77f4372d SharedUserData!SystemCallStub+0x4
 >01 00b8feb4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
 >02 00b8ff5c 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
 >03 00b8ff74 6e0b377a kernel32!WaitForMultipleObjects+0x17
 >04 00b8ffa0 6e0b6012 COADMIN!NOTIFY_CONTEXT::GetNextContext+0x68
 >05 00b8ffb8 77e4a990 COADMIN!NOTIFY_CONTEXT::NotifyThreadProc+0x62
 >06 00b8ffec 00000000 kernel32!BaseThreadStart+0x34
 >
 >
 >
 >
 >Thread ID: 6
 >System Thread ID: 2130
 >Kernel Time: 0:0:0.15
 >User Time: 0:0:0.78
 >Thread Type: Possible ASP page. Possible DCOM activity
 >Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 >Continuing with other analysis.
 >
 >No remote call being made
 >
 > # ChildEBP RetAddr
 >00 0144fe20 77f4313f SharedUserData!SystemCallStub+0x4
 >01 0144fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
 >02 0144ff8c 77c60829 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x19