iis 5.0 hang since lastest patches and ASP.NET ValidatePath

hi,

after install latests windows patches and Microsoft ASP.NET
ValidatePath module, IIS hangs sometimes every hour, somtimes every 12
hours. no blue screnn, no eventlog...

Attached a Dump File with iisstate -p **** -hc -d
-sc cannot created because inetinfo.exe still in process.

any suggestions?
marc



Microsoft (R) Windows Debugger Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Archivos de programa\Debugging Tools for
Windows\1152-1098130006.dmp]
User Dump File: Only application data is available

Windows 2000 Version 2195 UP Free x86 compatible
Product: Server
Debug session time: Mon Oct 18 22:07:08 2004
System Uptime: 0 days 11:29:53.530
Process Uptime: not available
Symbol search path is:
SRV*c:\debug*http://msdl.microsoft.com/download/symbols;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
.........................................................................................................................................................................
(480.e28): Wake debugger - code 80000007 (first chance)
eax=6d639470 ebx=00000000 ecx=111af108 edx=00000000 esi=784b0348
edi=00000000
eip=78462870 esp=2679fc28 ebp=2679fc98 iopl=0 nv up ei pl nz
na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202
ntdll!ZwWaitForSingleObject+0xb:
78462870 c20c00 ret 0xc
0:059> .sympath SRV*c:\debug*http://msdl.microsoft.com/download/symbols
Symbol search path is:
SRV*c:\debug*http://msdl.microsoft.com/download/symbols
0:059> .reload
.........................................................................................................................................................................
0:059> !analyze
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: ntdll!_PEB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_RTL_CRITICAL_SECTION
***
***
***
*************************************************************************
Probably caused by : ntdll.dll ( ntdll!ZwWaitForSingleObject+b )

Followup: MachineOwner
---------

0:059> kb
ChildEBP RetAddr Args to Child
2679fc24 7846822a 00000158 00000000 00000000
ntdll!ZwWaitForSingleObject+0xb
2679fc98 7846819b 784b0301 7846b536 784b0348
ntdll!RtlpWaitForCriticalSection+0x9e
2679fca0 7846b536 784b0348 2679fd30 111af108
ntdll!RtlEnterCriticalSection+0x46
2679fd1c 7847ff3b 2679fd30 78460000 00000000
ntdll!LdrpInitialize+0x1a7
00000000 00000000 00000000 00000000 00000000
ntdll!KiUserApcDispatcher+0x7
0:059> !analyze -v
*******************************************************************************
*
*
* Exception Analysis
*
*
*
*******************************************************************************

*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: ntdll!_PEB
***
***
***
*************************************************************************
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
***
***
*** In order for this command to work properly, your symbol path
***
*** must point to .pdb files that have full type information.
***
***
***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
***
***
*** Type referenced: nt!_RTL_CRITICAL_SECTION
***
***
***
*************************************************************************

FAULTING_IP:
+0
00000000 ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 00000000
ExceptionCode: 80000007 (Wake debugger)
ExceptionFlags: 00000000
NumberParameters: 0

FAULTING_THREAD: 00000e28

BUGCHECK_STR: 80000007

DEFAULT_BUCKET_ID: APPLICATION_FAULT

PROCESS_NAME: inetinfo.exe

ERROR_CODE: (NTSTATUS) 0x80000007 - {Se ha activado el Depurador de n
cleo} El Depurador de sistema ha sido activado por una interrupci n.

CRITICAL_SECTION: 784b0348 (!cs -s 784b0348)

THREAD_ATTRIBUTES:
LAST_CONTROL_TRANSFER: from 7846822a to 78462870

STACK_TEXT:
2679fc24 7846822a 00000158 00000000 00000000
ntdll!ZwWaitForSingleObject+0xb
2679fc98 7846819b 784b0301 7846b536 784b0348
ntdll!RtlpWaitForCriticalSection+0x9e
2679fca0 7846b536 784b0348 2679fd30 111af108
ntdll!RtlEnterCriticalSection+0x46
2679fd1c 7847ff3b 2679fd30 78460000 00000000
ntdll!LdrpInitialize+0x1a7
00000000 00000000 00000000 00000000 00000000
ntdll!KiUserApcDispatcher+0x7


FOLLOWUP_IP:
ntdll!ZwWaitForSingleObject+b
78462870 c20c00 ret 0xc

SYMBOL_STACK_INDEX: 0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: ntdll!ZwWaitForSingleObject+b

MODULE_NAME: ntdll

IMAGE_NAME: ntdll.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 4060efaa

STACK_COMMAND: ~59s ; kb

BUCKET_ID: 80000007_ntdll!ZwWaitForSingleObject+b

Followup: MachineOwner
---------

ArthurvanKleef
Tue Oct 19 04:57:02 CDT 2004

Hi Marc,

I'm having the same troubles as you describe in IIS6.0,
only thing that works for me is go to task manager and end the inetinfo.exe
process (which automatically restarts after..)
I'm dying to know if someone knows a solution for this strange behaviour.

"marc" wrote:

> hi,
>
> after install latests windows patches and Microsoft ASP.NET
> ValidatePath module, IIS hangs sometimes every hour, somtimes every 12
> hours. no blue screnn, no eventlog...
>
> Attached a Dump File with iisstate -p **** -hc -d
> -sc cannot created because inetinfo.exe still in process.
>
> any suggestions?
> marc
>
>
>
> Microsoft (R) Windows Debugger Version 6.3.0017.0
> Copyright (c) Microsoft Corporation. All rights reserved.
>
>
> Loading Dump File [C:\Archivos de programa\Debugging Tools for
> Windows\1152-1098130006.dmp]
> User Dump File: Only application data is available
>
> Windows 2000 Version 2195 UP Free x86 compatible
> Product: Server
> Debug session time: Mon Oct 18 22:07:08 2004
> System Uptime: 0 days 11:29:53.530
> Process Uptime: not available
> Symbol search path is:
> SRV*c:\debug*http://msdl.microsoft.com/download/symbols;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
> Executable search path is:
> ..........................................................................................................................................................................
> (480.e28): Wake debugger - code 80000007 (first chance)
> eax=6d639470 ebx=00000000 ecx=111af108 edx=00000000 esi=784b0348
> edi=00000000
> eip=78462870 esp=2679fc28 ebp=2679fc98 iopl=0 nv up ei pl nz
> na pe nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000202
> ntdll!ZwWaitForSingleObject+0xb:
> 78462870 c20c00 ret 0xc
> 0:059> .sympath SRV*c:\debug*http://msdl.microsoft.com/download/symbols
> Symbol search path is:
> SRV*c:\debug*http://msdl.microsoft.com/download/symbols
> 0:059> .reload
> ..........................................................................................................................................................................
> 0:059> !analyze
> *******************************************************************************
> *
> *
> * Exception Analysis
> *
> *
> *
> *******************************************************************************
>
> Use !analyze -v to get detailed debugging information.
>
> *************************************************************************
> ***
> ***
> ***
> ***
> *** Your debugger is not using the correct symbols
> ***
> ***
> ***
> *** In order for this command to work properly, your symbol path
> ***
> *** must point to .pdb files that have full type information.
> ***
> ***
> ***
> *** Certain .pdb files (such as the public OS symbols) do not
> ***
> *** contain the required information. Contact the group that
> ***
> *** provided you with these symbols if you need this command to
> ***
> *** work.
> ***
> ***
> ***
> *** Type referenced: ntdll!_PEB
> ***
> ***
> ***
> *************************************************************************
> *************************************************************************
> ***
> ***
> ***
> ***
> *** Your debugger is not using the correct symbols
> ***
> ***
> ***
> *** In order for this command to work properly, your symbol path
> ***
> *** must point to .pdb files that have full type information.
> ***
> ***
> ***
> *** Certain .pdb files (such as the public OS symbols) do not
> ***
> *** contain the required information. Contact the group that
> ***
> *** provided you with these symbols if you need this command to
> ***
> *** work.
> ***
> ***
> ***
> *** Type referenced: nt!_RTL_CRITICAL_SECTION
> ***
> ***
> ***
> *************************************************************************
> Probably caused by : ntdll.dll ( ntdll!ZwWaitForSingleObject+b )
>
> Followup: MachineOwner
> ---------
>
> 0:059> kb
> ChildEBP RetAddr Args to Child
> 2679fc24 7846822a 00000158 00000000 00000000
> ntdll!ZwWaitForSingleObject+0xb
> 2679fc98 7846819b 784b0301 7846b536 784b0348
> ntdll!RtlpWaitForCriticalSection+0x9e
> 2679fca0 7846b536 784b0348 2679fd30 111af108
> ntdll!RtlEnterCriticalSection+0x46
> 2679fd1c 7847ff3b 2679fd30 78460000 00000000
> ntdll!LdrpInitialize+0x1a7
> 00000000 00000000 00000000 00000000 00000000
> ntdll!KiUserApcDispatcher+0x7
> 0:059> !analyze -v
> *******************************************************************************
> *
> *
> * Exception Analysis
> *
> *
> *
> *******************************************************************************
>
> *************************************************************************
> ***
> ***
> ***
> ***
> *** Your debugger is not using the correct symbols
> ***
> ***
> ***
> *** In order for this command to work properly, your symbol path
> ***
> *** must point to .pdb files that have full type information.
> ***
> ***
> ***
> *** Certain .pdb files (such as the public OS symbols) do not
> ***
> *** contain the required information. Contact the group that
> ***
> *** provided you with these symbols if you need this command to
> ***
> *** work.
> ***
> ***
> ***
> *** Type referenced: ntdll!_PEB
> ***
> ***
> ***
> *************************************************************************
> *************************************************************************
> ***
> ***
> ***
> ***
> *** Your debugger is not using the correct symbols
> ***
> ***
> ***
> *** In order for this command to work properly, your symbol path
> ***
> *** must point to .pdb files that have full type information.
> ***
> ***
> ***
> *** Certain .pdb files (such as the public OS symbols) do not
> ***
> *** contain the required information. Contact the group that
> ***
> *** provided you with these symbols if you need this command to
> ***
> *** work.
> ***
> ***
> ***
> *** Type referenced: nt!_RTL_CRITICAL_SECTION
> ***
> ***
> ***
> *************************************************************************
>
> FAULTING_IP:
> +0
> 00000000 ?? ???
>
> EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
> ExceptionAddress: 00000000
> ExceptionCode: 80000007 (Wake debugger)
> ExceptionFlags: 00000000
> NumberParameters: 0
>
> FAULTING_THREAD: 00000e28
>
> BUGCHECK_STR: 80000007
>
> DEFAULT_BUCKET_ID: APPLICATION_FAULT
>
> PROCESS_NAME: inetinfo.exe
>
> ERROR_CODE: (NTSTATUS) 0x80000007 - {Se ha activado el Depurador de n
> cleo} El Depurador de sistema ha sido activado por una interrupci n.
>
> CRITICAL_SECTION: 784b0348 (!cs -s 784b0348)
>
> THREAD_ATTRIBUTES:
> LAST_CONTROL_TRANSFER: from 7846822a to 78462870
>
> STACK_TEXT:
> 2679fc24 7846822a 00000158 00000000 00000000
> ntdll!ZwWaitForSingleObject+0xb
> 2679fc98 7846819b 784b0301 7846b536 784b0348
> ntdll!RtlpWaitForCriticalSection+0x9e
> 2679fca0 7846b536 784b0348 2679fd30 111af108
> ntdll!RtlEnterCriticalSection+0x46
> 2679fd1c 7847ff3b 2679fd30 78460000 00000000
> ntdll!LdrpInitialize+0x1a7
> 00000000 00000000 00000000 00000000 00000000
> ntdll!KiUserApcDispatcher+0x7
>
>
> FOLLOWUP_IP:
> ntdll!ZwWaitForSingleObject+b
> 78462870 c20c00 ret 0xc
>
> SYMBOL_STACK_INDEX: 0
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: ntdll!ZwWaitForSingleObject+b
>
> MODULE_NAME: ntdll
>
> IMAGE_NAME: ntdll.dll
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 4060efaa
>
> STACK_COMMAND: ~59s ; kb
>
> BUCKET_ID: 80000007_ntdll!ZwWaitForSingleObject+b
>
> Followup: MachineOwner
> ---------
>

marc032
Tue Oct 19 10:54:37 CDT 2004

hey Arthur,

we also had troubles in a IIS 6.0 Webserver ... :>
all no isolated Websites hanging every 2-6 hours.

in our case we contact MS-Support and it was a known issue in the Jet Engine:

837001 MS04-014: Vulnerability in the Microsoft Jet Database Engine could
http://support.microsoft.com/?id=837001

838306 FIX: Web applications that use the Jet database engine may stop
http://support.microsoft.com/?id=838306

Contact MS-Support if this not helps or post any dump file in newsgroups.

To restart IIS make a batch:
c:\winnt\system32\iisreset.exe /restart
PAUSE

;) marc


"Arthur van Kleef" <ArthurvanKleef@discussions.microsoft.com> wrote in message news:<42622A32-F738-492B-A0D0-78EC9D3E5C18@microsoft.com>...
> Hi Marc,
>
> I'm having the same troubles as you describe in IIS6.0,
> only thing that works for me is go to task manager and end the inetinfo.exe
> process (which automatically restarts after..)
> I'm dying to know if someone knows a solution for this strange behaviour.
>
> "marc" wrote:
>
> > hi,
> >
> > after install latests windows patches and Microsoft ASP.NET
> > ValidatePath module, IIS hangs sometimes every hour, somtimes every 12
> > hours. no blue screnn, no eventlog...
> >
> > Attached a Dump File with iisstate -p **** -hc -d
> > -sc cannot created because inetinfo.exe still in process.
> >
> > any suggestions?
> > marc
> >
> >
> >

Pat
Tue Oct 19 12:29:28 CDT 2004

When you run IISState use the command line:

iisstate -p <pid> -d <enter>

That will force a log of a running process.

Pat

"marc" <marc032@hotmail.com> wrote in message
news:25485e81.0410181455.55ee44a0@posting.google.com...
> hi,
>
> after install latests windows patches and Microsoft ASP.NET
> ValidatePath module, IIS hangs sometimes every hour, somtimes every 12
> hours. no blue screnn, no eventlog...
>
> Attached a Dump File with iisstate -p **** -hc -d
> -sc cannot created because inetinfo.exe still in process.
>
> any suggestions?
> marc
>
>
>
> Microsoft (R) Windows Debugger Version 6.3.0017.0
> Copyright (c) Microsoft Corporation. All rights reserved.
>
>
> Loading Dump File [C:\Archivos de programa\Debugging Tools for
> Windows\1152-1098130006.dmp]
> User Dump File: Only application data is available
>
> Windows 2000 Version 2195 UP Free x86 compatible
> Product: Server
> Debug session time: Mon Oct 18 22:07:08 2004
> System Uptime: 0 days 11:29:53.530
> Process Uptime: not available
> Symbol search path is:
> SRV*c:\debug*http://msdl.microsoft.com/download/symbols;SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
> Executable search path is:
> .........................................................................................................................................................................
> (480.e28): Wake debugger - code 80000007 (first chance)
> eax=6d639470 ebx=00000000 ecx=111af108 edx=00000000 esi=784b0348
> edi=00000000
> eip=78462870 esp=2679fc28 ebp=2679fc98 iopl=0 nv up ei pl nz
> na pe nc
> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
> efl=00000202
> ntdll!ZwWaitForSingleObject+0xb:
> 78462870 c20c00 ret 0xc
> 0:059> .sympath SRV*c:\debug*http://msdl.microsoft.com/download/symbols
> Symbol search path is:
> SRV*c:\debug*http://msdl.microsoft.com/download/symbols
> 0:059> .reload
> .........................................................................................................................................................................
> 0:059> !analyze
> *******************************************************************************
> *
> *
> * Exception Analysis
> *
> *
> *
> *******************************************************************************
>
> Use !analyze -v to get detailed debugging information.
>
> *************************************************************************
> ***
> ***
> ***
> ***
> *** Your debugger is not using the correct symbols
> ***
> ***
> ***
> *** In order for this command to work properly, your symbol path
> ***
> *** must point to .pdb files that have full type information.
> ***
> ***
> ***
> *** Certain .pdb files (such as the public OS symbols) do not
> ***
> *** contain the required information. Contact the group that
> ***
> *** provided you with these symbols if you need this command to
> ***
> *** work.
> ***
> ***
> ***
> *** Type referenced: ntdll!_PEB
> ***
> ***
> ***
> *************************************************************************
> *************************************************************************
> ***
> ***
> ***
> ***
> *** Your debugger is not using the correct symbols
> ***
> ***
> ***
> *** In order for this command to work properly, your symbol path
> ***
> *** must point to .pdb files that have full type information.
> ***
> ***
> ***
> *** Certain .pdb files (such as the public OS symbols) do not
> ***
> *** contain the required information. Contact the group that
> ***
> *** provided you with these symbols if you need this command to
> ***
> *** work.
> ***
> ***
> ***
> *** Type referenced: nt!_RTL_CRITICAL_SECTION
> ***
> ***
> ***
> *************************************************************************
> Probably caused by : ntdll.dll ( ntdll!ZwWaitForSingleObject+b )
>
> Followup: MachineOwner
> ---------
>
> 0:059> kb
> ChildEBP RetAddr Args to Child
> 2679fc24 7846822a 00000158 00000000 00000000
> ntdll!ZwWaitForSingleObject+0xb
> 2679fc98 7846819b 784b0301 7846b536 784b0348
> ntdll!RtlpWaitForCriticalSection+0x9e
> 2679fca0 7846b536 784b0348 2679fd30 111af108
> ntdll!RtlEnterCriticalSection+0x46
> 2679fd1c 7847ff3b 2679fd30 78460000 00000000
> ntdll!LdrpInitialize+0x1a7
> 00000000 00000000 00000000 00000000 00000000
> ntdll!KiUserApcDispatcher+0x7
> 0:059> !analyze -v
> *******************************************************************************
> *
> *
> * Exception Analysis
> *
> *
> *
> *******************************************************************************
>
> *************************************************************************
> ***
> ***
> ***
> ***
> *** Your debugger is not using the correct symbols
> ***
> ***
> ***
> *** In order for this command to work properly, your symbol path
> ***
> *** must point to .pdb files that have full type information.
> ***
> ***
> ***
> *** Certain .pdb files (such as the public OS symbols) do not
> ***
> *** contain the required information. Contact the group that
> ***
> *** provided you with these symbols if you need this command to
> ***
> *** work.
> ***
> ***
> ***
> *** Type referenced: ntdll!_PEB
> ***
> ***
> ***
> *************************************************************************
> *************************************************************************
> ***
> ***
> ***
> ***
> *** Your debugger is not using the correct symbols
> ***
> ***
> ***
> *** In order for this command to work properly, your symbol path
> ***
> *** must point to .pdb files that have full type information.
> ***
> ***
> ***
> *** Certain .pdb files (such as the public OS symbols) do not
> ***
> *** contain the required information. Contact the group that
> ***
> *** provided you with these symbols if you need this command to
> ***
> *** work.
> ***
> ***
> ***
> *** Type referenced: nt!_RTL_CRITICAL_SECTION
> ***
> ***
> ***
> *************************************************************************
>
> FAULTING_IP:
> +0
> 00000000 ?? ???
>
> EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
> ExceptionAddress: 00000000
> ExceptionCode: 80000007 (Wake debugger)
> ExceptionFlags: 00000000
> NumberParameters: 0
>
> FAULTING_THREAD: 00000e28
>
> BUGCHECK_STR: 80000007
>
> DEFAULT_BUCKET_ID: APPLICATION_FAULT
>
> PROCESS_NAME: inetinfo.exe
>
> ERROR_CODE: (NTSTATUS) 0x80000007 - {Se ha activado el Depurador de n
> cleo} El Depurador de sistema ha sido activado por una interrupci n.
>
> CRITICAL_SECTION: 784b0348 (!cs -s 784b0348)
>
> THREAD_ATTRIBUTES:
> LAST_CONTROL_TRANSFER: from 7846822a to 78462870
>
> STACK_TEXT:
> 2679fc24 7846822a 00000158 00000000 00000000
> ntdll!ZwWaitForSingleObject+0xb
> 2679fc98 7846819b 784b0301 7846b536 784b0348
> ntdll!RtlpWaitForCriticalSection+0x9e
> 2679fca0 7846b536 784b0348 2679fd30 111af108
> ntdll!RtlEnterCriticalSection+0x46
> 2679fd1c 7847ff3b 2679fd30 78460000 00000000
> ntdll!LdrpInitialize+0x1a7
> 00000000 00000000 00000000 00000000 00000000
> ntdll!KiUserApcDispatcher+0x7
>
>
> FOLLOWUP_IP:
> ntdll!ZwWaitForSingleObject+b
> 78462870 c20c00 ret 0xc
>
> SYMBOL_STACK_INDEX: 0
>
> FOLLOWUP_NAME: MachineOwner
>
> SYMBOL_NAME: ntdll!ZwWaitForSingleObject+b
>
> MODULE_NAME: ntdll
>
> IMAGE_NAME: ntdll.dll
>
> DEBUG_FLR_IMAGE_TIMESTAMP: 4060efaa
>
> STACK_COMMAND: ~59s ; kb
>
> BUCKET_ID: 80000007_ntdll!ZwWaitForSingleObject+b
>
> Followup: MachineOwner
> ---------

marc032
Wed Oct 20 07:57:46 CDT 2004

thx pat, here the logfile:


Opened log file 'C:\iisstate\output\IISState-3232.log'

***********************
Starting new log output
IISState version 3.3.1

Wed Oct 20 10:12:39 2004

OS = Windows 2000
Executable: inetinfo.exe
PID = 3232

Note: Thread times are formatted as HH:MM:SS.ms

***********************




Thread ID: 0
System Thread ID: 9d8
Kernel Time: 0:0:0.20
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINNT\system32\KERNEL32.dll -
Thread Type: Other
# ChildEBP RetAddr
00 0006f89c 794662e9 ntdll!ZwReadFile+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0006f910 79004cd9 KERNEL32!ReadFile+0x181
02 0006f93c 79004b5f ADVAPI32!ScGetPipeInput+0x28
03 0006f9b8 79006632 ADVAPI32!ScDispatcherLoop+0x4a
04 0006fbf4 01002884 ADVAPI32!StartServiceCtrlDispatcherA+0x7d
05 0006fd30 01001e94 inetinfo!StartDispatchTable+0x2f1
06 0006ff70 01002fbf inetinfo!main+0x654
07 0006ffc0 7947893d inetinfo!mainCRTStartup+0xff
08 0006fff0 00000000 KERNEL32!ProcessIdToSessionId+0x17d




Thread ID: 1
System Thread ID: 914
Kernel Time: 0:0:0.70
User Time: 0:0:0.270
Thread Type: Other
# ChildEBP RetAddr
00 005efd1c 79479fe4 ntdll!ZwWaitForSingleObject+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 005efd44 7945b3db KERNEL32!WaitForSingleObjectEx+0x71
02 00000001 00000000 KERNEL32!WaitForSingleObject+0xf




Thread ID: 2
System Thread ID: 984
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINNT\system32\IisRTL.DLL -
Thread Type: Other
# ChildEBP RetAddr
00 0072fe5c 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0072feac 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0072ff08 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 0072ff24 6e505a7c USER32!MsgWaitForMultipleObjects+0x1d
04 00282798 000003e9
IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4




Thread ID: 3
System Thread ID: d08
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0076fe5c 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0076feac 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0076ff08 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 0076ff24 6e505a7c USER32!MsgWaitForMultipleObjects+0x1d
04 002839e0 000003ea
IisRTL!ALLOC_CACHE_HANDLER::SetLookasideCleanupInterval+0xe4




Thread ID: 4
System Thread ID: cb0
Kernel Time: 0:0:0.10
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: *** ERROR: Symbol file could not be found. Defaulted
to export symbols for C:\WINNT\system32\inetsrv\asp.dll -
ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 00bdfe24 77127ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
01 00bdff74 77127b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
02 00bdff78 77125924 RPCRT4!RecvLotsaCallsWrapper+0x9
03 00bdffa8 771258d6 RPCRT4!BaseCachedThreadRoutine+0x4f
04 00bdffb4 7945b388 RPCRT4!ThreadStartRoutine+0x18
WARNING: Stack unwind information not available. Following frames may
be wrong.
05 00bdffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 5
System Thread ID: 678
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 00c1ff5c 7947a243 ntdll!NtDelayExecution+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 00c1ff7c 7947a20e KERNEL32!SleepEx+0x32
02 00007530 00000000 KERNEL32!Sleep+0xb




Thread ID: 6
System Thread ID: f04
Kernel Time: 0:0:0.300
User Time: 0:0:0.721
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINNT\System32\inetsrv\INFOCOMM.DLL -
Thread Type: Other
# ChildEBP RetAddr
00 0115fc1c 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0115fc6c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0115fcc8 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 0115fce4 788071e0 USER32!MsgWaitForMultipleObjects+0x1d
04 00dc56f4 00000000 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209




Thread ID: 7
System Thread ID: b9c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINNT\System32\inetsrv\ISATQ.DLL -
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0121ff5c 794653d7 ntdll!ZwRemoveIoCompletion+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0121ff88 6d6329ef KERNEL32!GetQueuedCompletionStatus+0x27
02 0121ffb4 7945b388 ISATQ!CDirMonitor::RemoveEntry+0x183
03 0121ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 8
System Thread ID: 6e8
Kernel Time: 0:0:0.50
User Time: 0:0:0.20
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINNT\System32\inetsrv\w3svc.dll -
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0125f808 7946628d ntdll!ZwReadFile+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0125f87c 787f21cf KERNEL32!ReadFile+0x125
02 0125f8c0 787f2aee INFOCOMM!TS_OPEN_FILE_INFO::AccessCheck+0xc3
03 0125fb74 787f2794 INFOCOMM!TsCreateFile+0x5e8
04 0125fb98 787f25b1 INFOCOMM!TsCreateFile+0x28e
05 0125fcc4 787f2028 INFOCOMM!TsCreateFile+0xab
06 0125fcf4 65d83f0c INFOCOMM!TsCreateFileFromURI+0x78
07 0125fd54 65d8242b w3svc!STR::Copy+0xe0c
08 0125fec4 65d81d97 w3svc!CLIENT_CONN::OnSessionStartup+0x5cf
09 0125fee4 65d86be5 w3svc!HTTP_HEADERS::Reset+0x1ca
0a 0125ff08 65d86b58 w3svc!IIS_SERVER_INSTANCE::LockThisForWrite+0x63c
0b 0125ff4c 6d631ad2 w3svc!IIS_SERVER_INSTANCE::LockThisForWrite+0x5af
0c 0125ff80 6d6329a6 ISATQ!AtqWriteSocket+0x218
0d 79030dd6 f76868ff ISATQ!CDirMonitor::RemoveEntry+0x13a
0e 6aec8b55 00000000 0xf76868ff




Thread ID: 9
System Thread ID: c14
Kernel Time: 0:0:0.10
User Time: 0:0:0.10
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0129f808 7946628d ntdll!ZwReadFile+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0129f87c 787f21cf KERNEL32!ReadFile+0x125
02 0129f8c0 787f2aee INFOCOMM!TS_OPEN_FILE_INFO::AccessCheck+0xc3
03 0129fb74 787f2794 INFOCOMM!TsCreateFile+0x5e8
04 0129fb98 787f25b1 INFOCOMM!TsCreateFile+0x28e
05 0129fcc4 787f2028 INFOCOMM!TsCreateFile+0xab
06 0129fcf4 65d83f0c INFOCOMM!TsCreateFileFromURI+0x78
07 0129fd54 65d8242b w3svc!STR::Copy+0xe0c
08 0129fec4 65d81d97 w3svc!CLIENT_CONN::OnSessionStartup+0x5cf
09 0129fee4 65d86be5 w3svc!HTTP_HEADERS::Reset+0x1ca
0a 0129ff08 65d86b58 w3svc!IIS_SERVER_INSTANCE::LockThisForWrite+0x63c
0b 0129ff4c 6d631ad2 w3svc!IIS_SERVER_INSTANCE::LockThisForWrite+0x5af
0c 0129ff80 6d6329a6 ISATQ!AtqWriteSocket+0x218
0d 79030dd6 f76868ff ISATQ!CDirMonitor::RemoveEntry+0x13a
0e 6aec8b55 00000000 0xf76868ff




Thread ID: 10
System Thread ID: 890
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0155feb8 794653d7 ntdll!ZwRemoveIoCompletion+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0155fee4 77121394 KERNEL32!GetQueuedCompletionStatus+0x27
02 0155ff20 7712e93f RPCRT4!COMMON_ProcessCalls+0x9e
03 0155ff74 7712e8c2 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x99
04 0155ff78 77125924 RPCRT4!ProcessIOEventsWrapper+0x9
05 0155ffa8 771258d6 RPCRT4!BaseCachedThreadRoutine+0x4f
06 0155ffb4 7945b388 RPCRT4!ThreadStartRoutine+0x18
07 0155ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 11
System Thread ID: 5bc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0161fe24 77127ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
01 0161ff74 77127b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
02 0161ff78 77125924 RPCRT4!RecvLotsaCallsWrapper+0x9
03 0161ffa8 771258d6 RPCRT4!BaseCachedThreadRoutine+0x4f
04 0161ffb4 7945b388 RPCRT4!ThreadStartRoutine+0x18
WARNING: Stack unwind information not available. Following frames may
be wrong.
05 0161ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 12
System Thread ID: 10e8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0165fd20 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0165fd70 7947a0c2 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0165ffb4 7945b388 KERNEL32!WaitForMultipleObjects+0x17
03 0165ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 13
System Thread ID: 8cc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 016bff5c 79479fe4 ntdll!ZwWaitForSingleObject+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 016bff84 7945b3db KERNEL32!WaitForSingleObjectEx+0x71
02 78462060 8b000000 KERNEL32!WaitForSingleObject+0xf
03 180d8b64 00000000 0x8b000000




Thread ID: 14
System Thread ID: 7ac
Kernel Time: 0:0:0.0
User Time: 0:0:0.20
Thread Type: Other
# ChildEBP RetAddr
00 0178fe70 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0178fec0 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0178ff1c 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 0178ff38 65d89ccb USER32!MsgWaitForMultipleObjects+0x1d
04 0178ff7c 78008454 w3svc!HTTP_HEADER_MAPPER::Initialize+0x431
05 0178ffb4 7945b388 MSVCRT!_endthread+0xc6
06 0178ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 15
System Thread ID: 6d8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 017cfea8 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 017cfef8 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 017cff54 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 017cff70 65d89d47 USER32!MsgWaitForMultipleObjects+0x1d
04 017cffb4 7945b388 w3svc!HTTP_HEADER_MAPPER::Initialize+0x4ad
05 017cffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 16
System Thread ID: ff4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for C:\WINNT\system32\WS2_32.DLL -
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0184fdfc 74f81394 ntdll!ZwWaitForSingleObject+0xb
01 0184fe38 74f83c59 msafd!SockWaitForSingleObject+0x1a8
02 0184ff24 74fe12f5 msafd!WSPSelect+0x24e
WARNING: Stack unwind information not available. Following frames may
be wrong.
03 0184ff88 6d6375bd WS2_32!select+0xcb
04 00de3574 00000440 ISATQ!SetIISCapTraceFlag+0x1ce5




Thread ID: 17
System Thread ID: cf8
Kernel Time: 0:0:0.40
User Time: 0:0:0.80
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0199ff50 794653d7 ntdll!ZwRemoveIoCompletion+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0199ff7c 6d632957 KERNEL32!GetQueuedCompletionStatus+0x27
02 79030dd6 f76868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
03 6aec8b55 00000000 0xf76868ff




Thread ID: 18
System Thread ID: 61c
Kernel Time: 0:0:0.60
User Time: 0:0:0.90
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01ddff50 794653d7 ntdll!ZwRemoveIoCompletion+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 01ddff7c 6d632957 KERNEL32!GetQueuedCompletionStatus+0x27
02 79030dd6 f76868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
03 6aec8b55 00000000 0xf76868ff




Thread ID: 19
System Thread ID: a70
Kernel Time: 0:0:0.0
User Time: 0:0:0.20
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0212fe24 77127ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
01 0212ff74 77127b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
02 0212ff78 77125924 RPCRT4!RecvLotsaCallsWrapper+0x9
03 0212ffa8 771258d6 RPCRT4!BaseCachedThreadRoutine+0x4f
04 0212ffb4 7945b388 RPCRT4!ThreadStartRoutine+0x18
WARNING: Stack unwind information not available. Following frames may
be wrong.
05 0212ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 20
System Thread ID: 1068
Kernel Time: 0:0:0.10
User Time: 0:0:0.10
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0216ff50 794653d7 ntdll!ZwRemoveIoCompletion+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0216ff7c 6d632957 KERNEL32!GetQueuedCompletionStatus+0x27
02 79030dd6 f76868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
03 6aec8b55 00000000 0xf76868ff




Thread ID: 21
System Thread ID: 3c0
Kernel Time: 0:0:0.10
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 0231ff50 794653d7 ntdll!ZwRemoveIoCompletion+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0231ff7c 6d632957 KERNEL32!GetQueuedCompletionStatus+0x27
02 79030dd6 f76868ff ISATQ!CDirMonitor::RemoveEntry+0xeb
03 6aec8b55 00000000 0xf76868ff




Thread ID: 22
System Thread ID: 950
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0245ff08 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0245ff58 7947a0c2 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0245ffec 00000000 KERNEL32!WaitForMultipleObjects+0x17




Thread ID: 23
System Thread ID: d60
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

Remote call is either to a MTA object or object not initialized. Also,
possible utility thread.
DCOM call being made to Process ID: 1308
Waiting on thread id: ffffffff

# ChildEBP RetAddr
00 0249fb68 7713256d ntdll!ZwRequestWaitReplyPort+0xb
01 0249fb94 7712ac56 RPCRT4!LRPC_CCALL::SendReceive+0x11e
02 0249fba0 77b25b87 RPCRT4!I_RpcSendReceive+0x2c
03 0249fbc0 77b25a52 ole32!ThreadSendReceive+0xef
04 0249fbd8 77b22ab6
ole32!CRpcChannelBuffer::SwitchAptAndDispatchCall+0x14f
05 0249fc18 77b258c6 ole32!CRpcChannelBuffer::SendReceive2+0x96
06 0249fc28 77a6cb5d ole32!CRpcChannelBuffer::SendReceive+0x11
07 0249fc88 77ab74c3 ole32!CAptRpcChnl::SendReceive+0xa9
08 0249fce0 77184c1a ole32!CCtxComChnl::SendReceive+0x124
09 0249fcfc 7718487d RPCRT4!NdrProxySendReceive+0x4c
0a 0249ff44 77185136 RPCRT4!NdrClientCall2+0x4f5
0b 0249ff60 77136e75 RPCRT4!ObjectStublessClient+0x76
0c 0249ff70 6b4d5818 RPCRT4!ObjectStubless+0xf
0d 0249ffb4 7945b388
COMSVCS!CEventDispatcher::GetEventServerInfoThread+0x118
WARNING: Stack unwind information not available. Following frames may
be wrong.
0e 0249ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 24
System Thread ID: b7c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: ASP
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

# ChildEBP RetAddr
00 030bfe70 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 030bfec0 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 030bff1c 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 030bff38 749b1e69 USER32!MsgWaitForMultipleObjects+0x1d
04 030bff7c 78008454 asp!GetExtensionVersion+0x2deb
05 030bffb4 7945b388 MSVCRT!_endthread+0xc6
06 030bffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 25
System Thread ID: 1164
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made
# ChildEBP RetAddr
00 0313fe24 77127ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
01 0313ff74 77127b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
02 0313ff78 77125924 RPCRT4!RecvLotsaCallsWrapper+0x9
03 0313ffa8 771258d6 RPCRT4!BaseCachedThreadRoutine+0x4f
04 0313ffb4 7945b388 RPCRT4!ThreadStartRoutine+0x18
WARNING: Stack unwind information not available. Following frames may
be wrong.
05 0313ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 26
System Thread ID: bfc
Kernel Time: 0:0:0.20
User Time: 0:0:0.10
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 0317fe28 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0317fe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0317fed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 0317fef0 6b4a3911 USER32!MsgWaitForMultipleObjects+0x1d
04 0317ff1c 6b4a2cc0 COMSVCS!STAThread::WaitForWork+0x33
05 0317ffb4 7945b388 COMSVCS!STAThread::STAThreadWorker+0x4e2
06 0317ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 27
System Thread ID: 908
Kernel Time: 0:0:0.20
User Time: 0:0:0.70
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 031bfe28 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 031bfe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 031bfed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 031bfef0 6b4a3911 USER32!MsgWaitForMultipleObjects+0x1d
04 031bff1c 6b4a2cc0 COMSVCS!STAThread::WaitForWork+0x33
05 031bffb4 7945b388 COMSVCS!STAThread::STAThreadWorker+0x4e2
06 031bffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 28
System Thread ID: 7a8
Kernel Time: 0:0:0.0
User Time: 0:0:0.10
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 031ffe28 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 031ffe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 031ffed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 031ffef0 6b4a3911 USER32!MsgWaitForMultipleObjects+0x1d
04 031fff1c 6b4a2cc0 COMSVCS!STAThread::WaitForWork+0x33
05 031fffb4 7945b388 COMSVCS!STAThread::STAThreadWorker+0x4e2
06 031fffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 29
System Thread ID: c80
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 0323fe28 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0323fe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0323fed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 0323fef0 6b4a3911 USER32!MsgWaitForMultipleObjects+0x1d
04 0323ff1c 6b4a2952 COMSVCS!STAThread::WaitForWork+0x33
05 0323ffb4 7945b388 COMSVCS!STAThread::STAThreadWorker+0x174
06 0323ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 30
System Thread ID: db0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 0327fe28 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 0327fe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0327fed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 0327fef0 6b4a3911 USER32!MsgWaitForMultipleObjects+0x1d
04 0327ff1c 6b4a2952 COMSVCS!STAThread::WaitForWork+0x33
05 0327ffb4 7945b388 COMSVCS!STAThread::STAThreadWorker+0x174
06 0327ffec 00000000 KERNEL32!lstrcmpiW+0xb7




Thread ID: 31
System Thread ID: efc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Idle ASP thread
# ChildEBP RetAddr
00 032bfe28 7947a1af ntdll!ZwWaitForMultipleObjects+0xb
WARNING: Stack unwind information not available. Following frames may
be wrong.
01 032bfe78 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 032bfed4 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 032bfef0 6b4a3911 USER32!MsgWaitForMultipleObjects+0x1d
04 032bff1c 6b4a2952 COMSVCS!STAThread::WaitForWork+0x33
05 032bffb4 7945b388 COMSVCS!STAThread::STAThreadWorker+0x174
06 032bffec 00000000 KER