What do you get out of the following:
Opened log file 'C:\iisstate\output\IISState-3392.log'
***********************
Starting new log output
IISState version 3.2
Fri Nov 14 17:09:44 2003
OS = Windows 2000
Executable: inetinfo.exe
PID = 3392
Note: Thread times are formatted as HH:MM:SS.ms
***********************
IIS has crashed...
Beginning Analysis
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\KERNEL32.dll -
DLL (!FunctionName) that failed: KERNEL32!IsBadReadPtr
Thread ID: 44
System Thread ID: 11ac
Kernel Time: 0:0:22.328
User Time: 0:1:9.203
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\vbscript.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\OLEAUT32.dll -
Thread Type: ASP
Executing Page: *** ERROR: Symbol file could not be found. Defaulted to
export symbols for C:\WINNT\System32\inetsrv\asp.dll -
ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0411f0a8 039d1eef KERNEL32!IsBadReadPtr+0x4d
01 0411f0dc 039d1f99 vbscript!DllCanUnloadNow+0x46a9a
02 0411f100 779d7d5d vbscript!DllCanUnloadNow+0x46b44
03 0411f130 77a2310e OLEAUT32!DispCallFunc+0x15d
04 0411f1c0 039d30f1 OLEAUT32!ClearCustData+0x588
05 0411f264 0399866f vbscript!DllCanUnloadNow+0x47c9c
06 0411f944 006e0075 vbscript!DllCanUnloadNow+0xd21a
07 006f0000 00000000 0x6e0075
Closing open log file C:\iisstate\output\IISState-3392.log
Opened log file 'C:\iisstate\output\IISState-3392.log'
***********************
Starting new log output
IISState version 3.2
Fri Nov 14 17:15:20 2003
OS = Windows 2000
Executable: inetinfo.exe
PID = 3392
Note: Thread times are formatted as HH:MM:SS.ms
***********************
Thread ID: 0
System Thread ID: 1b4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\ntdll.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\ADVAPI32.dll -
*** ERROR: Module load completed but symbols could not be loaded for
C:\WINNT\System32\inetsrv\inetinfo.exe
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0006f910 7c2e0135 ntdll!ZwReadFile+0xb
01 0006f93c 7c2dffbb ADVAPI32!StartServiceCtrlDispatcherW+0x509
02 0006f9b8 7c2e1995 ADVAPI32!StartServiceCtrlDispatcherW+0x38f
03 0006fbf4 01002884 ADVAPI32!StartServiceCtrlDispatcherA+0x72
04 0006fd30 01001e94 inetinfo+0x2884
05 77e201ca 2474ff50 inetinfo+0x1e94
06 0c24448d 00000000 0x2474ff50
Thread ID: 1
System Thread ID: 830
Kernel Time: 0:0:0.109
User Time: 0:0:0.46
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 005dfd44 7c57b3d5 ntdll!NtWaitForSingleObject+0xb
01 00000001 00000000 KERNEL32!WaitForSingleObject+0xf
Thread ID: 2
System Thread ID: d94
Kernel Time: 0:0:39.968
User Time: 0:0:5.546
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\IisRTL.DLL -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0071feac 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 0071ff08 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 0071ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
03 00233fe0 000003e9
IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4
Thread ID: 3
System Thread ID: e88
Kernel Time: 0:0:30.921
User Time: 0:0:5.203
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0075feac 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 0075ff08 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 0075ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
03 00232518 000003ea
IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4
Thread ID: 4
System Thread ID: 398
Kernel Time: 0:0:37.312
User Time: 0:0:7.906
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0079feac 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 0079ff08 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 0079ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
03 002325c8 000003eb
IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4
Thread ID: 5
System Thread ID: b5c
Kernel Time: 0:0:29.984
User Time: 0:0:5.390
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 007dfeac 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 007dff08 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 007dff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
03 00232678 000003ec
IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4
Thread ID: 6
System Thread ID: b84
Kernel Time: 0:0:0.203
User Time: 0:0:0.109
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\System32\inetsrv\INFOCOMM.DLL -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 00fdfc6c 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 00fdfcc8 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 00fdfce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
03 00cdac6c 00000000 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
Thread ID: 7
System Thread ID: 7a4
Kernel Time: 0:0:0.15
User Time: 0:0:0.31
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0104fc6c 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 0104fcc8 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 0104fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
03 00cdc65c 00000000 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
Thread ID: 8
System Thread ID: 498
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0108fc6c 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 0108fcc8 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 0108fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
03 00cda3cc 00000000 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
Thread ID: 9
System Thread ID: cb4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\System32\inetsrv\ISATQ.DLL -
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0120ff88 6d7029ef ntdll!NtRemoveIoCompletion+0xb
01 0120ffb4 7c57b382 ISATQ!CDirMonitor::RemoveEntry+0x183
02 0120ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 10
System Thread ID: cdc
Kernel Time: 0:0:18.562
User Time: 0:0:36.687
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0124ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 11
System Thread ID: e60
Kernel Time: 0:0:12.125
User Time: 0:0:24.531
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0128ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 12
System Thread ID: acc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\RPCRT4.DLL -
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\ole32.dll -
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0140fee4 77d809da ntdll!NtRemoveIoCompletion+0xb
01 0140ff20 77d50ede RPCRT4!I_RpcTransGetAddressList+0x304c
02 0140ff74 77d50d17 RPCRT4!TowerConstruct+0x4abd
03 0140ffa8 77d41c6c RPCRT4!TowerConstruct+0x48f6
04 0140ffb4 7c57b382 RPCRT4!I_RpcServerInqTransportType+0x1a0
05 0140ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 13
System Thread ID: e00
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0170ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
01 0170ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 0170ffb4 7c57b382 RPCRT4!I_RpcServerInqTransportType+0x1a0
03 0170ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 14
System Thread ID: ec0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0178fd70 7c599f6c ntdll!NtWaitForMultipleObjects+0xb
01 0178ffb4 7c57b382 KERNEL32!WaitForMultipleObjects+0x17
02 0178ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 15
System Thread ID: 858
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 017dff70 7c599f6c ntdll!NtWaitForMultipleObjects+0xb
01 017dffb4 7c57b382 KERNEL32!WaitForMultipleObjects+0x17
02 017dffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 16
System Thread ID: 1090
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0181ff74 7c599f6c ntdll!NtWaitForMultipleObjects+0xb
01 0181ffb4 7c57b382 KERNEL32!WaitForMultipleObjects+0x17
02 0181ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 17
System Thread ID: a34
Kernel Time: 0:0:0.93
User Time: 0:0:0.390
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 01a1ff8c 7c57b3d5 ntdll!NtWaitForSingleObject+0xb
01 01a1ffec 00000000 KERNEL32!WaitForSingleObject+0xf
Thread ID: 18
System Thread ID: b04
Kernel Time: 0:0:0.78
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\WS2_32.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\System32\inetsrv\ftpsvc2.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 01a5ff50 75037871 ntdll!NtWaitForMultipleObjects+0xb
01 01a5ff6c 6fc66e80 WS2_32!WSAWaitForMultipleEvents+0x18
02 00cdb094 000005a0 ftpsvc2!COMMON_METADATA::SetAccessPerms+0xce0
Thread ID: 19
System Thread ID: c04
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 01b9ff68 7c599f6c ntdll!NtWaitForMultipleObjects+0xb
01 01b9ffb4 7c57b382 KERNEL32!WaitForMultipleObjects+0x17
02 01b9ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 20
System Thread ID: 5dc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 01bfff90 7c57b3d5 ntdll!NtWaitForSingleObject+0xb
01 01bfffec 00000000 KERNEL32!WaitForSingleObject+0xf
Thread ID: 21
System Thread ID: 840
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
\\?\C:\IISDebugTools\IISCHAgent.dll -
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 020bff04 67306fab ntdll!NtRemoveIoCompletion+0xb
01 020bffb4 7c57b382 IISCHAgent!ConfigFileMonitor+0x15b
02 020bffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 22
System Thread ID: dbc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 021fff68 7c599f6c ntdll!NtWaitForMultipleObjects+0xb
01 021fffb4 7c57b382 KERNEL32!WaitForMultipleObjects+0x17
02 021fffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 23
System Thread ID: d74
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0224ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
01 0224ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 0224ffb4 7c57b382 RPCRT4!I_RpcServerInqTransportType+0x1a0
03 0224ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 24
System Thread ID: e30
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\msafd.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0228fe38 74fd3c59 ntdll!NtWaitForSingleObject+0xb
01 0228ff24 750312f5 msafd!WSPSetSockOpt+0xdaa
02 0228ff88 6d7075bd WS2_32!select+0xcb
03 00ce04d4 000006f0 ISATQ!SetIISCapTraceFlag+0x1ce5
Thread ID: 25
System Thread ID: 7fc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 022eff84 7c57b3d5 ntdll!NtWaitForSingleObject+0xb
01 77f89103 8b000000 KERNEL32!WaitForSingleObject+0xf
02 180d8b64 00000000 0x8b000000
Thread ID: 26
System Thread ID: 6b8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0232ff7c 7c57b3d5 ntdll!NtWaitForSingleObject+0xb
01 741873d4 72705c74 KERNEL32!WaitForSingleObject+0xf
02 6e5c3a44 00000000 0x72705c74
Thread ID: 27
System Thread ID: d98
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\System32\inetsrv\SMTPSVC.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 023aff20 7c599f6c ntdll!NtWaitForMultipleObjects+0xb
01 023aff9c 6b56dccd KERNEL32!WaitForMultipleObjects+0x17
02 023affb4 7c57b382 SMTPSVC!IIS_SERVICE::GetServiceConfigInfoSize+0xb6af
03 023affec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 28
System Thread ID: d8c
Kernel Time: 0:0:0.0
User Time: 0:0:0.31
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\System32\inetsrv\w3svc.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\MSVCRT.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0252fec0 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 0252ff1c 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 0252ff38 65f09ccb USER32!MsgWaitForMultipleObjects+0x1d
03 0252ff7c 78008454 w3svc!HTTP_HEADER_MAPPER::Initialize+0x431
04 0252ffb4 7c57b382 MSVCRT!endthread+0xc1
05 0252ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 29
System Thread ID: fd8
Kernel Time: 0:0:37.312
User Time: 0:0:12.281
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0256fef8 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 0256ff54 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 0256ff70 65f09d47 USER32!MsgWaitForMultipleObjects+0x1d
03 0256ffb4 7c57b382 w3svc!HTTP_HEADER_MAPPER::Initialize+0x4ad
04 0256ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 30
System Thread ID: 106c
Kernel Time: 0:0:26.734
User Time: 0:0:54.593
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0274ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 31
System Thread ID: 82c
Kernel Time: 0:0:18.984
User Time: 0:0:38.593
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 028cff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 32
System Thread ID: e94
Kernel Time: 0:0:0.15
User Time: 0:0:0.62
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 02bcff58 7c599f6c ntdll!NtWaitForMultipleObjects+0xb
01 02bcffec 00000000 KERNEL32!WaitForMultipleObjects+0x17
Thread ID: 33
System Thread ID: fc0
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\System32\COMSVCS.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\System32\TxfAux.Dll -
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 02c0fb94 77d3a2c7 ntdll!ZwRequestWaitReplyPort+0xb
01 02c0fba0 77b23b2c RPCRT4!I_RpcSendReceive+0x2c
02 02c0fbc0 77b239f7 ole32!DllDebugObjectRPCHook+0x12a
03 02c0fbd8 77b20aa5 ole32!WdtpInterfacePointer_UserSize+0x1b54
04 02c0fc18 77b23870 ole32!StgGetIFillLockBytesOnFile+0x19f30
05 02c0fc88 77ab6ac3 ole32!WdtpInterfacePointer_UserSize+0x19cd
06 02c0fce0 77d90328 ole32!UpdateDCOMSettings+0xad78
07 02c0fcfc 77d92b3f RPCRT4!NdrProxySendReceive+0x4c
08 02c0ff44 77d95f85 RPCRT4!NdrClientCall2+0x4f5
09 02c0ff60 77d77fcb RPCRT4!NdrStubCall2+0xb03
0a 02c0ff70 787f372e RPCRT4!NdrServerMarshall+0x1311
0b 78868f0c ffffffff COMSVCS!RegisterComEvents+0x6768
0c 00140eb8 78868f0c 0xffffffff
0d 00000000 00000000 COMSVCS!RegisterComEvents+0x7bf46
Thread ID: 34
System Thread ID: 208
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 03bbfec0 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 03bbff1c 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 03bbff38 74a01e69 USER32!MsgWaitForMultipleObjects+0x1d
03 03bbff7c 78008454 asp!GetExtensionVersion+0x2deb
04 03bbffb4 7c57b382 MSVCRT!endthread+0xc1
05 03bbffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 35
System Thread ID: 102c
Kernel Time: 0:0:0.140
User Time: 0:0:0.93
*** WARNING: Unable to verify checksum for C:\WINNT\System32\pdm.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\System32\pdm.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: PDM (Debugger) Thread.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 03d7fe2c 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 03d7fe88 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 03d7fea4 4a00886c USER32!MsgWaitForMultipleObjects+0x1d
03 03d7ff7c 7c599bcb pdm+0x886c
04 03d7ffb0 4a008a09 KERNEL32!ReleaseSemaphore+0x12
05 03d7ffb4 7c57b382 pdm+0x8a09
06 03d7ffcc 77f83383 KERNEL32!lstrcmpiW+0xb7
07 7fbbf000 03d80000 ntdll!LdrLoadDll+0x122
08 03d7ffdc 7c5c1bb4 0x3d80000
09 ffffffff 00000000 KERNEL32!UTUnRegister+0x279
Thread ID: 36
System Thread ID: 8e4
Kernel Time: 0:0:14.718
User Time: 0:1:16.734
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 03edfe78 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 03edfed4 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 03edfef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 03c630d0 00001278 COMSVCS!Ordinal7+0x29d5
Thread ID: 37
System Thread ID: 81c
Kernel Time: 0:0:4.15
User Time: 0:0:5.265
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 03f5fe78 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 03f5fed4 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 03f5fef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 03c640b0 00001278 COMSVCS!Ordinal7+0x29d5
Thread ID: 38
System Thread ID: e70
Kernel Time: 0:0:21.640
User Time: 0:1:11.750
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 03f9fe78 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 03f9fed4 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 03f9fef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 03c64500 00001278 COMSVCS!Ordinal7+0x29d5
Thread ID: 39
System Thread ID: e08
Kernel Time: 0:0:35.78
User Time: 0:1:19.484
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 03fdfe78 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 03fdfed4 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 03fdfef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 03c64990 00001278 COMSVCS!Ordinal7+0x29d5
Thread ID: 40
System Thread ID: f58
Kernel Time: 0:0:22.0
User Time: 0:1:12.312
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0401fe78 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 0401fed4 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 0401fef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 03c65248 00001278 COMSVCS!Ordinal7+0x29d5
Thread ID: 41
System Thread ID: b70
Kernel Time: 0:0:29.796
User Time: 0:1:19.281
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0405fe78 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 0405fed4 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 0405fef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 03c656b0 00001278 COMSVCS!Ordinal7+0x29d5
Thread ID: 42
System Thread ID: 848
Kernel Time: 0:0:19.546
User Time: 0:1:7.531
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0409fe78 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 0409fed4 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 0409fef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 03c649c8 00001278 COMSVCS!Ordinal7+0x29d5
Thread ID: 43
System Thread ID: f40
Kernel Time: 0:0:10.484
User Time: 0:1:10.546
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 040dfe78 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 040dfed4 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 040dfef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 03c671c8 00001278 COMSVCS!Ordinal7+0x29d5
Thread ID: 44
System Thread ID: 11ac
Kernel Time: 0:0:22.328
User Time: 0:1:9.203
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0411f0a8 039d1eef KERNEL32!IsBadReadPtr+0x4d
01 0411f0dc 039d1f99 vbscript!DllCanUnloadNow+0x46a9a
02 0411f100 779d7d5d vbscript!DllCanUnloadNow+0x46b44
03 0411f130 77a2310e OLEAUT32!DispCallFunc+0x15d
04 0411f1c0 039d30f1 OLEAUT32!ClearCustData+0x588
05 0411f264 0399866f vbscript!DllCanUnloadNow+0x47c9c
06 0411f944 006e0075 vbscript!DllCanUnloadNow+0xd21a
07 006f0000 00000000 0x6e0075
Thread ID: 45
System Thread ID: 6e8
Kernel Time: 0:0:17.609
User Time: 0:1:19.609
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\WSOCK32.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\DBNETLIB.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Program Files\Common Files\System\OLE DB\sqloledb.dll -
Thread Status: Thread is in a WAIT state.
Thread Type: SQL Query. Possible ASP page
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0415e4d8 74fd160d ntdll!NtWaitForSingleObject+0xb
01 0415e554 750313fa msafd+0x160d
02 0415e590 750510a4 WS2_32!WSARecv+0x6c
03 0415e5bc 050915c7 WSOCK32!recv+0x31
04 0415e604 04a12331 DBNETLIB!ConnectionRead+0x167
05 0415e638 04a12390 sqloledb+0x2331
06 0415e684 04a126db sqloledb+0x2390
07 0415e6d0 04a1e0b6 sqloledb+0x26db
08 0415e714 0415e7e4 sqloledb+0xe0b6
09 04b17328 0f000000 0x415e7e4
0a eed47b81 00000000 0xf000000
Thread ID: 46
System Thread ID: e44
Kernel Time: 0:0:11.265
User Time: 0:1:10.328
Thread Status: Thread is in a WAIT state.
Thread Type: Idle ASP thread
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0419fe78 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 0419fed4 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 0419fef0 787c2885 USER32!MsgWaitForMultipleObjects+0x1d
03 03c67f58 00001278 COMSVCS!Ordinal7+0x29d5
Thread ID: 47
System Thread ID: 904
Kernel Time: 0:0:0.78
User Time: 0:0:0.46
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 041fffb4 7c57b382 ntdll!ZwDelayExecution+0xb
01 041fffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 48
System Thread ID: 998
Kernel Time: 0:0:16.218
User Time: 0:0:32.109
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 04a0ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 49
System Thread ID: b94
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 04b7ffb4 7c57b382 ntdll!NtWaitForMultipleObjects+0xb
01 04b7ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 50
System Thread ID: dd0
Kernel Time: 0:0:0.937
User Time: 0:0:1.984
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0500ff80 7c57b3d5 ntdll!NtWaitForSingleObject+0xb
01 0500ffb4 7c57b382 KERNEL32!WaitForSingleObject+0xf
02 0500ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 51
System Thread ID: 648
Kernel Time: 0:0:1.218
User Time: 0:0:0.890
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0504ff78 7c57b3d5 ntdll!NtWaitForSingleObject+0xb
01 0504ffb4 7c57b382 KERNEL32!WaitForSingleObject+0xf
02 0504ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 52
System Thread ID: 61c
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0508fd7c 7c57b3d5 ntdll!NtWaitForSingleObject+0xb
01 00000000 00000000 KERNEL32!WaitForSingleObject+0xf
Thread ID: 53
System Thread ID: d2c
Kernel Time: 0:0:0.62
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0538ffb4 7c57b382 ntdll!NtRemoveIoCompletion+0xb
01 0538ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 54
System Thread ID: 790
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 06c1ff58 7c59a0b8 ntdll!ZwDelayExecution+0xb
01 06c1ffb4 7c57b382 KERNEL32!Sleep+0xb
02 06c1ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 55
System Thread ID: 4ec
Kernel Time: 0:0:0.140
User Time: 0:0:0.78
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll -
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 06c5ff60 79e8c820 ntdll!NtRemoveIoCompletion+0xb
01 06c5ffb4 7c57b382 aspnet_isapi!SetClrThreadPoolLimits+0x1a9
02 06c5ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 56
System Thread ID: 1044
Kernel Time: 0:0:0.421
User Time: 0:0:0.46
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 06c9ff64 7c59a0b8 ntdll!ZwDelayExecution+0xb
01 06c9ffb4 7c57b382 KERNEL32!Sleep+0xb
02 06c9ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 57
System Thread ID: 670
Kernel Time: 0:0:0.125
User Time: 0:0:0.93
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 06cdff60 79e8c820 ntdll!NtRemoveIoCompletion+0xb
01 06cdffb4 7c57b382 aspnet_isapi!SetClrThreadPoolLimits+0x1a9
02 06cdffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 58
System Thread ID: a40
Kernel Time: 0:0:0.125
User Time: 0:0:0.93
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 06d1ff60 79e8c820 ntdll!NtRemoveIoCompletion+0xb
01 06d1ffb4 7c57b382 aspnet_isapi!SetClrThreadPoolLimits+0x1a9
02 06d1ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 59
System Thread ID: eb8
Kernel Time: 0:0:0.500
User Time: 0:0:0.93
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINNT\system32\SHLWAPI.DLL -
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 171dfea8 77e1e9fb ntdll!NtWaitForMultipleObjects+0xb
01 171dff04 77e1ea48 USER32!MsgWaitForMultipleObjectsEx+0x153
02 171dff20 631ca7b6 USER32!MsgWaitForMultipleObjects+0x1d
03 171dff74 631cab3e SHLWAPI!Ordinal265+0xb01
04 171dffac 631cad02 SHLWAPI!Ordinal293+0x151
05 171dffec 00000000 SHLWAPI!Ordinal293+0x315
Thread ID: 60
System Thread ID: 1154
Kernel Time: 0:0:26.531
User Time: 0:0:31.15
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 1895ffa8 77d41c6c ntdll!ZwDelayExecution+0xb
01 1895ffb4 7c57b382 RPCRT4!I_RpcServerInqTransportType+0x1a0
02 1895ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 61
System Thread ID: 634
Kernel Time: 0:0:0.93
User Time: 0:0:0.62
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 1900ff60 79e8c820 ntdll!NtRemoveIoCompletion+0xb
01 1900ffb4 7c57b382 aspnet_isapi!SetClrThreadPoolLimits+0x1a9
02 1900ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 62
System Thread ID: b9c
Kernel Time: 0:0:9.765
User Time: 0:0:21.234
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0ea1ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 63
System Thread ID: 1074
Kernel Time: 0:0:7.78
User Time: 0:0:14.484
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0236ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 64
System Thread ID: 1104
Kernel Time: 0:0:3.734
User Time: 0:0:7.343
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 03dfff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 65
System Thread ID: 868
Kernel Time: 0:0:11.31
User Time: 0:0:13.828
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0240ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
01 0240ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 0240ffb4 7c57b382 RPCRT4!I_RpcServerInqTransportType+0x1a0
03 0240ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 66
System Thread ID: 884
Kernel Time: 0:0:2.140
User Time: 0:0:4.890
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 038fff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 67
System Thread ID: 644
Kernel Time: 0:0:9.203
User Time: 0:0:10.140
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0393ffa8 77d41c6c ntdll!ZwDelayExecution+0xb
01 0393ffb4 7c57b382 RPCRT4!I_RpcServerInqTransportType+0x1a0
02 0393ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 68
System Thread ID: f80
Kernel Time: 0:0:8.640
User Time: 0:0:9.62
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 02c8ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
01 02c8ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 02c8ffb4 7c57b382 RPCRT4!I_RpcServerInqTransportType+0x1a0
03 02c8ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 69
System Thread ID: b38
Kernel Time: 0:0:6.328
User Time: 0:0:7.312
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0296ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
01 0296ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 0296ffb4 7c57b382 RPCRT4!I_RpcServerInqTransportType+0x1a0
03 0296ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 70
System Thread ID: 628
Kernel Time: 0:0:3.421
User Time: 0:0:4.93
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 027cffa8 77d41c6c ntdll!ZwDelayExecution+0xb
01 027cffb4 7c57b382 RPCRT4!I_RpcServerInqTransportType+0x1a0
02 027cffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 71
System Thread ID: 1018
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 00c6ff7c 7c59a0b8 ntdll!ZwDelayExecution+0xb
01 00007530 00000000 KERNEL32!Sleep+0xb
Thread ID: 72
System Thread ID: d80
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fadff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 73
System Thread ID: 968
Kernel Time: 0:0:0.46
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fb1ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 74
System Thread ID: 734
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fb5ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 75
System Thread ID: 224
Kernel Time: 0:0:0.15
User Time: 0:0:0.62
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fb9ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 76
System Thread ID: e4c
Kernel Time: 0:0:0.140
User Time: 0:0:0.171
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fbdffa8 77d41c6c ntdll!ZwDelayExecution+0xb
01 0fbdffb4 7c57b382 RPCRT4!I_RpcServerInqTransportType+0x1a0
02 0fbdffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 77
System Thread ID: ce0
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fd0ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 78
System Thread ID: 6b4
Kernel Time: 0:0:0.46
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fccff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 79
System Thread ID: c28
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fd4ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 80
System Thread ID: 9ec
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fdcff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 81
System Thread ID: 638
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fd8ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 82
System Thread ID: 1080
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fe8ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 83
System Thread ID: a10
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fe0ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 84
System Thread ID: 1034
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 012cff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 85
System Thread ID: 70c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0ff0ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 86
System Thread ID: 6fc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fe4ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 87
System Thread ID: 6c8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0fecff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 88
System Thread ID: f88
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0ff4ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 89
System Thread ID: ac4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0278ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Thread ID: 90
System Thread ID: 714
Kernel Time: 0:0:0.125
User Time: 0:0:0.171
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
OLE32.dll Symbols not found. Unable to proceed with DCOM check.
Continuing other analysis.
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0288ff74 77d56d9e ntdll!NtReplyWaitReceivePortEx+0xb
01 0288ffa8 77d41c6c RPCRT4!TowerConstruct+0xa97d
02 0288ffb4 7c57b382 RPCRT4!I_RpcServerInqTransportType+0x1a0
03 0288ffec 00000000 KERNEL32!lstrcmpiW+0xb7
Thread ID: 91
System Thread ID: 5f8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
00 0284ff7c 6d702957 ntdll!NtRemoveIoCompletion+0xb
01 7c30fcf9 e65868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
02 6aec8b55 00000000 0xe65868ff
Closing open log file C:\iisstate\output\IISState-3392.log
"Pat [MSFT]" <patfilot DeleteThis @online.microsoft.com> wrote in message
news:%23xCCC2sqDHA.2636@TK2MSFTNGP09.phx.gbl...
> ISAPI filters always run In-process (even if the site they are assigned to
> are Medium or High). You can use IISState (www.iisfaq.com/iisstate) to
> determine the dll that is the culprit:
>
> iisstate -p <pid of inetinfo> -sc <enter>
>
> Pat
>
> "ja" <na DeleteThis @noemail.com> wrote in message
> news:elWelpsqDHA.708@TK2MSFTNGP10.phx.gbl...
> > I have a problem with an IIS server that occasionally crashes.
> > I am suspecting a DLL filter (iisrewrite) that is running on one of the
> > sites on the server, but I am not 100% sure this particular site is at
> > fault.
> >
> > Right now all the sites are running application protection Medium
> (pooled).
> > If I change the application protection to High (isolated) on the site
> > running the filter will it then only be that site that crashes or what?
> >
> > What would be the best way to investigate if this DLL is at fault?
> >
> >
>
><!-- ~MESSAGE_AFTER~ -->
>> Stay informed about: application protection high 
FAQ
Profile
Private Messages
Log in
