Board index » Web Programming » IISstate logs help
MisterSkippy
 |
IISstate logs help
Web Programming408
We've been having a lot of event ID 37 with src W3SVC errors popping up. We have 50+ sites in medium isolation, and i ran IISstate on the two instances of DLLHOST and the one of inetinfo. Is there anything revealed by the three logs below? thank you in advance, TC Opened log file 'D:\emergency\output\IISState-3088.log' *********************** Starting new log output IISState version 3.3.1 Sun Aug 15 21:21:55 2004 OS = Windows 2000 Executable: dllhost.exe PID = 3088 Note: Thread times are formatted as HH:MM:SS.ms *********************** Thread ID: 0 System Thread ID: 3e8 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0006fd28 7c573b28 ntdll!ZwWaitForSingleObject+0xb 01 0006fd50 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71 02 0006fd60 77aaa701 KERNEL32!WaitForSingleObject+0xf 03 0006fd80 77aa9f0f ole32!CSurrogateProcessActivator::WaitForSurrogateTimeout+0x4f 04 0006fd9c 01001230 ole32!CoRegisterSurrogateEx+0x169 05 0006ff24 010014c6 dllhost!WinMain+0xb0 06 0006ffc0 7c581af6 dllhost!WinMainCRTStartup+0x156 07 0006fff0 00000000 KERNEL32!BaseProcessStart+0x3d Thread ID: 1 System Thread ID: a64 Kernel Time: 0:0:0.78 User Time: 0:0:0.281 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: Unable to locate ASP page No remote call being made # ChildEBP RetAddr 00 0087fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb 01 0087ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74 02 0087ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9 03 0087ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f 04 0087ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 05 0087ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 2 System Thread ID: bc8 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 008bff5c 7c573a4e ntdll!NtDelayExecution+0xb 01 008bff7c 7c573a22 KERNEL32!SleepEx+0x32 02 008bff88 77ab8ffb KERNEL32!Sleep+0xb 03 008bff90 77ab50ee ole32!CROIDTable::WorkerThreadLoop+0xc 04 008bffa8 77ab5046 ole32!CRpcThread::WorkerLoop+0x22 05 008bffb4 7c57438b ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x1a 06 008bffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 3 System Thread ID: 904 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 008fff30 77abbad5 USER32!NtUserGetMessage+0xb 01 008fff70 77abba23 ole32!CDllHost::STAWorkerLoop+0x40 02 008fff8c 77abb95e ole32!CDllHost::WorkerThread+0xc2 03 008fff90 77ab50ee ole32!DLLHostThreadEntry+0x9 04 008fffa8 77ab5046 ole32!CRpcThread::WorkerLoop+0x22 05 008fffb4 7c57438b ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x1a 06 008fffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 4 System Thread ID: 7a8 Kernel Time: 0:0:0.15 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0098fc54 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 0098fc80 6de8b9d0 KERNEL32!GetQueuedCompletionStatus+0x27 02 0098fd94 6de8b908 TxfAux!WORK_QUEUE::WorkerLoop+0xa0 03 0098ffb4 7c57438b TxfAux!WORK_QUEUE::ThreadLoop+0x58 04 0098ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 5 System Thread ID: d8c Kernel Time: 0:0:0.93 User Time: 0:0:0.250 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: Unable to locate ASP page No remote call being made # ChildEBP RetAddr 00 00a4fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb 01 00a4ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74 02 00a4ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9 03 00a4ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f 04 00a4ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 05 00a4ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 6 System Thread ID: 4ec Kernel Time: 0:0:0.46 User Time: 0:0:0.0 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 00bcff08 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 00bcff58 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea 02 00bcff70 787f58ce KERNEL32!WaitForMultipleObjects+0x17 03 00bcffb4 7c57438b COMSVCS!CEventDispatcher::PushEvents+0x4e 04 00bcffc0 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 7 System Thread ID: 798 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: Unable to locate ASP page Remote call is either to a MTA object or object not initialized. Also, possible utility thread. DCOM call being made to Process ID: 1752 Waiting on thread id: ffffffff # ChildEBP RetAddr 00 00c0fb68 77d4256d ntdll!ZwRequestWaitReplyPort+0xb 01 00c0fb94 77d3ac56 RPCRT4!LRPC_CCALL::SendReceive+0x11e 02 00c0fba0 77b25b87 RPCRT4!I_RpcSendReceive+0x2c 03 00c0fbc0 77b25a52 ole32!ThreadSendReceive+0xef 04 00c0fbd8 77b22ab6 ole32!CRpcChannelBuffer::SwitchAptAndDispatchCall+0x14f 05 00c0fc18 77b258c6 ole32!CRpcChannelBuffer::SendReceive2+0x96 06 00c0fc28 77a6cb5d ole32!CRpcChannelBuffer::SendReceive+0x11 07 00c0fc88 77ab74c3 ole32!CAptRpcChnl::SendReceive+0xa9 08 00c0fce0 77d94c1a ole32!CCtxComChnl::SendReceive+0x124 09 00c0fcfc 77d9487d RPCRT4!NdrProxySendReceive+0x4c 0a 00c0ff44 77d95136 RPCRT4!NdrClientCall2+0x4f5 0b 00c0ff60 77d46e75 RPCRT4!ObjectStublessClient+0x76 0c 00c0ff70 787f5818 RPCRT4!ObjectStubless+0xf 0d 00c0ffb4 7c57438b COMSVCS!CEventDispatcher::GetEventServerInfoThread+0x118 0e 00c0ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 8 System Thread ID: 48c Kernel Time: 0:0:0.0 User Time: 0:0:0.15 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 00c4fee0 7c573a4e ntdll!NtDelayExecution+0xb 01 00c4ff00 7c573a22 KERNEL32!SleepEx+0x32 02 00c4ff0c 787d12aa KERNEL32!Sleep+0xb 03 00c4ff7c 780085bc COMSVCS!PostData+0xf2 04 00c4ff88 77ab779b MSVCRT!_endthreadex+0xc1 05 00000000 00000000 ole32!CCtxComChnl::FreeBuffer+0x3d Thread ID: 9 System Thread ID: ca4 Kernel Time: 0:0:49.62 User Time: 0:0:25.859 Thread Type: Other # ChildEBP RetAddr 00 00ecfe5c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 00ecfeac 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 00ecff08 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 00ecff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d 04 00ecff7c 780085bc IISRTL!SchedulerWorkerThread+0xa7 05 00ecffb4 7c57438b MSVCRT!_endthreadex+0xc1 06 00ecffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 10 System Thread ID: abc Kernel Time: 0:0:56.296 User Time: 0:0:25.718 Thread Type: Other # ChildEBP RetAddr 00 00f0fe5c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 00f0feac 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 00f0ff08 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 00f0ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d 04 00f0ff7c 780085bc IISRTL!SchedulerWorkerThread+0xa7 05 00f0ffb4 7c57438b MSVCRT!_endthreadex+0xc1 06 00f0ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 11 System Thread ID: 734 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: HTTP Listener # ChildEBP RetAddr 00 00fcff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 00fcff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27 02 00fcffb4 7c57438b ISATQ!AtqPoolThread+0x40 03 00fcffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 12 System Thread ID: 7c4 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: HTTP Listener # ChildEBP RetAddr 00 0093ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 0093ff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27 02 0093ffb4 7c57438b ISATQ!AtqPoolThread+0x40 03 0093ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 13 System Thread ID: ac4 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: Unable to locate ASP page No remote call being made # ChildEBP RetAddr 00 0118feb8 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 0118fee4 77d31394 KERNEL32!GetQueuedCompletionStatus+0x27 02 0118ff20 77d3e93f RPCRT4!COMMON_ProcessCalls+0x9e 03 0118ff74 77d3e8c2 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x99 04 0118ff78 77d35924 RPCRT4!ProcessIOEventsWrapper+0x9 05 0118ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f 06 0118ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 07 0118ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 14 System Thread ID: 77c Kernel Time: 0:0:0.78 User Time: 0:0:0.421 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: Unable to locate ASP page No remote call being made # ChildEBP RetAddr 00 0120fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb 01 0120ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74 02 0120ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9 03 0120ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f 04 0120ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 05 0120ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 15 System Thread ID: 738 Kernel Time: 0:0:0.78 User Time: 0:0:0.390 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: Unable to locate ASP page No remote call being made # ChildEBP RetAddr 00 0128fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb 01 0128ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74 02 0128ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9 03 0128ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f 04 0128ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 05 0128ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 16 System Thread ID: 7c0 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: ASP Executing Page: Unable to locate ASP page # ChildEBP RetAddr 00 01dafe70 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 01dafec0 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 01daff1c 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 01daff38 74a01e69 USER32!MsgWaitForMultipleObjects+0x1d 04 01daff7c 78008454 asp!CMTACallbackThread::Thread+0x42 05 01daffb4 7c57438b MSVCRT!_endthread+0xc6 06 01daffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 17 System Thread ID: 7b8 Kernel Time: 0:0:0.15 User Time: 0:0:0.31 *** WARNING: Unable to verify checksum for *** ERROR: Symbol file could not be found. Defaulted to export symbols or - Thread Type: PDM (Debugger) Thread. # ChildEBP RetAddr 00 01e2fddc 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 01e2fe2c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 01e2fe88 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 01e2fea4 4a00886c USER32!MsgWaitForMultipleObjects+0x1d 04 01e2ff88 4a008a85 pdm+0x886c 05 01e2ffb0 4a008a09 pdm+0x8a85 06 01e2ffb4 7c57438b pdm+0x8a09 07 01e2ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 18 System Thread ID: 788 Kernel Time: 0:0:0.703 User Time: 0:0:5.796 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 01e6fe28 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 01e6fe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 01e6fed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 01e6fef0 787c3911 USER32!MsgWaitForMultipleObjects+0x1d 04 01e6ff1c 787c2cc0 COMSVCS!STAThread::WaitForWork+0x33 05 01e6ffb4 7c57438b COMSVCS!STAThread::STAThreadWorker+0x4e2 06 01e6ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 19 System Thread ID: 7ac Kernel Time: 0:0:1.875 User Time: 0:0:19.156 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 01eafe28 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 01eafe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 01eafed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 01eafef0 787c3911 USER32!MsgWaitForMultipleObjects+0x1d 04 01eaff1c 787c2cc0 COMSVCS!STAThread::WaitForWork+0x33 05 01eaffb4 7c57438b COMSVCS!STAThread::STAThreadWorker+0x4e2 06 01eaffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 20 System Thread ID: 778 Kernel Time: 0:0:2.265 User Time: 0:0:20.359 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 01eefe28 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 01eefe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 01eefed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 01eefef0 787c3911 USER32!MsgWaitForMultipleObjects+0x1d 04 01eeff1c 787c2cc0 COMSVCS!STAThread::WaitForWork+0x33 05 01eeffb4 7c57438b COMSVCS!STAThread::STAThreadWorker+0x4e2 06 01eeffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 21 System Thread ID: 71c Kernel Time: 0:0:1.968 User Time: 0:0:18.312 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 01f2fe28 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 01f2fe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 01f2fed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 01f2fef0 787c3911 USER32!MsgWaitForMultipleObjects+0x1d 04 01f2ff1c 787c2cc0 COMSVCS!STAThread::WaitForWork+0x33 05 01f2ffb4 7c57438b COMSVCS!STAThread::STAThreadWorker+0x4e2 06 01f2ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 22 System Thread ID: 6bc Kernel Time: 0:0:2.390 User Time: 0:0:19.109 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 01f6fe28 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 01f6fe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 01f6fed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 01f6fef0 787c3911 USER32!MsgWaitForMultipleObjects+0x1d 04 01f6ff1c 787c2cc0 COMSVCS!STAThread::WaitForWork+0x33 05 01f6ffb4 7c57438b COMSVCS!STAThread::STAThreadWorker+0x4e2 06 01f6ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 23 System Thread ID: 7bc Kernel Time: 0:0:1.812 User Time: 0:0:17.125 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 01fafe28 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 01fafe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 01fafed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 01fafef0 787c3911 USER32!MsgWaitForMultipleObjects+0x1d 04 01faff1c 787c2cc0 COMSVCS!STAThread::WaitForWork+0x33 05 01faffb4 7c57438b COMSVCS!STAThread::STAThreadWorker+0x4e2 06 01faffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 24 System Thread ID: 730 Kernel Time: 0:0:2.31 User Time: 0:0:19.593 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 01fefe28 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 01fefe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 01fefed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 01fefef0 787c3911 USER32!MsgWaitForMultipleObjects+0x1d 04 01feff1c 787c2cc0 COMSVCS!STAThread::WaitForWork+0x33 05 01feffb4 7c57438b COMSVCS!STAThread::STAThreadWorker+0x4e2 06 01feffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 25 System Thread ID: 724 Kernel Time: 0:0:2.46 User Time: 0:0:18.468 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 0202fe28 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 0202fe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 0202fed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 0202fef0 787c3911 USER32!MsgWaitForMultipleObjects+0x1d 04 0202ff1c 787c2cc0 COMSVCS!STAThread::WaitForWork+0x33 05 0202ffb4 7c57438b COMSVCS!STAThread::STAThreadWorker+0x4e2 06 0202ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 26 System Thread ID: 720 Kernel Time: 0:0:0.109 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0208ff9c 77f842c4 ntdll!NtDelayExecution+0xb 01 0208ffb4 7c57438b ntdll!RtlpTimerThread+0x42 02 0208ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 27 System Thread ID: 718 Kernel Time: 0:0:0.0 User Time: 0:0:0.140 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\System\OLE DB\oledb32.dll - Thread Type: Other # ChildEBP RetAddr 00 02daff58 7c573b28 ntdll!ZwWaitForSingleObject+0xb 01 02daff80 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71 02 02daff90 028d55a1 KERNEL32!WaitForSingleObject+0xf WARNING: Stack unwind information not available. Following frames may be wrong. 03 02daffb4 7c57438b oledb32!DllGetClassObject+0x38eb 04 02daffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 28 System Thread ID: 714 Kernel Time: 0:0:0.15 User Time: 0:0:0.78 Thread Type: Other # ChildEBP RetAddr 00 02deff50 7c573b28 ntdll!ZwWaitForSingleObject+0xb 01 02deff78 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71 02 02deff88 028d5593 KERNEL32!WaitForSingleObject+0xf WARNING: Stack unwind information not available. Following frames may be wrong. 03 02deffb4 7c57438b oledb32!DllGetClassObject+0x38dd 04 02deffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 29 System Thread ID: 6c8 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 02e2fd54 7c573b28 ntdll!ZwWaitForSingleObject+0xb 01 02e2fd7c 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71 02 02e2fd8c 7878db85 KERNEL32!WaitForSingleObject+0xf 03 02e2ffb4 7c57438b COMSVCS!PingThread+0xf5 04 02e2ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 30 System Thread ID: 6b8 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 02f9ff88 751a4848 ntdll!ZwWaitForMultipleObjects+0xb 01 02f9ffb4 7c57438b NETAPI32!NetbiosWaiter+0x71 02 02f9ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 31 System Thread ID: 4dc Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0363ff20 77f838a5 ntdll!ZwRemoveIoCompletion+0xb 01 0363ffb4 7c57438b ntdll!RtlpWorkerThread+0x6b 02 0363ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 32 System Thread ID: d5c Kernel Time: 0:0:1.156 User Time: 0:0:20.375 *** WARNING: Unable to verify checksum for Thread Type: Other # ChildEBP RetAddr 00 041dff38 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 041dff64 040e4911 KERNEL32!GetQueuedCompletionStatus+0x27 02 041dffb4 7c57438b MivaIIS!MivaThreadProc+0x35 03 041dffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 33 System Thread ID: be8 Kernel Time: 0:0:2.906 User Time: 0:0:51.937 Thread Type: Other # ChildEBP RetAddr 00 0421ff38 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 0421ff64 040e4911 KERNEL32!GetQueuedCompletionStatus+0x27 02 0421ffb4 7c57438b MivaIIS!MivaThreadProc+0x35 03 0421ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 34 System Thread ID: 600 Kernel Time: 0:0:0.31 User Time: 0:0:0.203 Thread Type: Other # ChildEBP RetAddr 00 172fff60 7c573b28 ntdll!ZwWaitForSingleObject+0xb 01 172fff88 77ab510c KERNEL32!WaitForSingleObjectEx+0x71 02 172fffa8 77ab5046 ole32!CRpcThread::WorkerLoop+0x40 03 172fffb4 7c57438b ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x1a 04 172fffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 35 System Thread ID: cdc Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 17c2ebe0 77f89ebd ntdll!ZwWaitForMultipleObjects+0xb 01 17c2ffb4 7c57438b ntdll!RtlpWaitThread+0x1b9 02 17c2ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 36 System Thread ID: 774 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 17c6ff1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 17c6ff6c 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea 02 17c6ff84 7c121fef KERNEL32!WaitForMultipleObjects+0x17 03 17c6ffb4 7c57438b USERENV!NotificationThread+0x5f 04 17c6ffec 00000000 KERNEL32!BaseThreadStart+0x52 ***** Dump name is formatted as: PID-Timestamp.dmp Creating D:\emergency\output\3088-1092630121.dmp - mini user dump ***** Closing open log file D:\emergency\output\IISState-3088.log Opened log file 'D:\emergency\output\IISState-1752.log' *********************** Starting new log output IISState version 3.3.1 Sun Aug 15 21:21:50 2004 OS = Windows 2000 Executable: dllhost.exe PID = 1752 Note: Thread times are formatted as HH:MM:SS.ms *********************** Thread ID: 0 System Thread ID: 6d4 Kernel Time: 0:0:0.15 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0006fd28 7c573b28 ntdll!ZwWaitForSingleObject+0xb 01 0006fd50 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71 02 0006fd60 77aaa701 KERNEL32!WaitForSingleObject+0xf 03 0006fd80 77aa9f0f ole32!CSurrogateProcessActivator::WaitForSurrogateTimeout+0x4f 04 0006fd9c 01001230 ole32!CoRegisterSurrogateEx+0x169 05 0006ff24 010014c6 dllhost!WinMain+0xb0 06 0006ffc0 7c581af6 dllhost!WinMainCRTStartup+0x156 07 0006fff0 00000000 KERNEL32!BaseProcessStart+0x3d Thread ID: 1 System Thread ID: 6e0 Kernel Time: 0:0:0.515 User Time: 0:0:0.562 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 0087fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb 01 0087ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74 02 0087ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9 03 0087ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f 04 0087ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 05 0087ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 2 System Thread ID: 6e8 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 008fff30 77abbad5 USER32!NtUserGetMessage+0xb 01 008fff70 77abba23 ole32!CDllHost::STAWorkerLoop+0x40 02 008fff8c 77abb95e ole32!CDllHost::WorkerThread+0xc2 03 008fff90 77ab50ee ole32!DLLHostThreadEntry+0x9 04 008fffa8 77ab5046 ole32!CRpcThread::WorkerLoop+0x22 05 008fffb4 7c57438b ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x1a 06 008fffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 3 System Thread ID: 6f0 Kernel Time: 0:0:0.0 User Time: 0:0:0.15 Thread Type: Other # ChildEBP RetAddr 00 0098fc54 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 0098fc80 6de8b9d0 KERNEL32!GetQueuedCompletionStatus+0x27 02 0098fd94 6de8b908 TxfAux!WORK_QUEUE::WorkerLoop+0xa0 03 0098ffb4 7c57438b TxfAux!WORK_QUEUE::ThreadLoop+0x58 04 0098ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 4 System Thread ID: 6f8 Kernel Time: 0:0:0.31 User Time: 0:0:0.15 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 00a0fdd8 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 00a0fe28 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea 02 00a0fe40 78804961 KERNEL32!WaitForMultipleObjects+0x17 03 00a0ff30 78801f8c COMSVCS!CRMRecoveryClerk::RecoveryThread+0x49d 04 00a0ff7c 78008454 COMSVCS!RecoveryThreadFunction+0x8e 05 00a0ffb4 7c57438b MSVCRT!_endthread+0xc6 06 00a0ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 5 System Thread ID: 6fc Kernel Time: 0:0:6.781 User Time: 0:0:14.359 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 00a4fee0 7c573a4e ntdll!NtDelayExecution+0xb 01 00a4ff00 7c573a22 KERNEL32!SleepEx+0x32 02 00a4ff0c 787d12aa KERNEL32!Sleep+0xb 03 00a4ff7c 780085bc COMSVCS!PostData+0xf2 04 00a4ffb4 7c57438b MSVCRT!_endthreadex+0xc1 05 00a4ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 6 System Thread ID: 6ec Kernel Time: 0:0:0.343 User Time: 0:0:0.609 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 00a8fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb 01 00a8ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74 02 00a8ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9 03 00a8ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f 04 00a8ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 05 00a8ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 7 System Thread ID: 700 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 00acf5f0 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 00acf640 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea 02 00acf658 787f011d KERNEL32!WaitForMultipleObjects+0x17 03 00acf6a4 77d32355 COMSVCS!CLceDisp::DoWork+0xab 04 00acf6c0 77d9356d RPCRT4!Invoke+0x30 05 00acf924 77d93a2c RPCRT4!NdrStubCall2+0x664 06 00acf988 77b24584 RPCRT4!CStdStubBuffer_Invoke+0xc8 07 00acf9cc 77b2485f ole32!SyncStubInvoke+0x61 08 00acfa14 77ab7881 ole32!StubInvoke+0xa8 09 00acfa78 77aa9c8f ole32!CCtxComChnl::ContextInvoke+0xbb 0a 00acfa94 77b24469 ole32!MTAInvoke+0x18 0b 00acfac4 77b24bab ole32!AppInvoke+0xb5 0c 00acfb84 77b248d7 ole32!ComInvokeWithLockAndIPID+0x2b5 0d 00acfba4 77ab3c3d ole32!ComInvoke+0x41 0e 00acfbb4 77b258ed ole32!ThreadDispatch+0x21 0f 00acfbc8 77b25937 ole32!DispatchCall+0x24 10 00acfbe0 77b22ab6 ole32!CRpcChannelBuffer::SwitchAptAndDispatchCall+0x34 11 00acfc20 77b258c6 ole32!CRpcChannelBuffer::SendReceive2+0x96 12 00acfc30 77a6cb5d ole32!CRpcChannelBuffer::SendReceive+0x11 13 00acfc90 77ab74c3 ole32!CAptRpcChnl::SendReceive+0xa9 14 00acfce8 77d94c1a ole32!CCtxComChnl::SendReceive+0x124 15 00acfd04 77d9487d RPCRT4!NdrProxySendReceive+0x4c 16 00acff4c 77d95136 RPCRT4!NdrClientCall2+0x4f5 17 00acff68 77d46e75 RPCRT4!ObjectStublessClient+0x76 18 00acff78 787f2251 RPCRT4!ObjectStubless+0xf 19 00acffb4 7c57438b COMSVCS!CEventServer::DispatchEvents+0x83 1a 00acffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 8 System Thread ID: 708 Kernel Time: 0:0:0.281 User Time: 0:0:0.515 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 00b4fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb 01 00b4ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74 02 00b4ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9 03 00b4ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f 04 00b4ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 05 00b4ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 9 System Thread ID: 710 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 00b8ebe0 77f89ebd ntdll!ZwWaitForMultipleObjects+0xb 01 00b8ffb4 7c57438b ntdll!RtlpWaitThread+0x1b9 02 00b8ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 10 System Thread ID: 784 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 00bcff9c 77f842c4 ntdll!NtDelayExecution+0xb 01 00bcffb4 7c57438b ntdll!RtlpTimerThread+0x42 02 00bcffec 00000000 KERNEL32!BaseThreadStart+0x52 ***** Dump name is formatted as: PID-Timestamp.dmp Creating D:\emergency\output\1752-1092630112.dmp - mini user dump ***** Closing open log file D:\emergency\output\IISState-1752.log Opened log file 'D:\emergency\output\IISState-1564.log' *********************** Starting new log output IISState version 3.3.1 Sun Aug 15 21:22:11 2004 OS = Windows 2000 Executable: inetinfo.exe PID = 1564 Note: Thread times are formatted as HH:MM:SS.ms *********************** Thread ID: 0 System Thread ID: 618 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0006f89c 7c5785d1 ntdll!ZwReadFile+0xb 01 0006f910 7c2e4cd9 KERNEL32!ReadFile+0x181 02 0006f93c 7c2e4b5f ADVAPI32!ScGetPipeInput+0x28 03 0006f9b8 7c2e6632 ADVAPI32!ScDispatcherLoop+0x4a 04 0006fbf4 01002884 ADVAPI32!StartServiceCtrlDispatcherA+0x7d 05 0006fd30 01001e94 inetinfo!StartDispatchTable+0x2f1 06 0006ff70 01002fbf inetinfo!main+0x654 07 0006ffc0 7c581af6 inetinfo!mainCRTStartup+0xff 08 0006fff0 00000000 KERNEL32!BaseProcessStart+0x3d Thread ID: 1 System Thread ID: 624 Kernel Time: 0:0:0.0 User Time: 0:0:0.46 Thread Type: Other # ChildEBP RetAddr 00 0059fd1c 7c573b28 ntdll!ZwWaitForSingleObject+0xb 01 0059fd44 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71 02 0059fd54 6e6f1685 KERNEL32!WaitForSingleObject+0xf 03 0059fd70 01002440 iisadmin!ServiceEntry+0x156 04 0059ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd 05 0059ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe 06 0059ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 2 System Thread ID: 638 Kernel Time: 0:2:10.218 User Time: 0:1:10.734 Thread Type: Other # ChildEBP RetAddr 00 006dfe5c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 006dfeac 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 006dff08 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 006dff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d 04 006dff7c 780085bc IisRTL!SchedulerWorkerThread+0xa7 05 006dffb4 7c57438b MSVCRT!_endthreadex+0xc1 06 006dffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 3 System Thread ID: 63c Kernel Time: 0:2:10.265 User Time: 0:1:9.671 Thread Type: Other # ChildEBP RetAddr 00 0071fe5c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 0071feac 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 0071ff08 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d 04 0071ff7c 780085bc IisRTL!SchedulerWorkerThread+0xa7 05 0071ffb4 7c57438b MSVCRT!_endthreadex+0xc1 06 0071ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 4 System Thread ID: 664 Kernel Time: 0:0:0.31 User Time: 0:0:0.31 Thread Type: Other # ChildEBP RetAddr 00 00e0fc1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 00e0fc6c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 00e0fcc8 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 00e0fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d 04 00e0fd30 6fc6b2f0 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209 05 00e0fd70 01002440 ftpsvc2!ServiceEntry+0xc7 06 00e0ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd 07 00e0ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe 08 00e0ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 5 System Thread ID: 668 Kernel Time: 0:0:0.109 User Time: 0:0:0.140 Thread Type: Other # ChildEBP RetAddr 00 00e4fc1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 00e4fc6c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 00e4fcc8 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 00e4fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d 04 00e4fd30 65f0cfd8 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209 05 00e4fd70 01002440 w3svc!ServiceEntry+0x1b5 06 00e4ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd 07 00e4ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe 08 00e4ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 6 System Thread ID: 670 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: HTTP Listener # ChildEBP RetAddr 00 00f0ff5c 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 00f0ff88 6d7029ef KERNEL32!GetQueuedCompletionStatus+0x27 02 00f0ffb4 7c57438b ISATQ!I_AtqOplockThreadFunc+0x32 03 00f0ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 7 System Thread ID: 674 Kernel Time: 0:0:38.140 User Time: 0:1:10.218 Thread Type: HTTP Listener # ChildEBP RetAddr 00 00f4ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 00f4ff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27 02 00f4ffb4 7c57438b ISATQ!AtqPoolThread+0x40 03 00f4ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 8 System Thread ID: 678 Kernel Time: 0:0:42.843 User Time: 0:1:12.484 Thread Type: HTTP Listener # ChildEBP RetAddr 00 00f8ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 00f8ff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27 02 00f8ffb4 7c57438b ISATQ!AtqPoolThread+0x40 03 00f8ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 9 System Thread ID: 680 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 0130fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb 01 0130ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74 02 0130ff78 77d359c3 RPCRT4!RecvLotsaCallsWrapper+0x9 03 0130ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x11f 04 0130ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 05 0130ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 10 System Thread ID: 684 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0134fd20 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 0134fd70 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea 02 0134fd88 778322b2 KERNEL32!WaitForMultipleObjects+0x17 03 0134ffb4 7c57438b RTUTILS!TraceServerThread+0xde 04 0134ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 11 System Thread ID: 688 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 0139feb8 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 0139fee4 77d31394 KERNEL32!GetQueuedCompletionStatus+0x27 02 0139ff20 77d3e93f RPCRT4!COMMON_ProcessCalls+0x9e 03 0139ff74 77d3e8c2 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x99 04 0139ff78 77d35924 RPCRT4!ProcessIOEventsWrapper+0x9 05 0139ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f 06 0139ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 07 0139ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 12 System Thread ID: 68c Kernel Time: 0:0:0.515 User Time: 0:0:0.421 Thread Type: Other # ChildEBP RetAddr 00 013dff00 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 013dff50 75037871 KERNEL32!WaitForMultipleObjectsEx+0xea 02 013dff6c 6fc66e80 WS2_32!WSAWaitForMultipleEvents+0x18 03 013dffb4 7c57438b ftpsvc2!PASV_ACCEPT_CONTEXT::AcceptThreadFunc+0x39 04 013dffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 13 System Thread ID: 2f8 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0141fce0 74fd1394 ntdll!ZwWaitForSingleObject+0xb 01 0141fd1c 74fd3c59 msafd!SockWaitForSingleObject+0x1a8 02 0141fe08 750312f5 msafd!WSPSelect+0x24e 03 0141fe6c 6e2b3b6e WS2_32!select+0xe7 04 0141ffb4 7c57438b inetsloc!SocketListenThread+0x51 05 0141ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 14 System Thread ID: 2c0 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: HTTP Listener # ChildEBP RetAddr 00 0145fdfc 74fd1394 ntdll!ZwWaitForSingleObject+0xb 01 0145fe38 74fd3c59 msafd!SockWaitForSingleObject+0x1a8 02 0145ff24 750312f5 msafd!WSPSelect+0x24e 03 0145ff88 6d7075bd WS2_32!select+0xe7 04 0145ffb0 6d70791b ISATQ!ATQ_BMON_SET::BmonThreadFunc+0x22 05 0145ffb4 7c57438b ISATQ!BmonThreadFunc+0x9 06 0145ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 15 System Thread ID: 5f8 Kernel Time: 0:0:0.796 User Time: 0:0:4.625 Thread Type: HTTP Compression Thread # ChildEBP RetAddr 00 0149ff5c 7c573b28 ntdll!ZwWaitForSingleObject+0xb 01 0149ff84 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71 02 0149ff94 732c3366 KERNEL32!WaitForSingleObject+0xf 03 0149ffb4 7c57438b compfilt!CompressionThread+0x29 04 0149ffc0 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 16 System Thread ID: 5fc Kernel Time: 0:0:0.31 User Time: 0:0:0.93 Thread Type: Other # ChildEBP RetAddr 00 0151fe70 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 0151fec0 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 0151ff1c 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 0151ff38 65f09ccb USER32!MsgWaitForMultipleObjects+0x1d 04 0151ff7c 78008454 w3svc!CMTACallbackThread::Thread+0x42 05 0151ffb4 7c57438b MSVCRT!_endthread+0xc6 06 0151ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 17 System Thread ID: 604 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0155fea8 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 0155fef8 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea 02 0155ff54 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153 03 0155ff70 65f09d47 USER32!MsgWaitForMultipleObjects+0x1d 04 0155ffb4 7c57438b w3svc!OleHackThread+0x88 05 0155ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 18 System Thread ID: 6c0 Kernel Time: 0:0:40.578 User Time: 0:1:9.734 Thread Type: HTTP Listener # ChildEBP RetAddr 00 018dff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 018dff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27 02 018dffb4 7c57438b ISATQ!AtqPoolThread+0x40 03 018dffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 19 System Thread ID: 6cc Kernel Time: 0:0:49.250 User Time: 0:1:26.609 Thread Type: HTTP Listener # ChildEBP RetAddr 00 0191ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 0191ff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27 02 0191ffb4 7c57438b ISATQ!AtqPoolThread+0x40 03 0191ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 20 System Thread ID: 704 Kernel Time: 0:0:0.15 User Time: 0:0:0.0 *** WARNING: Unable to verify checksum for C:\Program Files\WebTrends\SmartSource Data Collector\bin\iislogserver.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\WebTrends\SmartSource Data Collector\bin\iislogserver.dll - Thread Type: Other # ChildEBP RetAddr 00 0195fe9c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 0195feec 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea 02 0195ff04 1000ee6e KERNEL32!WaitForMultipleObjects+0x17 WARNING: Stack unwind information not available. Following frames may be wrong. 03 0195ff7c 780085bc iislogserver!TerminateFilter+0xda7e 04 0195ffb4 7c57438b MSVCRT!_endthreadex+0xc1 05 0195ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 21 System Thread ID: 73c Kernel Time: 0:0:32.984 User Time: 0:0:31.765 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 0199fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb 01 0199ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74 02 0199ff78 77d359c3 RPCRT4!RecvLotsaCallsWrapper+0x9 03 0199ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x11f 04 0199ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 05 0199ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 22 System Thread ID: 408 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 01faebe0 77f89ebd ntdll!ZwWaitForMultipleObjects+0xb 01 01faffb4 7c57438b ntdll!RtlpWaitThread+0x1b9 02 01faffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 23 System Thread ID: 850 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 01feff1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 01feff6c 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea 02 01feff84 7c121fef KERNEL32!WaitForMultipleObjects+0x17 03 01feffb4 7c57438b USERENV!NotificationThread+0x5f 04 01feffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 24 System Thread ID: 7b4 Kernel Time: 0:0:0.593 User Time: 0:0:0.406 Thread Type: Idle ASP thread # ChildEBP RetAddr 00 0267ff08 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 0267ff58 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea 02 0267ff70 787f58ce KERNEL32!WaitForMultipleObjects+0x17 03 0267ffb4 7c57438b COMSVCS!CEventDispatcher::PushEvents+0x4e 04 0267ffc0 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 25 System Thread ID: 2d8 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. Remote call is either to a MTA object or object not initialized. Also, possible utility thread. DCOM call being made to Process ID: 1752 Waiting on thread id: ffffffff # ChildEBP RetAddr 00 026bfb68 77d4256d ntdll!ZwRequestWaitReplyPort+0xb 01 026bfb94 77d3ac56 RPCRT4!LRPC_CCALL::SendReceive+0x11e 02 026bfba0 77b25b87 RPCRT4!I_RpcSendReceive+0x2c 03 026bfbc0 77b25a52 ole32!ThreadSendReceive+0xef 04 026bfbd8 77b22ab6 ole32!CRpcChannelBuffer::SwitchAptAndDispatchCall+0x14f 05 026bfc18 77b258c6 ole32!CRpcChannelBuffer::SendReceive2+0x96 06 026bfc28 77a6cb5d ole32!CRpcChannelBuffer::SendReceive+0x11 07 026bfc88 77ab74c3 ole32!CAptRpcChnl::SendReceive+0xa9 08 026bfce0 77d94c1a ole32!CCtxComChnl::SendReceive+0x124 09 026bfcfc 77d9487d RPCRT4!NdrProxySendReceive+0x4c 0a 026bff44 77d95136 RPCRT4!NdrClientCall2+0x4f5 0b 026bff60 77d46e75 RPCRT4!ObjectStublessClient+0x76 0c 026bff70 787f5818 RPCRT4!ObjectStubless+0xf 0d 026bffb4 7c57438b COMSVCS!CEventDispatcher::GetEventServerInfoThread+0x118 0e 026bffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 26 System Thread ID: 848 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 027bfef8 7c573b28 ntdll!ZwWaitForSingleObject+0xb 01 027bff20 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71 02 027bff30 67de6ddf KERNEL32!WaitForSingleObject+0xf 03 027bff70 67f6cf08 fp4amsft!VmetabaseSinkThread::t_main+0x102 04 027bff7c 780085bc fp4Autl!Vthread::top+0xd 05 027bffb4 7c57438b MSVCRT!_endthreadex+0xc1 06 027bffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 27 System Thread ID: 5d4 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: WebDav Worker Thread # ChildEBP RetAddr 00 02e3ff30 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 02e3ff5c 6b5e99c2 KERNEL32!GetQueuedCompletionStatus+0x27 02 02e3ff8c 6b5e997a httpext!CDavWorkerThread::GetWorkCompletion+0x23 03 02e3ffb4 7c57438b httpext!CDavWorkerThread::ThreadDispatcher+0x30 04 02e3ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 28 System Thread ID: 7cc Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: WebDav Worker Thread # ChildEBP RetAddr 00 02e7ff30 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 02e7ff5c 6b5e99c2 KERNEL32!GetQueuedCompletionStatus+0x27 02 02e7ff8c 6b5e997a httpext!CDavWorkerThread::GetWorkCompletion+0x23 03 02e7ffb4 7c57438b httpext!CDavWorkerThread::ThreadDispatcher+0x30 04 02e7ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 29 System Thread ID: 770 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: WebDav Worker Thread # ChildEBP RetAddr 00 02ebff30 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 02ebff5c 6b5e99c2 KERNEL32!GetQueuedCompletionStatus+0x27 02 02ebff8c 6b5e997a httpext!CDavWorkerThread::GetWorkCompletion+0x23 03 02ebffb4 7c57438b httpext!CDavWorkerThread::ThreadDispatcher+0x30 04 02ebffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 30 System Thread ID: 644 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: WebDav Worker Thread # ChildEBP RetAddr 00 02efff30 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 02efff5c 6b5e99c2 KERNEL32!GetQueuedCompletionStatus+0x27 02 02efff8c 6b5e997a httpext!CDavWorkerThread::GetWorkCompletion+0x23 03 02efffb4 7c57438b httpext!CDavWorkerThread::ThreadDispatcher+0x30 04 02efffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 31 System Thread ID: 51c Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: WebDav Worker Thread # ChildEBP RetAddr 00 02f3ff30 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 02f3ff5c 6b5e99c2 KERNEL32!GetQueuedCompletionStatus+0x27 02 02f3ff8c 6b5e997a httpext!CDavWorkerThread::GetWorkCompletion+0x23 03 02f3ffb4 7c57438b httpext!CDavWorkerThread::ThreadDispatcher+0x30 04 02f3ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 32 System Thread ID: 84c Kernel Time: 0:0:28.359 User Time: 0:0:45.578 Thread Type: HTTP Listener # ChildEBP RetAddr 00 0307ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 0307ff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27 02 0307ffb4 7c57438b ISATQ!AtqPoolThread+0x40 03 0307ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 33 System Thread ID: 888 Kernel Time: 0:0:0.890 User Time: 0:0:0.625 Thread Type: Other # ChildEBP RetAddr 00 0312fc60 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb 01 0312fcb0 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea 02 0312fcc8 6e901993 KERNEL32!WaitForMultipleObjects+0x17 03 0312ff54 6e9018d0 idq!CWQueryCache::ProcessCacheEvents+0xa4 04 0312ff7c 6e903b01 idq!CWQueryCache::WatchDogThread+0x2f 05 0312ffb4 7c57438b idq!CThread::_ThreadFunction+0x42 06 0312ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 34 System Thread ID: a4c Kernel Time: 0:0:24.734 User Time: 0:0:21.906 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 0499fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb 01 0499ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74 02 0499ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9 03 0499ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f 04 0499ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 05 0499ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 35 System Thread ID: a34 Kernel Time: 0:0:24.906 User Time: 0:0:40.890 Thread Type: HTTP Listener # ChildEBP RetAddr 00 04d4ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 04d4ff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27 02 04d4ffb4 7c57438b ISATQ!AtqPoolThread+0x40 03 04d4ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 36 System Thread ID: ae0 Kernel Time: 0:0:21.296 User Time: 0:0:19.312 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 0508fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb 01 0508ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74 02 0508ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9 03 0508ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f 04 0508ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18 05 0508ffec 00000000 KERNEL32!BaseThreadStart+0x52 Thread ID: 37 System Thread ID: c40 Kernel Time: 0:0:1.265 User Time: 0:0:1.750 Thread Type: HTTP Listener # ChildEBP RetAddr 00 069aff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb 01 069aff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27 02 069affb4 7c57438b ISATQ!AtqPoolThread+0x40 03 069affec 00000000 KERNEL32!BaseThreadStart+0x52 ***** Dump name is formatted as: PID-Timestamp.dmp Creating D:\emergency\output\1564-1092630134.dmp - mini user dump ***** Closing open log file D:\emergency\output\IISState-1564.log - |