IIS Constantly Crashing

Hi,

The server was working fine then last week IIS started
crashing more often for no apparent reasons. Now we're
lucky to get it up for 20 minutes. It seems to crash
after starting the SMTP service.

The event viewer reports:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 9/10/2004
Time: 11:36:46 AM
User: N/A
Computer: BANDIT
Description:
The IIS Admin Service service terminated unexpectedly. It
has done this 96 time(s).

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: W3SVC
Event Category: None
Event ID: 1039
Date: 9/10/2004
Time: 11:34:11 AM
User: N/A
Computer: BANDIT
Description:
A process serving application pool 'DefaultAppPool'
reported a failure. The process id was '4528'. The data
field contains the error number.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7e 00 07 80 ~..€

Event Type: Error
Event Source: W3SVC
Event Category: None
Event ID: 1002
Date: 9/10/2004
Time: 11:34:11 AM
User: N/A
Computer: BANDIT
Description:
Application pool 'DefaultAppPool' is being automatically
disabled due to a series of failures in the process(es)
serving that application pool.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
-----------------------------------

I downloaded and ran IISState and generated the following
log file when it crashed immediately after restarting the
SMTP service:

Opened log file 'C:\iisstate\output\IISState-4284.log'

***********************
Starting new log output
IISState version 3.3.1

Fri Sep 10 11:32:59 2004

OS = Windows 2003 Server
Executable: inetinfo.exe
PID = 4284

Note: Thread times are formatted as HH:MM:SS.ms

***********************




Thread ID: 0
System Thread ID: a64
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0006f9a8 77f4303b SharedUserData!SystemCallStub+0x4
01 0006f9ac 77e4905d ntdll!NtReadFile+0xc
02 0006fa14 77db51f1 kernel32!ReadFile+0x16c
03 0006fa40 77db5297 ADVAPI32!ScGetPipeInput+0x28
04 0006fab0 77dfa7f1 ADVAPI32!ScDispatcherLoop+0x4c
05 0006fcec 01002655 ADVAPI32!
StartServiceCtrlDispatcherA+0x91
06 0006fe1c 010027ea inetinfo!StartDispatchTable+0x214
07 0006ff44 01003160 inetinfo!main+0x104
08 0006ffc0 77e4f38c inetinfo!mainCRTStartup+0x12f
09 0006fff0 00000000 kernel32!BaseProcessStart+0x23




Thread ID: 1
System Thread ID: 6d4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 007ffe18 77f43741 SharedUserData!SystemCallStub+0x4
01 007ffe1c 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 007ffe8c 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 007ffe9c 01002cf9 kernel32!WaitForSingleObject+0xf
04 007fffb8 77e4a990 inetinfo!W3SVCThreadEntry+0x3b
05 007fffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 2
System Thread ID: f90
Kernel Time: 0:0:0.31
User Time: 0:0:0.234
Thread Type: Other
# ChildEBP RetAddr
00 0083fcc4 77f43741 SharedUserData!SystemCallStub+0x4
01 0083fcc8 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0083fd38 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0083fd48 649f24ac kernel32!WaitForSingleObject+0xf
04 0083fd70 010023b6 iisadmin!ServiceEntry+0x214
05 0083ffa8 77db571b inetinfo!InetinfoStartService+0x2a6
06 0083ffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
07 0083ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 3
System Thread ID: 16f8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 00a3ff9c 77f4262b SharedUserData!SystemCallStub+0x4
01 00a3ffa0 77f6b5b2 ntdll!NtDelayExecution+0xc
02 00a3ffb8 77e4a990 ntdll!RtlpTimerThread+0x45
03 00a3ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 4
System Thread ID: 15dc
Kernel Time: 0:0:0.0
User Time: 0:0:0.78
Thread Type: Other
# ChildEBP RetAddr
00 00a7ff70 77f430c7 SharedUserData!SystemCallStub+0x4
01 00a7ff74 77f7e6ae ntdll!ZwRemoveIoCompletion+0xc
02 00a7ffb8 77e4a990 ntdll!RtlpWorkerThread+0x3b
03 00a7ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 5
System Thread ID: 9e0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 00b4feb0 77f4372d SharedUserData!SystemCallStub+0x4
01 00b4feb4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 00b4ff5c 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 00b4ff74 6e0b377a kernel32!WaitForMultipleObjects+0x17
04 00b4ffa0 6e0b6012 COADMIN!
NOTIFY_CONTEXT::GetNextContext+0x68
05 00b4ffb8 77e4a990 COADMIN!
NOTIFY_CONTEXT::NotifyThreadProc+0x62
06 00b4ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 6
System Thread ID: 112c
Kernel Time: 0:0:0.46
User Time: 0:0:0.265
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 00f3fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 00f3fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 00f3ff8c 77c60829 RPCRT4!
LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 00f3ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 00f3ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 00f3ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 00f3ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 7
System Thread ID: 10a8
Kernel Time: 0:0:0.125
User Time: 0:0:0.265
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0148fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0148fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0148ff8c 77c60829 RPCRT4!
LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0148ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0148ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0148ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0148ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 8
System Thread ID: 674
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0150fcec 77f4372d SharedUserData!SystemCallStub+0x4
01 0150fcf0 77f75297 ntdll!NtWaitForMultipleObjects+0xc
02 0150ffb8 77e4a990 ntdll!RtlpWaitThread+0x158
03 0150ffec 00000000 kernel32!BaseThreadStart+0x34

Closing open log file C:\iisstate\output\IISState-4284.log
Opened log file 'C:\iisstate\output\IISState-4284.log'

***********************
Starting new log output
IISState version 3.3.1

Fri Sep 10 11:36:28 2004

OS = Windows 2003 Server
Executable: inetinfo.exe
PID = 4284

Note: Thread times are formatted as HH:MM:SS.ms

***********************


IIS has crashed...
Beginning Analysis
DLL (!FunctionName) that failed:




Thread ID: 72
System Thread ID: 11f4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Frame IP not in any known module. Following
frames may be wrong.
00 07ccfed8 63df9645 0x60df9645
01 5fdf9645 00000000 0x63df9645
Closing open log file C:\iisstate\output\IISState-4284.log
Opened log file 'C:\iisstate\output\IISState-4284.log'

***********************
Starting new log output
IISState version 3.3.1

Fri Sep 10 11:36:28 2004

OS = Windows 2003 Server
Executable: inetinfo.exe
PID = 4284

Note: Thread times are formatted as HH:MM:SS.ms

***********************




Thread ID: 0
System Thread ID: a64
Kernel Time: 0:0:0.31
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0006f9a8 77f4303b SharedUserData!SystemCallStub+0x4
01 0006f9ac 77e4905d ntdll!NtReadFile+0xc
02 0006fa14 77db51f1 kernel32!ReadFile+0x16c
03 0006fa40 77db5297 ADVAPI32!ScGetPipeInput+0x28
04 0006fab0 77dfa7f1 ADVAPI32!ScDispatcherLoop+0x4c
05 0006fcec 01002655 ADVAPI32!
StartServiceCtrlDispatcherA+0x91
06 0006fe1c 010027ea inetinfo!StartDispatchTable+0x214
07 0006ff44 01003160 inetinfo!main+0x104
08 0006ffc0 77e4f38c inetinfo!mainCRTStartup+0x12f
09 0006fff0 00000000 kernel32!BaseProcessStart+0x23




Thread ID: 1
System Thread ID: 6d4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 007ffe18 77f43741 SharedUserData!SystemCallStub+0x4
01 007ffe1c 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 007ffe8c 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 007ffe9c 01002cf9 kernel32!WaitForSingleObject+0xf
04 007fffb8 77e4a990 inetinfo!W3SVCThreadEntry+0x3b
05 007fffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 2
System Thread ID: f90
Kernel Time: 0:0:0.31
User Time: 0:0:0.234
Thread Type: Other
# ChildEBP RetAddr
00 0083fcc4 77f43741 SharedUserData!SystemCallStub+0x4
01 0083fcc8 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0083fd38 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0083fd48 649f24ac kernel32!WaitForSingleObject+0xf
04 0083fd70 010023b6 iisadmin!ServiceEntry+0x214
05 0083ffa8 77db571b inetinfo!InetinfoStartService+0x2a6
06 0083ffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
07 0083ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 3
System Thread ID: 16f8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 00a3ff9c 77f4262b SharedUserData!SystemCallStub+0x4
01 00a3ffa0 77f6b5b2 ntdll!NtDelayExecution+0xc
02 00a3ffb8 77e4a990 ntdll!RtlpTimerThread+0x45
03 00a3ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 4
System Thread ID: 15dc
Kernel Time: 0:0:0.0
User Time: 0:0:0.78
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Program
Files\Exchsrvr\bin\drviis.dll -
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 00a7f5fc 77f43741 SharedUserData!SystemCallStub+0x4
01 00a7f600 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 00a7f670 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 00a7f680 073e2b30 kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 00a7f69c 073ec122 drviis+0x2b30
05 00a7faf0 07697db1 drviis!DllCanUnloadNow+0x7eff
06 00a7fb30 07696d3f mailmsg!
CMailMsg::RestoreResourcesIfNecessary+0xf8
07 00a7fb44 6b788408 mailmsg!CMailMsg::GetBinding+0x2e
08 00a7fbe8 6b77326f SMTPSVC!
SMTP_CONNOUT::StartSession+0x181
09 00a7fbf0 6b77fa82 SMTPSVC!
SMTP_CONNOUT::SetCurrentObject+0x19
0a 00a7fc20 6b77ff8f SMTPSVC!
REMOTE_QUEUE::MakeATQConnection+0x26d
0b 00a7fe58 77f5d838 SMTPSVC!QueueCallBackFunction+0x124
0c 00a7fef4 77f5dc2c ntdll!
RtlCheckHeldCriticalSections+0x23e
0d 77f5e9f9 8b006a56 ntdll!RtlpWorkerCallout+0x71
0e 0424448b 00000000 0x8b006a56




Thread ID: 5
System Thread ID: 9e0
Kernel Time: 0:0:0.0
User Time: 0:0:0.46
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 00b4feb0 77f4372d SharedUserData!SystemCallStub+0x4
01 00b4feb4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 00b4ff5c 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 00b4ff74 6e0b377a kernel32!WaitForMultipleObjects+0x17
04 00b4ffa0 6e0b6012 COADMIN!
NOTIFY_CONTEXT::GetNextContext+0x68
05 00b4ffb8 77e4a990 COADMIN!
NOTIFY_CONTEXT::NotifyThreadProc+0x62
06 00b4ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 6
System Thread ID: 112c
Kernel Time: 0:0:0.78
User Time: 0:0:0.468
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 00f3fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 00f3fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 00f3ff8c 77c60829 RPCRT4!
LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 00f3ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 00f3ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 00f3ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 00f3ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 7
System Thread ID: 10a8
Kernel Time: 0:0:0.171
User Time: 0:0:0.500
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0148fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0148fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0148ff8c 77c60829 RPCRT4!
LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0148ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0148ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0148ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0148ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 8
System Thread ID: 674
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0150fcec 77f4372d SharedUserData!SystemCallStub+0x4
01 0150fcf0 77f75297 ntdll!NtWaitForMultipleObjects+0xc
02 0150ffb8 77e4a990 ntdll!RtlpWaitThread+0x158
03 0150ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 9
System Thread ID: 84
Kernel Time: 0:0:0.78
User Time: 0:0:0.156
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 00f7fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 00f7fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 00f7ff8c 77c60829 RPCRT4!
LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 00f7ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 00f7ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 00f7ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 00f7ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 10
System Thread ID: 1444
Kernel Time: 0:0:0.109
User Time: 0:0:0.15
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Program
Files\Exchsrvr\bin\pop3svc.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 00fefbb8 77f4372d SharedUserData!SystemCallStub+0x4
01 00fefbbc 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 00fefc64 77d076f5 kernel32!
WaitForMultipleObjectsEx+0x11a
03 00fefcc0 77d077f5 USER32!
RealMsgWaitForMultipleObjectsEx+0x13f
04 00fefcdc 685a366e USER32!MsgWaitForMultipleObjects+0x1d
05 00fefd28 61926a40 LNFOCOMM!
IIS_SERVICE::StartServiceOperation+0x1d9
WARNING: Stack unwind information not available. Following
frames may be wrong.
06 00fefd70 010023b6 pop3svc!ServiceEntry+0x1ae
07 00feffa8 77db571b inetinfo!InetinfoStartService+0x2a6
08 00feffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
09 00feffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 11
System Thread ID: 514
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Program
Files\Exchsrvr\bin\pttrace.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0598fec8 77f4372d SharedUserData!SystemCallStub+0x4
01 0598fecc 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0598ff74 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 0598ff8c 62e62374 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 0598ffb8 77e4a990 pttrace!TermAsyncTrace+0x501
05 0598ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 12
System Thread ID: 103c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 059cfecc 77f4372d SharedUserData!SystemCallStub+0x4
01 059cfed0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 059cff78 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 059cff90 62e618ff kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 059cffb8 77e4a990 pttrace!DebugAssert+0x51b
05 059cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 13
System Thread ID: 8fc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 05a4fe08 77f4372d SharedUserData!SystemCallStub+0x4
01 05a4fe0c 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 05a4feb4 77d076f5 kernel32!
WaitForMultipleObjectsEx+0x11a
03 05a4ff10 77d077f5 USER32!
RealMsgWaitForMultipleObjectsEx+0x13f
04 05a4ff2c 679cbbc6 USER32!MsgWaitForMultipleObjects+0x1d
05 05a4ff84 77bc91ed LisRTL!SchedulerWorkerThread+0xa7
06 05a4ffb8 77e4a990 msvcrt!_endthreadex+0x95
07 05a4ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 14
System Thread ID: a38
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 05a8fe08 77f4372d SharedUserData!SystemCallStub+0x4
01 05a8fe0c 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 05a8feb4 77d076f5 kernel32!
WaitForMultipleObjectsEx+0x11a
03 05a8ff10 77d077f5 USER32!
RealMsgWaitForMultipleObjectsEx+0x13f
04 05a8ff2c 679cbbc6 USER32!MsgWaitForMultipleObjects+0x1d
05 05a8ff84 77bc91ed LisRTL!SchedulerWorkerThread+0xa7
06 05a8ffb8 77e4a990 msvcrt!_endthreadex+0x95
07 05a8ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 15
System Thread ID: 540
Kernel Time: 0:0:0.0
User Time: 0:0:0.93
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Program
Files\Exchsrvr\bin\LSATQ.dll -
Thread Type: Other
# ChildEBP RetAddr
00 05b4ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 05b4ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 05b4ff80 68628d05 kernel32!
GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following
frames may be wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 16
System Thread ID: 8d8
Kernel Time: 0:0:0.0
User Time: 0:0:0.31
Thread Type: Other
# ChildEBP RetAddr
00 05b8ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 05b8ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 05b8ff80 68628d05 kernel32!
GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following
frames may be wrong.
03 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0x945
04 a8682c6a 00000000 0xe877f924




Thread ID: 17
System Thread ID: 6a4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 05d0fea0 77f4372d SharedUserData!SystemCallStub+0x4
01 05d0fea4 77f6c86c ntdll!NtWaitForMultipleObjects+0xc
02 05d0ff48 77f6d7f5 ntdll!
EtwpWaitForMultipleObjectsEx+0xf7
03 05d0ffb8 77e4a990 ntdll!EtwpEventPump+0x27d
04 05d0ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 18
System Thread ID: 1150
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 05f8fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 05f8fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 05f8ff8c 77c60829 RPCRT4!
LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 05f8ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 05f8ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 05f8ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 05f8ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 19
System Thread ID: 11a0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 05fcfeb4 77f430c7 SharedUserData!SystemCallStub+0x4
01 05fcfeb8 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 05fcfee4 77c80bd1 kernel32!
GetQueuedCompletionStatus+0x27
03 05fcff20 77c80a78 RPCRT4!COMMON_ProcessCalls+0x9f
04 05fcff8c 77c58159 RPCRT4!
LOADABLE_TRANSPORT::ProcessIOEvents+0x115
05 05fcff90 77c60771 RPCRT4!ProcessIOEventsWrapper+0x9
06 05fcffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
07 05fcffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
08 05fcffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 20
System Thread ID: 10d8
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Program
Files\Exchsrvr\bin\resvc.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0686fbb4 77f4372d SharedUserData!SystemCallStub+0x4
01 0686fbb8 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0686fc60 77d076f5 kernel32!
WaitForMultipleObjectsEx+0x11a
03 0686fcbc 77d077f5 USER32!
RealMsgWaitForMultipleObjectsEx+0x13f
04 0686fcd8 685a366e USER32!MsgWaitForMultipleObjects+0x1d
05 0686fd24 06905fb8 LNFOCOMM!
IIS_SERVICE::StartServiceOperation+0x1d9
WARNING: Stack unwind information not available. Following
frames may be wrong.
06 0686fd70 010023b6 resvc!ServiceEntry+0x244
07 0686ffa8 77db571b inetinfo!InetinfoStartService+0x2a6
08 0686ffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
09 0686ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 21
System Thread ID: 1518
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0604fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0604fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0604ff8c 77c60829 RPCRT4!
LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0604ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0604ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0604ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0604ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 22
System Thread ID: 159c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Program
Files\Exchsrvr\bin\dsaccess.DLL -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0608fecc 77f4372d SharedUserData!SystemCallStub+0x4
01 0608fed0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0608ff78 62ee40ee kernel32!
WaitForMultipleObjectsEx+0x11a
WARNING: Stack unwind information not available. Following
frames may be wrong.
03 0608ffb0 62ee4213 dsaccess!HrDeleteObjectGuid+0x14e32
04 0608ffb8 77e4a990 dsaccess!HrDeleteObjectGuid+0x14f57
05 0608ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 23
System Thread ID: 15c8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Program
Files\Exchsrvr\bin\Epoxy.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0610fe9c 77f4372d SharedUserData!SystemCallStub+0x4
01 0610fea0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0610ff48 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 0610ff60 62f25006 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 0610ffb0 62f254df Epoxy!CEpoxyQIF::operator=+0x2b7e
05 0610ffb8 77e4a990 Epoxy!CEpoxyQIF::operator=+0x3057
06 0610ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 24
System Thread ID: 17cc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 060cf694 77f4372d SharedUserData!SystemCallStub+0x4
01 060cf698 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 060cf740 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 060cf758 62ea97bf kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 060cffb0 62eca92e dsaccess!ReleaseDsctx+0x553
05 060cffb8 77e4a990 dsaccess!HrInitializeDs+0x3f1e
06 060cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 25
System Thread ID: 8b4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0625ff04 77f43741 SharedUserData!SystemCallStub+0x4
01 0625ff08 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0625ff78 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0625ff88 62ea9720 kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 0625ffb8 77e4a990 dsaccess!ReleaseDsctx+0x4b4
05 0625ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 26
System Thread ID: 114c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 062bfe38 77f43741 SharedUserData!SystemCallStub+0x4
01 062bfe3c 71b23ac3 ntdll!ZwWaitForSingleObject+0xc
02 062bfe78 71b239d1 mswsock!SockWaitForSingleObject+0x19b
03 062bff3c 71c016c9 mswsock!WSPSelect+0x229
04 062bff8c 686264b5 WS2_32!select+0xb9
WARNING: Stack unwind information not available. Following
frames may be wrong.
05 00ba7494 00000908 LSATQ!SetIISCapTraceFlag+0x1e3c




Thread ID: 27
System Thread ID: 720
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0630ff7c 77f430c7 SharedUserData!SystemCallStub+0x4
01 0630ff80 71b246f7 ntdll!ZwRemoveIoCompletion+0xc
02 0630ffb8 77e4a990 mswsock!SockAsyncThread+0x67
03 0630ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 28
System Thread ID: 15b4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0646fec8 77f4372d SharedUserData!SystemCallStub+0x4
01 0646fecc 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0646ff74 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 0646ff8c 69532430 kernel32!WaitForMultipleObjects+0x17
04 0646ffb8 77e4a990 exstrace!RegNotifyThread+0x68
05 0646ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 29
System Thread ID: 2f4
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 064afecc 77f4372d SharedUserData!SystemCallStub+0x4
01 064afed0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 064aff78 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 064aff90 695319c0 kernel32!WaitForMultipleObjects+0x17
04 064affb8 77e4a990 exstrace!WriteTraceThread+0x2f
05 064affec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 30
System Thread ID: 1004
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 0666f5e8 77f4372d SharedUserData!SystemCallStub+0x4
01 0666f5ec 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0666f694 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 0666f6ac 71b38a5b kernel32!WaitForMultipleObjects+0x17
04 0666f6d8 71b38c99 mswsock!Nbt_WaitForResponse+0x2b
05 0666f720 71b38015 mswsock!Nbt_ResolveName+0xc9
06 0666f73c 71b2d03d mswsock!Rnr_NbtResolveName+0x15
07 0666f770 71b249a6 mswsock!Rnr_DoDnsLookup+0x1b1
08 0666f9fc 71c01d7a mswsock!Dns_NSPLookupServiceNext+0x218
09 0666fa10 71c01ddb WS2_32!
NSPROVIDERSTATE::LookupServiceNext+0x1a
0a 0666fa3c 71c01e75 WS2_32!NSQUERY::LookupServiceNext+0xb2
0b 0666fa5c 71c01f01 WS2_32!WSALookupServiceNextW+0x76
0c 0666fa80 71c01fbe WS2_32!WSALookupServiceNextA+0x61
0d 0666faac 71c02082 WS2_32!getxyDataEnt+0x9f
0e 0666fcd4 6b79eab1 WS2_32!gethostbyname+0xa8
0f 0666fd08 6b79d040 SMTPSVC!ResolveHost+0xe8
10 0666fecc 6b79d17e SMTPSVC!CAsyncMxDns::GetIpFromDns+0x85
11 0666feec 6b79dda6 SMTPSVC!
CAsyncMxDns::GetMissingIpAddresses+0x48
12 0666ff00 6b79c737 SMTPSVC!
CAsyncMxDns::DnsProcessReply+0x2b6
13 0666ff24 6b79c869 SMTPSVC!CAsyncDns::ProcessReadIO+0x225
14 0666ff48 6b79bc12 SMTPSVC!CAsyncDns::ProcessClient+0x11e
15 0666ff58 63ec71d3 SMTPSVC!DnsCompletion+0x15
16 0666ff84 63ec73c6 isatq!AtqpProcessContext+0x1db
17 0666ffb8 77e4a990 isatq!AtqPoolThread+0x1d1
18 0666ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 31
System Thread ID: 1138
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 066aff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 066aff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 066aff80 63ec7235 kernel32!
GetQueuedCompletionStatus+0x27
03 066affb8 77e4a990 isatq!AtqPoolThread+0x40
04 066affec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 32
System Thread ID: 478
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Program
Files\Exchsrvr\bin\ifsproxy.dll -
Thread Type: Other
# ChildEBP RetAddr
00 066eff34 77f430c7 SharedUserData!SystemCallStub+0x4
01 066eff38 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 066eff64 62292084 kernel32!
GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following
frames may be wrong.
03 066effb8 77e4a990 ifsproxy!CIfsGlobals::operator=+0x7e
04 066effec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 33
System Thread ID: 1310
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0672ff18 77f43741 SharedUserData!SystemCallStub+0x4
01 0672ff1c 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0672ff8c 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0672ff9c 00f98673 kernel32!WaitForSingleObject+0xf
04 0672ffb8 77e4a990 FCACHDLL!
CScheduleThread::ScheduleThread+0x60
05 0672ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 34
System Thread ID: 8d4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Program
Files\Exchsrvr\bin\iisif.dll -
Thread Type: Other
# ChildEBP RetAddr
00 068aff14 77f43741 SharedUserData!SystemCallStub+0x4
01 068aff18 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 068aff88 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 068aff98 618d377d kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 068affb8 77e4a990 iisif!PROTCON::~PROTCON+0xe4f
05 068affec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 35
System Thread ID: 1558
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 068efe94 77f4372d SharedUserData!SystemCallStub+0x4
01 068efe98 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 068eff40 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 068eff58 62f23a01 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 068effb0 62f23cbb Epoxy!CEpoxyQIF::operator=+0x1579
05 068effb8 77e4a990 Epoxy!CEpoxyQIF::operator=+0x1833
06 068effec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 36
System Thread ID: 8c8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Program
Files\Exchsrvr\bin\tranmsg.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 06a9fecc 77f4372d SharedUserData!SystemCallStub+0x4
01 06a9fed0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 06a9ff78 06951f3b kernel32!
WaitForMultipleObjectsEx+0x11a
WARNING: Stack unwind information not available. Following
frames may be wrong.
03 06a9ffb0 06952060 tranmsg+0x1f3b
04 06a9ffb8 77e4a990 tranmsg+0x2060
05 06a9ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 37
System Thread ID: 1254
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 06b5fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 06b5fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 06b5ff8c 77c60829 RPCRT4!
LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 06b5ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 06b5ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 06b5ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 06b5ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 38
System Thread ID: 1274
Kernel Time: 0:0:0.140
User Time: 0:0:0.218
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 06b9fbc0 77f4372d SharedUserData!SystemCallStub+0x4
01 06b9fbc4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 06b9fc6c 77d076f5 kernel32!
WaitForMultipleObjectsEx+0x11a
03 06b9fcc8 77d077f5 USER32!
RealMsgWaitForMultipleObjectsEx+0x13f
04 06b9fce4 643f5723 USER32!MsgWaitForMultipleObjects+0x1d
05 06b9fd30 6b77305d INFOCOMM!
IIS_SERVICE::StartServiceOperation+0x22f
06 06b9fd70 010023b6 SMTPSVC!ServiceEntry+0x129
07 06b9ffa8 77db571b inetinfo!InetinfoStartService+0x2a6
08 06b9ffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
09 06b9ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 39
System Thread ID: 14f8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 06dcfe20 77f4313f SharedUserData!SystemCallStub+0x4
01 06dcfe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 06dcff8c 77c60829 RPCRT4!
LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 06dcff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 06dcffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 06dcffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 06dcffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 40
System Thread ID: e10
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 06e0fec0 77f4372d SharedUserData!SystemCallStub+0x4
01 06e0fec4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 06e0ff6c 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 06e0ff84 6b78b2d6 kernel32!WaitForMultipleObjects+0x17
04 06e0ffb8 77e4a990 SMTPSVC!TcpRegNotifyThread+0xdc
05 06e0ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 41
System Thread ID: 12cc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 06e4ff20 77f43741 SharedUserData!SystemCallStub+0x4
01 06e4ff24 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 06e4ff94 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 06e4ffa4 6b78b17a kernel32!WaitForSingleObject+0xf
04 06e4ffb8 77e4a990 SMTPSVC!FreeLibThread+0x2c
05 06e4ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 42
System Thread ID: 104c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 071cfe20 77f4313f SharedUserData!SystemCallStub+0x4
01 071cfe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 071cff8c 77c60829 RPCRT4!
LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 071cff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 071cffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 071cffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 071cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 43
System Thread ID: 14fc
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0721fe20 77f4313f SharedUserData!SystemCallStub+0x4
01 0721fe24 77c57b85 ntdll!NtReplyWaitReceivePortEx+0xc
02 0721ff8c 77c60829 RPCRT4!
LRPC_ADDRESS::ReceiveLotsaCalls+0x193
03 0721ff90 77c60771 RPCRT4!RecvLotsaCallsWrapper+0x9
04 0721ffb0 77c60857 RPCRT4!BaseCachedThreadRoutine+0x9c
05 0721ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
06 0721ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 44
System Thread ID: 6ec
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Program
Files\Exchsrvr\bin\phatq.dll -
Thread Type: Other
# ChildEBP RetAddr
00 0725ff10 77f43741 SharedUserData!SystemCallStub+0x4
01 0725ff14 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0725ff84 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0725ff94 61fa5d20 kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 0725ffb8 77e4a990 phatq!DllCanUnloadNow+0x147fa
05 0725ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 45
System Thread ID: 1638
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 072bfe80 77f4372d SharedUserData!SystemCallStub+0x4
01 072bfe84 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 072bff2c 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 072bff44 61fa5bb0 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 072bffa4 6b77e8ae phatq!DllCanUnloadNow+0x1468a
05 072bffb8 77e4a990 SMTPSVC!
PERSIST_QUEUE::QueueThreadRoutine+0x21
06 072bffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 46
System Thread ID: 1204
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\Program
Files\Exchsrvr\bin\reapi.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 072ffe74 77f4372d SharedUserData!SystemCallStub+0x4
01 072ffe78 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 072fff20 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 072fff38 621953ea kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 072fffb0 62195d57 reapi!StrDeinitialize+0x20292
05 072fffb8 77e4a990 reapi!StrDeinitialize+0x20bff
06 072fffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 47
System Thread ID: 134c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0732ab54 77f43741 SharedUserData!SystemCallStub+0x4
01 0732ab58 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0732abc8 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0732abd8 62ea9478 kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 0732abe8 00c53238 dsaccess!ReleaseDsctx+0x20c
05 00000000 00000000 0xc53238




Thread ID: 48
System Thread ID: ae8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0737ff08 77f43741 SharedUserData!SystemCallStub+0x4
01 0737ff0c 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 0737ff7c 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 0737ff8c 621abcd2 kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 0737ffb0 621abe5c reapi!StrDeinitialize+0x36b7a
05 0737ffb8 77e4a990 reapi!StrDeinitialize+0x36d04
06 0737ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 49
System Thread ID: 1718
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 073dfeb4 77f4372d SharedUserData!SystemCallStub+0x4
01 073dfeb8 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 073dff60 62156688 kernel32!
WaitForMultipleObjectsEx+0x11a
WARNING: Stack unwind information not available. Following
frames may be wrong.
03 073dff98 62156422 reapi!ReiCachedServerFQDNToRG+0x103e
04 073dffb0 6218a4a0 reapi!ReiCachedServerFQDNToRG+0xdd8
05 073dffb8 77e4a990 reapi!StrDeinitialize+0x15348
06 073dffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 50
System Thread ID: fc4
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 0746ff54 77f430c7 SharedUserData!SystemCallStub+0x4
01 0746ff58 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0746ff84 073e4ca3 kernel32!
GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following
frames may be wrong.
03 0746ffb8 77e4a990 drviis!DllCanUnloadNow+0xa80
04 0746ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 51
System Thread ID: c1c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 074aff54 77f430c7 SharedUserData!SystemCallStub+0x4
01 074aff58 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 074aff84 073e4ca3 kernel32!
GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following
frames may be wrong.
03 074affb8 77e4a990 drviis!DllCanUnloadNow+0xa80
04 074affec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 52
System Thread ID: 17d4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 074eff54 77f430c7 SharedUserData!SystemCallStub+0x4
01 074eff58 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 074eff84 073e4ca3 kernel32!
GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following
frames may be wrong.
03 074effb8 77e4a990 drviis!DllCanUnloadNow+0xa80
04 074effec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 53
System Thread ID: 1294
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 0752ff54 77f430c7 SharedUserData!SystemCallStub+0x4
01 0752ff58 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 0752ff84 073e4ca3 kernel32!
GetQueuedCompletionStatus+0x27
WARNING: Stack unwind information not available. Following
frames may be wrong.
03 0752ffb8 77e4a990 drviis!DllCanUnloadNow+0xa80
04 0752ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 54
System Thread ID: 1070
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0758fe94 77f4372d SharedUserData!SystemCallStub+0x4
01 0758fe98 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 0758ff40 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 0758ff58 62f23a01 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 0758ffb0 62f23cbb Epoxy!CEpoxyQIF::operator=+0x1579
05 0758ffb8 77e4a990 Epoxy!CEpoxyQIF::operator=+0x1833
06 0758ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 55
System Thread ID: 16b0
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 075dfe9c 77f4372d SharedUserData!SystemCallStub+0x4
01 075dfea0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 075dff48 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 075dff60 068fadc3 kernel32!WaitForMultipleObjects+0x17
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 075dffb0 06911033 resvc!
IIS_SERVICE::QueryInstanceCount+0x4cc
05 075dffb8 77e4a990 resvc!ServiceEntry+0xb2bf
06 075dffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 56
System Thread ID: 1260
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 0761fce4 77f43741 SharedUserData!SystemCallStub+0x4
01 0761fce8 71b23988 ntdll!ZwWaitForSingleObject+0xc
02 0761fd24 71b239d1 mswsock!SockWaitForSingleObject+0x38
03 0761fde8 71c016c9 mswsock!WSPSelect+0x229
04 0761fe38 76f12fdb WS2_32!select+0xb9
05 0761fe7c 76f128c3 WLDAP32!DrainWinsock+0x2ce
06 0761feb0 76f1428e WLDAP32!
LdapWaitForResponseFromServer+0x343
07 0761feec 76f1bfaf WLDAP32!ldap_result_with_error+0x107
08 0761ff1c 62e8e509 WLDAP32!ldap_result+0x49
WARNING: Stack unwind information not available. Following
frames may be wrong.
09 0761ff5c 62e8e2a7 dsaccess!HrSearchGuid+0xb6f
0a 0761ff8c 62ea7e03 dsaccess!HrSearchGuid+0x90d
0b 0761ffb8 77e4a990 dsaccess!
AddCachedObjectWithFilter+0x5a4a
0c 0761ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 57
System Thread ID: 17d0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 076ef844 77f43741 SharedUserData!SystemCallStub+0x4
01 076ef848 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 076ef8b8 77e4168f kernel32!WaitForSingleObjectEx+0xac
03 076ef8c8 073e2b30 kernel32!WaitForSingleObject+0xf
WARNING: Stack unwind information not available. Following
frames may be wrong.
04 076ef8e4 073ee3b6 drviis+0x2b30
05 076efe30 07698041 drviis!DllCanUnloadNow+0xa193
06 076efe54 0769547e mailmsg!CMailMsg::GetProperties+0x12f
07 076efe7c 07696db1 mailmsg!CMailMsg::Commit+0xe9
08 076efea0 0769764e mailmsg!
CMailMsg::InternalReleaseUsage+0x61
09 076efea8 61fa76ae mailmsg!CMailMsg::ReleaseUsage+0xe
0a 076efec4 61f9e0a0 phatq!DllCanUnloadNow+0x16188
0b 076efee0 61fa4a94 phatq!DllCanUnloadNow+0xcb7a
0c 076efef8 61fa495d phatq!DllCanUnloadNow+0x1356e
0d 076eff18 61fa48ba phatq!DllCanUnloadNow+0x13437
0e 076eff34 61f91d77 phatq!DllCanUnloadNow+0x13394
0f 076eff50 68628b70 phatq!DllCanUnloadNow+0x851
10 076eff84 68628e6d LSATQ!AtqGetCapTraceInfo+0x7b0
11 77f6e0ff e877f924 LSATQ!AtqGetCapTraceInfo+0xaad
12 a8682c6a 00000000 0xe877f924




Thread ID: 58
System Thread ID: c10
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0798f774 77f4318f SharedUserData!SystemCallStub+0x4
01 0798f778 77c5add8 ntdll!ZwRequestWaitReplyPort+0xc
02 0798f7c4 77c587af RPCRT4!LRPC_CCALL::SendReceive+0x22d
03 0798f7cc 77c587f5 RPCRT4!I_RpcSendReceive+0x20
04 0798f7dc 77ce65be RPCRT4!NdrSendReceive+0x28
05 0798fbac 76eee37e RPCRT4!NdrClientCall2+0x1e4
06 0798fbbc 76edeef3 DNSAPI!R_ResolverQuery+0x14
07 0798fc18 76edf03c DNSAPI!Query_PrivateExW+0x187
08 0798fc4c 76edf12a DNSAPI!Query_Shim+0x46
09 0798fc74 6b79de6f DNSAPI!DnsQuery_A+0x1e
0a 0798fc98 6b79e6a0 SMTPSVC!MyDnsQuery+0x55
0b 0798fcd4 6b79eab1 SMTPSVC!GetHostByNameEx+0x7b
0c 0798fd08 6b79d040 SMTPSVC!ResolveHost+0xe8
0d 0798fecc 6b79d17e SMTPSVC!CAsyncMxDns::GetIpFromDns+0x85
0e 0798feec 6b79dda6 SMTPSVC!
CAsyncMxDns::GetMissingIpAddresses+0x48
0f 0798ff00 6b79c737 SMTPSVC!
CAsyncMxDns::DnsProcessReply+0x2b6
10 0798ff24 6b79c869 SMTPSVC!CAsyncDns::ProcessReadIO+0x225
11 0798ff48 6b79bc12 SMTPSVC!CAsyncDns::ProcessClient+0x11e
12 0798ff58 63ec71d3 SMTPSVC!DnsCompletion+0x15
13 0798ff84 63ec73c6 isatq!AtqpProcessContext+0x1db
14 0798ffb8 77e4a990 isatq!AtqPoolThread+0x1d1
15 0798ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 59
System Thread ID: 1040
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0772fe38 77f43741 SharedUserData!SystemCallStub+0x4
01 0772fe3c 71b23ac3 ntdll!ZwWaitForSingleObject+0xc
02 0772fe78 71b239d1 mswsock!SockWaitForSingleObject+0x19b
03 0772ff3c 71c016c9 mswsock!WSPSelect+0x229
04 0772ff8c 63ec4696 WS2_32!select+0xb9
05 0772ffb4 63ec4700 isatq!
ATQ_BMON_SET::BmonThreadFunc+0x22
06 0772ffb8 77e4a990 isatq!BmonThreadFunc+0x9
07 0772ffc4 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 60
System Thread ID: 14cc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 079cf360 77f426cb SharedUserData!SystemCallStub+0x4
01 079cf364 71b216a6 ntdll!NtDeviceIoControlFile+0xc
02 079cf3f0 71c0141c mswsock!WSPSend+0x16b
03 079cf438 76f15437 WS2_32!send+0x80
04 079cf578 76f16906 WLDAP32!LdapSendRaw+0x9b
05 079cf5e0 76f1677e WLDAP32!
CryptStream::SignAndSealLdapStream+0x171
06 079cf628 76f15377 WLDAP32!CryptStream::LdapSendSsl+0x125
07 079cf63c 76f1597f WLDAP32!LdapSend+0x6a
08 079cf65c 76f152dd WLDAP32!SendLdapSearch+0x285
09 079cf69c 76f2f921 WLDAP32!LdapSearch+0x181
0a 079cf6e4 62e8ed26 WLDAP32!ldap_search_extW+0x41
WARNING: Stack unwind information not available. Following
frames may be wrong.
0b 079cf740 62e93599 dsaccess!HrSearchGuid+0x138c
0c 079cf794 62e909f8 dsaccess!HrReadDsvalGuid+0x2d3c
0d 079cf7d0 62e905b1 dsaccess!HrReadDsvalGuid+0x19b
0e 079cf978 62e9093f dsaccess!ListDsServersEx+0x10c9
0f 079cf9e0 6217ddf1 dsaccess!HrReadDsvalGuid+0xe2
10 079cfa18 62194d68 reapi!StrDeinitialize+0x8c99
11 079cfaa0 62197d8f reapi!StrDeinitialize+0x1fc10
12 079cfb04 61fc186d reapi!StrDeinitialize+0x22c37
13 079cfb64 61fbbe79 phatq!HrAdvQueueDeinitialize+0x6cd1
14 079cfbcc 61fbae1a phatq!HrAdvQueueDeinitialize+0x12dd
15 079cfbf8 61fbb3a1 phatq!HrAdvQueueDeinitialize+0x27e
16 079cfc04 61f91600 phatq!HrAdvQueueDeinitialize+0x805
17 079cfc1c 6b77fe65 phatq!DllCanUnloadNow+0xda
18 079cfc30 6b780325 SMTPSVC!
REMOTE_QUEUE::HandleFailedConnection+0x47
19 079cfe68 6b796548 SMTPSVC!QueueCallBackFunction+0x4ba
1a 079cfe78 77f5da92 SMTPSVC!
CAsyncConnection::AsyncConnectCallback+0x26
1b 079cfed4 77f5ea1c ntdll!RtlpWaitOrTimerCallout+0x74
1c 079cfef4 77f5dc2c ntdll!
RtlpAsyncWaitCallbackCompletion+0x23
1d 079cff4c 77f5dce5 ntdll!RtlpWorkerCallout+0x71
1e 079cff68 77f5dc95 ntdll!RtlpExecuteWorkerRequest+0x3d
1f 079cff78 77f7e6d2 ntdll!RtlpApcCallout+0x10
20 079cffb8 77e4a990 ntdll!RtlpWorkerThread+0x5f
21 079cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 61
System Thread ID: d38
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 07a0ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 07a0ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 07a0ff80 63ec7235 kernel32!
GetQueuedCompletionStatus+0x27
03 07a0ffb8 77e4a990 isatq!AtqPoolThread+0x40
04 07a0ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 62
System Thread ID: 10d0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 07a4fe00 77f43741 SharedUserData!SystemCallStub+0x4
01 07a4fe04 77e41817 ntdll!ZwWaitForSingleObject+0xc
02 07a4fe74 76f22745 kernel32!WaitForSingleObjectEx+0xac
03 07a4feb0 76f1428e WLDAP32!
LdapWaitForResponseFromServer+0x430
04 07a4feec 76f1bfaf WLDAP32!ldap_result_with_error+0x107
05 07a4ff1c 62e8e509 WLDAP32!ldap_result+0x49
WARNING: Stack unwind information not available. Following
frames may be wrong.
06 07a4ff5c 62e8e2a7 dsaccess!HrSearchGuid+0xb6f
07 07a4ff8c 62ea7e03 dsaccess!HrSearchGuid+0x90d
08 07a4ffb8 77e4a990 dsaccess!
AddCachedObjectWithFilter+0x5a4a
09 07a4ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 63
System Thread ID: 1394
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 07a8f5e8 77f4372d SharedUserData!SystemCallStub+0x4
01 07a8f5ec 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 07a8f694 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 07a8f6ac 71b38a5b kernel32!WaitForMultipleObjects+0x17
04 07a8f6d8 71b38c99 mswsock!Nbt_WaitForResponse+0x2b
05 07a8f720 71b38015 mswsock!Nbt_ResolveName+0xc9
06 07a8f73c 71b2d03d mswsock!Rnr_NbtResolveName+0x15
07 07a8f770 71b249a6 mswsock!Rnr_DoDnsLookup+0x1b1
08 07a8f9fc 71c01d7a mswsock!Dns_NSPLookupServiceNext+0x218
09 07a8fa10 71c01ddb WS2_32!
NSPROVIDERSTATE::LookupServiceNext+0x1a
0a 07a8fa3c 71c01e75 WS2_32!NSQUERY::LookupServiceNext+0xb2
0b 07a8fa5c 71c01f01 WS2_32!WSALookupServiceNextW+0x76
0c 07a8fa80 71c01fbe WS2_32!WSALookupServiceNextA+0x61
0d 07a8faac 71c02082 WS2_32!getxyDataEnt+0x9f
0e 07a8fcd4 6b79eab1 WS2_32!gethostbyname+0xa8
0f 07a8fd08 6b79d040 SMTPSVC!ResolveHost+0xe8
10 07a8fecc 6b79d17e SMTPSVC!CAsyncMxDns::GetIpFromDns+0x85
11 07a8feec 6b79dda6 SMTPSVC!
CAsyncMxDns::GetMissingIpAddresses+0x48
12 07a8ff00 6b79c737 SMTPSVC!
CAsyncMxDns::DnsProcessReply+0x2b6
13 07a8ff24 6b79c869 SMTPSVC!CAsyncDns::ProcessReadIO+0x225
14 07a8ff48 6b79bc12 SMTPSVC!CAsyncDns::ProcessClient+0x11e
15 07a8ff58 63ec71d3 SMTPSVC!DnsCompletion+0x15
16 07a8ff84 63ec73c6 isatq!AtqpProcessContext+0x1db
17 07a8ffb8 77e4a990 isatq!AtqPoolThread+0x1d1
18 07a8ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 64
System Thread ID: 1554
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 07acff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 07acff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 07acff80 63ec7235 kernel32!
GetQueuedCompletionStatus+0x27
03 07acffb8 77e4a990 isatq!AtqPoolThread+0x40
04 07acffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 65
System Thread ID: 1264
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 07b0ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 07b0ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 07b0ff80 63ec7235 kernel32!
GetQueuedCompletionStatus+0x27
03 07b0ffb8 77e4a990 isatq!AtqPoolThread+0x40
04 07b0ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 66
System Thread ID: 2e4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 07b4ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 07b4ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 07b4ff80 63ec7235 kernel32!
GetQueuedCompletionStatus+0x27
03 07b4ffb8 77e4a990 isatq!AtqPoolThread+0x40
04 07b4ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 67
System Thread ID: 143c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 07b8f5e8 77f4372d SharedUserData!SystemCallStub+0x4
01 07b8f5ec 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 07b8f694 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 07b8f6ac 71b38a5b kernel32!WaitForMultipleObjects+0x17
04 07b8f6d8 71b38c99 mswsock!Nbt_WaitForResponse+0x2b
05 07b8f720 71b38015 mswsock!Nbt_ResolveName+0xc9
06 07b8f73c 71b2d03d mswsock!Rnr_NbtResolveName+0x15
07 07b8f770 71b249a6 mswsock!Rnr_DoDnsLookup+0x1b1
08 07b8f9fc 71c01d7a mswsock!Dns_NSPLookupServiceNext+0x218
09 07b8fa10 71c01ddb WS2_32!
NSPROVIDERSTATE::LookupServiceNext+0x1a
0a 07b8fa3c 71c01e75 WS2_32!NSQUERY::LookupServiceNext+0xb2
0b 07b8fa5c 71c01f01 WS2_32!WSALookupServiceNextW+0x76
0c 07b8fa80 71c01fbe WS2_32!WSALookupServiceNextA+0x61
0d 07b8faac 71c02082 WS2_32!getxyDataEnt+0x9f
0e 07b8fcd4 6b79eab1 WS2_32!gethostbyname+0xa8
0f 07b8fd08 6b79d040 SMTPSVC!ResolveHost+0xe8
10 07b8fecc 6b79d17e SMTPSVC!CAsyncMxDns::GetIpFromDns+0x85
11 07b8feec 6b79dda6 SMTPSVC!
CAsyncMxDns::GetMissingIpAddresses+0x48
12 07b8ff00 6b79c737 SMTPSVC!
CAsyncMxDns::DnsProcessReply+0x2b6
13 07b8ff24 6b79c869 SMTPSVC!CAsyncDns::ProcessReadIO+0x225
14 07b8ff48 6b79bc12 SMTPSVC!CAsyncDns::ProcessClient+0x11e
15 07b8ff58 63ec71d3 SMTPSVC!DnsCompletion+0x15
16 07b8ff84 63ec73c6 isatq!AtqpProcessContext+0x1db
17 07b8ffb8 77e4a990 isatq!AtqPoolThread+0x1d1
18 07b8ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 68
System Thread ID: 1598
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 07bcff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 07bcff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 07bcff80 63ec7235 kernel32!
GetQueuedCompletionStatus+0x27
03 07bcffb8 77e4a990 isatq!AtqPoolThread+0x40
04 07bcffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 69
System Thread ID: a44
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 07c0ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 07c0ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 07c0ff80 63ec7235 kernel32!
GetQueuedCompletionStatus+0x27
03 07c0ffb8 77e4a990 isatq!AtqPoolThread+0x40
04 07c0ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 70
System Thread ID: ef8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 07c4ff50 77f430c7 SharedUserData!SystemCallStub+0x4
01 07c4ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
02 07c4ff80 63ec7235 kernel32!
GetQueuedCompletionStatus+0x27
03 07c4ffb8 77e4a990 isatq!AtqPoolThread+0x40
04 07c4ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 71
System Thread ID: 1580
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to
locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 07c8f774 77f4318f SharedUserData!SystemCallStub+0x4
01 07c8f778 77c5add8 ntdll!ZwRequestWaitReplyPort+0xc
02 07c8f7c4 77c587af RPCRT4!LRPC_CCALL::SendReceive+0x22d
03 07c8f7cc 77c587f5 RPCRT4!I_RpcSendReceive+0x20
04 07c8f7dc 77ce65be RPCRT4!NdrSendReceive+0x28
05 07c8fbac 76eee37e RPCRT4!NdrClientCall2+0x1e4
06 07c8fbbc 76edeef3 DNSAPI!R_ResolverQuery+0x14
07 07c8fc18 76edf03c DNSAPI!Query_PrivateExW+0x187
08 07c8fc4c 76edf12a DNSAPI!Query_Shim+0x46
09 07c8fc74 6b79de6f DNSAPI!DnsQuery_A+0x1e
0a 07c8fc98 6b79e6a0 SMTPSVC!MyDnsQuery+0x55
0b 07c8fcd4 6b79eab1 SMTPSVC!GetHostByNameEx+0x7b
0c 07c8fd08 6b79d040 SMTPSVC!ResolveHost+0xe8
0d 07c8fecc 6b79d17e SMTPSVC!CAsyncMxDns::GetIpFromDns+0x85
0e 07c8feec 6b79dda6 SMTPSVC!
CAsyncMxDns::GetMissingIpAddresses+0x48
0f 07c8ff00 6b79c737 SMTPSVC!
CAsyncMxDns::DnsProcessReply+0x2b6
10 07c8ff24 6b79c869 SMTPSVC!CAsyncDns::ProcessReadIO+0x225
11 07c8ff48 6b79bc12 SMTPSVC!CAsyncDns::ProcessClient+0x11e
12 07c8ff58 63ec71d3 SMTPSVC!DnsCompletion+0x15
13 07c8ff84 63ec73c6 isatq!AtqpProcessContext+0x1db
14 07c8ffb8 77e4a990 isatq!AtqPoolThread+0x1d1
15 07c8ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 72
System Thread ID: 11f4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Frame IP not in any known module. Following
frames may be wrong.
00 07ccfed8 63df9645 0x60df9645
01 5fdf9645 00000000 0x63df9645




Thread ID: 73
System Thread ID: 1078
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 07d0f5e8 77f4372d SharedUserData!SystemCallStub+0x4
01 07d0f5ec 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
02 07d0f694 77e4b0e4 kernel32!
WaitForMultipleObjectsEx+0x11a
03 07d0f6ac 71b38a5b kernel32!WaitForMultipleObjects+0x17
04 07d0f6d8 71b38c99 mswsock!Nbt_WaitForResponse+0x2b
05 07d0f720 71b38015 mswsock!Nbt_ResolveName+0xc9
06 07d0f73c 71b2d03d mswsock!Rnr_NbtResolveName+0x15
07 07d0f770 71b249a6 mswsock!Rnr_DoDnsLookup+0x1b1
08 07d0f9fc 71c01d7a mswsock!Dns_NSPLookupServiceNext+0x218
09 07d0fa10 71c01ddb WS2_32!
NSPROVIDERSTATE::LookupServiceNext+0x1a
0a 07d0fa3c 71c01e75 WS2_32!NSQUERY::LookupServiceNext+0xb2
0b 07d0fa5c 71c01f01 WS2_32!WSALookupServiceNextW+0x76
0c 07d0fa80 71c01fbe WS2_32!WSALookupServiceNextA+0x61
0d 07d0faac 71c02082 WS2_32!getxyDataEnt+0x9f
0e 07d0fcd4 6b79eab1 WS2_32!gethostbyname+0xa8
0f 07d0fd08 6b79d040 SMTPSVC!ResolveHost+0xe8
10 07d0fecc 6b79d17e SMTPSVC!CAsyncMxDns::GetIpFromDns+0x85
11 07d0feec 6b79dda6 SMTPSVC!
CAsyncMxDns::GetMissingIpAddresses+0x48
12 07d0ff00 6b79c737 SMTPSVC!
CAsyncMxDns::DnsProcessReply+0x2b6
13 07d0ff24 6b79c869 SMTPSVC!CAsyncDns::ProcessReadIO+0x225
14 07d0ff48 6b79bc12 SMTPSVC!CAsyncDns::ProcessClient+0x11e
15 07d0ff58 63ec71d3 SMTPSVC!DnsCompletion+0x15
16 07d0ff84 63ec73c6 isatq!AtqpProcessContext+0x1db
17 07d0ffb8 77e4a990 isatq!AtqPoolThread+0x1d1
18 07d0ffec 00000000 kernel32!BaseThreadStart+0x34

Closing open log file C:\iisstate\output\IISState-4284.log


Thank you for any help,

Brian Weaver

Hi Brian,

I suggest that you contact PSS for a resolution to this issue.

Thank you,

Jackie Jaynes [MSFT]
Microsoft IIS
JackieJa DeleteThis @online.microsoft.com

Please do not send email directly to this alias. This
is our online account name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2001 Microsoft Corporation. All rights
reserved.