The IIS Admin Service service terminated unexpectedly

Sorry, if this is consider a double-post. Anyway, I have a Exchange
2003 SP2 server running on Windows 2003 SP1 and IIS keeps crashing
unexpectedly. I installed all the latest windows updates, rebooted,
same thing. Seems to keep occuring every 15-20 mins. I found a KB
Article pointing to Message Tracking, disabled it, same issue. I found
several posts telling people to run IISState. I downloaded & ran
IISState, but I am unclear how to interpret the logs. I will post the
log here with hopes that someone can help or point me in the right
direction. Thanks in advance.

Opened log file 'C:\iisstate\output\IISState-5500.log'

***********************
Starting new log output
IISState version 3.3.1

Mon Dec 04 21:27:16 2006

OS = Windows 2003 Server
Executable: inetinfo.exe
PID =  5500

Note: Thread times are formatted as HH:MM:SS.ms

***********************


IIS has crashed...
Beginning Analysis
*** ERROR: Symbol file could not be found.  Defaulted to export symbols
for C:\Program Files\Symantec\SMSMSE\5.0\Server\bin\libspamhunter.dll -

DLL (!FunctionName) that failed: libspamhunter!bltModGetVersion




Thread ID: 16
System Thread ID: ba4
Kernel Time: 0:0:2.750
User Time: 0:0:25.500
Thread Type: Other
 # ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 1d6cd2b9 20202020 libspamhunter!bltModGetVersion+0x16136
01 20202020 00000000 0x20202020
Closing open log file C:\iisstate\output\IISState-5500.log
Opened log file 'C:\iisstate\output\IISState-5500.log'

***********************
Starting new log output
IISState version 3.3.1

Mon Dec 04 21:27:16 2006

OS = Windows 2003 Server
Executable: inetinfo.exe
PID =  5500

Note: Thread times are formatted as HH:MM:SS.ms

***********************




Thread ID: 0
System Thread ID: d2c
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
 # ChildEBP RetAddr
00 0006f99c 7c821b84 ntdll!KiFastSystemCallRet
01 0006f9a0 77e4189f ntdll!NtReadFile+0xc
02 0006fa08 77f795ab kernel32!ReadFile+0x16c
03 0006fa34 77f7943c ADVAPI32!ScGetPipeInput+0x2a
04 0006faa8 77fb2ec9 ADVAPI32!ScDispatcherLoop+0x51
05 0006fcec 010027be ADVAPI32!StartServiceCtrlDispatcherA+0x93
06 0006fe1c 01002969 inetinfo!StartDispatchTable+0x277
07 0006ff44 0100339d inetinfo!main+0x117
08 0006ffc0 77e523e5 inetinfo!mainCRTStartup+0x12f
09 0006fff0 00000000 kernel32!BaseProcessStart+0x23




Thread ID: 1
System Thread ID: 3e8
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0082fe14 7c822124 ntdll!KiFastSystemCallRet
01 0082fe18 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 0082fe88 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 0082fe9c 01002ebf kernel32!WaitForSingleObject+0x12
04 0082ffb8 77e6608b inetinfo!W3SVCThreadEntry+0x3d
05 0082ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 2
System Thread ID: 4e4
Kernel Time: 0:0:0.15
User Time: 0:0:0.125
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0086fcb8 7c822124 ntdll!KiFastSystemCallRet
01 0086fcbc 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 0086fd2c 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 0086fd40 649f26a4 kernel32!WaitForSingleObject+0x12
04 0086fd68 010024b3 iisadmin!ServiceEntry+0x28a
05 0086ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
06 0086ffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
07 0086ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 3
System Thread ID: 11e0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr
00 00c3ff9c 7c821364 ntdll!KiFastSystemCallRet
01 00c3ffa0 7c81fe26 ntdll!NtDelayExecution+0xc
02 00c3ffb8 77e6608b ntdll!RtlpTimerThread+0x47
03 00c3ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 4
System Thread ID: af4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 00d4feac 7c822114 ntdll!KiFastSystemCallRet
01 00d4feb0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 00d4ff58 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 00d4ff74 56f951ef kernel32!WaitForMultipleObjects+0x18
04 00d4ffa0 56f96a06 COADMIN!NOTIFY_CONTEXT::GetNextContext+0x67
05 00d4ffb8 77e6608b COADMIN!NOTIFY_CONTEXT::NotifyThreadProc+0x5f
06 00d4ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 5
System Thread ID: 1434
Kernel Time: 0:0:0.15
User Time: 0:0:0.62
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 016dfe18 7c821c54 ntdll!KiFastSystemCallRet
01 016dfe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
02 016dff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 016dff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
04 016dffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 016dffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 016dffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 6
System Thread ID: 1508
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr
00 0171ff10 7c821364 ntdll!KiFastSystemCallRet
01 0171ff14 77e41ea7 ntdll!NtDelayExecution+0xc
02 0171ff7c 77e424c1 kernel32!SleepEx+0x68
03 0171ff8c 776b22a0 kernel32!Sleep+0xf
04 0171ff98 776b2307 ole32!CROIDTable::WorkerThreadLoop+0x14
05 0171ffa8 77670000 ole32!CRpcThread::WorkerLoop+0x1e
06 0171ffb8 77e6608b ole32!_imp__InstallApplication <PERF> (ole32+0x0)
07 0171ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 7
System Thread ID: 9d4
Kernel Time: 0:0:0.62
User Time: 0:0:0.234
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
 # ChildEBP RetAddr
00 0179fbb8 7c822114 ntdll!KiFastSystemCallRet
01 0179fbbc 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 0179fc64 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a
03 0179fcc0 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141
04 0179fcdc 6c7d63d5 USER32!MsgWaitForMultipleObjects+0x1f
05 0179fd28 4f075436 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x231
06 0179fd68 010024b3 SMTPSVC!ServiceEntry+0x12b
07 0179ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
08 0179ffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
09 0179ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 8
System Thread ID: 10e4
Kernel Time: 0:0:0.78
User Time: 0:0:0.62
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 017dfbac 7c822114 ntdll!KiFastSystemCallRet
01 017dfbb0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 017dfc58 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a
03 017dfcb4 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141
04 017dfcd0 685a366e USER32!MsgWaitForMultipleObjects+0x1f
05 017dfd1c 019a4d10 LNFOCOMM!IIS_SERVICE::StartServiceOperation+0x1d9
06 017dfd68 010024b3 resvc+0x14d10
07 017dffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
08 017dffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
09 017dffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 9
System Thread ID: 16f8
Kernel Time: 0:0:0.0
User Time: 0:0:0.31
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 06fcfbb0 7c822114 ntdll!KiFastSystemCallRet
01 06fcfbb4 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 06fcfc5c 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a
03 06fcfcb8 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141
04 06fcfcd4 685a366e USER32!MsgWaitForMultipleObjects+0x1f
05 06fcfd20 619269ad LNFOCOMM!IIS_SERVICE::StartServiceOperation+0x1d9
06 06fcfd68 010024b3 pop3svc+0x69ad
07 06fcffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
08 06fcffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
09 06fcffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 10
System Thread ID: 1408
Kernel Time: 0:0:0.31
User Time: 0:0:0.15
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0708fbb0 7c822114 ntdll!KiFastSystemCallRet
01 0708fbb4 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 0708fc5c 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a
03 0708fcb8 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141
04 0708fcd4 685a366e USER32!MsgWaitForMultipleObjects+0x1f
05 0708fd20 61954198 LNFOCOMM!IIS_SERVICE::StartServiceOperation+0x1d9
06 0708fd68 010024b3 imap4svc+0x4198
07 0708ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
08 0708ffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
09 0708ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 11
System Thread ID: 208
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 070cfec4 7c822114 ntdll!KiFastSystemCallRet
01 070cfec8 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 070cff70 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 070cff8c 63042b69 kernel32!WaitForMultipleObjects+0x18
04 070cffb8 77e6608b pttrace+0x2b69
05 070cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 12
System Thread ID: 174c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0710fec8 7c822114 ntdll!KiFastSystemCallRet
01 0710fecc 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 0710ff74 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 0710ff90 6304208b kernel32!WaitForMultipleObjects+0x18
04 0710ffb8 77e6608b pttrace+0x208b
05 0710ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 13
System Thread ID: 15b8
Kernel Time: 0:0:0.656
User Time: 0:0:0.234
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0714fe08 7c822114 ntdll!KiFastSystemCallRet
01 0714fe0c 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 0714feb4 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a
03 0714ff10 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141
04 0714ff2c 679cbbc6 USER32!MsgWaitForMultipleObjects+0x1f
05 0714ff80 77bbcefb LisRTL!SchedulerWorkerThread+0xa7
06 0714ffb8 77e6608b msvcrt!free+0xc8
07 0714ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 14
System Thread ID: 1680
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0718fe08 7c822114 ntdll!KiFastSystemCallRet
01 0718fe0c 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 0718feb4 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a
03 0718ff10 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141
04 0718ff2c 679cbbc6 USER32!MsgWaitForMultipleObjects+0x1f
05 0718ff80 77bbcefb LisRTL!SchedulerWorkerThread+0xa7
06 0718ffb8 77e6608b msvcrt!free+0xc8
07 0718ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 15
System Thread ID: 124c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0720fcec 7c822114 ntdll!KiFastSystemCallRet
01 0720fcf0 7c83acfd ntdll!NtWaitForMultipleObjects+0xc
02 0720ffb8 77e6608b ntdll!RtlpWaitThread+0x161
03 0720ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 16
System Thread ID: ba4
Kernel Time: 0:0:2.750
User Time: 0:0:25.500
Thread Type: Other
 # ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may
be wrong.
00 1d6cd2b9 20202020 libspamhunter!bltModGetVersion+0x16136
01 20202020 00000000 0x20202020




Thread ID: 17
System Thread ID: e60
Kernel Time: 0:0:0.234
User Time: 0:0:0.46
Thread Type: HTTP Listener
 # ChildEBP RetAddr
00 072cff50 7c821bf4 ntdll!KiFastSystemCallRet
01 072cff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 072cff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x29
03 072cffb8 77e6608b ISATQ!AtqPoolThread+0x40
04 072cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 18
System Thread ID: ba0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr
00 0738ff50 7c821bf4 ntdll!KiFastSystemCallRet
01 0738ff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 0738ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x29
03 0738ffb8 77e6608b LSATQ!AtqPoolThread+0x40
04 0738ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 19
System Thread ID: 1324
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr
00 073cff50 7c821bf4 ntdll!KiFastSystemCallRet
01 073cff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 073cff80 68628d05 kernel32!GetQueuedCompletionStatus+0x29
03 073cffb8 77e6608b LSATQ!AtqPoolThread+0x40
04 073cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 20
System Thread ID: b74
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr
00 075cff70 7c821bf4 ntdll!KiFastSystemCallRet
01 075cff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
02 075cffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
03 075cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 21
System Thread ID: 544
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 0765fe18 7c821c54 ntdll!KiFastSystemCallRet
01 0765fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
02 0765ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 0765ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
04 0765ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 0765ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 0765ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 22
System Thread ID: 1694
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 0769ff70 7c821364 ntdll!KiFastSystemCallRet
01 0769ff74 77c5fa28 ntdll!NtDelayExecution+0xc
02 0769ff8c 77c5f824 RPCRT4!TIMER::Wait+0x2b
03 0769ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0xe8
04 0769ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
05 0769ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 23
System Thread ID: 1258
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0730fec4 7c822114 ntdll!KiFastSystemCallRet
01 0730fec8 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 0730ff70 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 0730ff8c 695324f7 kernel32!WaitForMultipleObjects+0x18
04 0730ffb8 77e6608b exstrace!RegNotifyThread+0x6a
05 0730ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 24
System Thread ID: 358
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 076dfec8 7c822114 ntdll!KiFastSystemCallRet
01 076dfecc 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 076dff74 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 076dff90 69531a1d kernel32!WaitForMultipleObjects+0x18
04 076dffb8 77e6608b exstrace!WriteTraceThread+0x31
05 076dffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 25
System Thread ID: 464
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0785ff18 7c822124 ntdll!KiFastSystemCallRet
01 0785ff1c 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 0785ff8c 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 0785ffa0 4ba58f8c kernel32!WaitForSingleObject+0x12
04 0785ffb8 77e6608b FCACHDLL!CScheduleThread::ScheduleThread+0x61
05 0785ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 26
System Thread ID: f00
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
 # ChildEBP RetAddr
00 0799febc 7c822114 ntdll!KiFastSystemCallRet
01 0799fec0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 0799ff68 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 0799ff84 4f08f0a4 kernel32!WaitForMultipleObjects+0x18
04 0799ffb8 77e6608b SMTPSVC!TcpRegNotifyThread+0xde
05 0799ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 27
System Thread ID: cf4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
 # ChildEBP RetAddr
00 079dff1c 7c822124 ntdll!KiFastSystemCallRet
01 079dff20 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 079dff90 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 079dffa4 4f08ef41 kernel32!WaitForSingleObject+0x12
04 079dffb8 77e6608b SMTPSVC!FreeLibThread+0x2e
05 079dffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 28
System Thread ID: e3c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 07a9fe18 7c821c54 ntdll!KiFastSystemCallRet
01 07a9fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
02 07a9ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 07a9ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
04 07a9ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 07a9ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 07a9ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 29
System Thread ID: 13ec
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 07b6fecc 7c822114 ntdll!KiFastSystemCallRet
01 07b6fed0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 07b6ff78 01a01f3b kernel32!WaitForMultipleObjectsEx+0x11a
03 07b6ffb0 01a02060 tranmsg+0x1f3b
04 07b6ffb8 77e6608b tranmsg+0x2060
05 07b6ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 30
System Thread ID: 87c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 07beff0c 7c822124 ntdll!KiFastSystemCallRet
01 07beff10 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 07beff80 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 07beff94 62ec49e5 kernel32!WaitForSingleObject+0x12
04 07beffb8 77e6608b dsaccess+0x349e5
05 07beffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 31
System Thread ID: 3c4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 07c3fe18 7c821c54 ntdll!KiFastSystemCallRet
01 07c3fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
02 07c3ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 07c3ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
04 07c3ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 07c3ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 07c3ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 32
System Thread ID: 1220
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 07cefecc 7c822114 ntdll!KiFastSystemCallRet
01 07cefed0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 07ceff78 62efa634 kernel32!WaitForMultipleObjectsEx+0x11a
03 07ceffb0 62efa759 dsaccess+0x6a634
04 07ceffb8 77e6608b dsaccess+0x6a759
05 07ceffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 33
System Thread ID: 1070
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 07d2f680 7c822114 ntdll!KiFastSystemCallRet
01 07d2f684 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 07d2f72c 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 07d2f748 62ec5815 kernel32!WaitForMultipleObjects+0x18
04 07d2ffb0 62eebd00 dsaccess+0x35815
05 07d2ffb8 77e6608b dsaccess+0x5bd00
06 07d2ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 34
System Thread ID: 9b0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 07d6fe98 7c822114 ntdll!KiFastSystemCallRet
01 07d6fe9c 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 07d6ff44 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 07d6ff60 62f35006 kernel32!WaitForMultipleObjects+0x18
04 07d6ffb0 62f354ed Epoxy+0x5006
05 07d6ffb8 77e6608b Epoxy+0x54ed
06 07d6ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 35
System Thread ID: adc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 081efe0c 7c822124 ntdll!KiFastSystemCallRet
01 081efe10 71b23a09 ntdll!NtWaitForSingleObject+0xc
02 081efe4c 71b23a52 mswsock!SockWaitForSingleObject+0x19d
03 081eff3c 71c0470c mswsock!WSPSelect+0x380
04 081eff8c 686264b5 WS2_32!select+0xb9
05 081effb4 68626806 LSATQ!ATQ_BMON_SET::BmonThreadFunc+0x22
06 081effb8 77e6608b LSATQ!BmonThreadFunc+0x9
07 081effec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 36
System Thread ID: 738
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0832ff00 7c822124 ntdll!KiFastSystemCallRet
01 0832ff04 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 0832ff74 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 0832ff88 62ec578b kernel32!WaitForSingleObject+0x12
04 0832ffb8 77e6608b dsaccess+0x3578b
05 0832ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 37
System Thread ID: 1730
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr
00 083aff7c 7c821bf4 ntdll!KiFastSystemCallRet
01 083aff80 71b23eb4 ntdll!NtRemoveIoCompletion+0xc
02 083affb8 77e6608b mswsock!SockAsyncThread+0x69
03 083affec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 38
System Thread ID: 145c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
*** ERROR: Symbol file could not be found.  Defaulted to export symbols
for C:\Program Files\Exchsrvr\bin\ifsproxy.dll -
Thread Type: Other
 # ChildEBP RetAddr
00 084eff34 7c821bf4 ntdll!KiFastSystemCallRet
01 084eff38 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 084eff64 62292084 kernel32!GetQueuedCompletionStatus+0x29
WARNING: Stack unwind information not available. Following frames may
be wrong.
03 084effb8 77e6608b ifsproxy!CIfsGlobals::operator=+0x7e
04 084effec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 39
System Thread ID: 1058
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0856ff10 7c822124 ntdll!KiFastSystemCallRet
01 0856ff14 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 0856ff84 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 0856ff98 618d3c78 kernel32!WaitForSingleObject+0x12
04 0856ffb8 77e6608b iisif+0x3c78
05 0856ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 40
System Thread ID: 12c0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 085afe90 7c822114 ntdll!KiFastSystemCallRet
01 085afe94 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 085aff3c 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 085aff58 62f33a01 kernel32!WaitForMultipleObjects+0x18
04 085affb0 62f33cbb Epoxy+0x3a01
05 085affb8 77e6608b Epoxy+0x3cbb
06 085affec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 41
System Thread ID: 116c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 085efe90 7c822114 ntdll!KiFastSystemCallRet
01 085efe94 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 085eff3c 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 085eff58 62f33a01 kernel32!WaitForMultipleObjects+0x18
04 085effb0 62f33cbb Epoxy+0x3a01
05 085effb8 77e6608b Epoxy+0x3cbb
06 085effec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 42
System Thread ID: 116c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 085efe90 7c822114 ntdll!KiFastSystemCallRet
01 085efe94 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 085eff3c 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 085eff58 62f33a01 kernel32!WaitForMultipleObjects+0x18
04 085effb0 62f33cbb Epoxy+0x3a01
05 085effb8 77e6608b Epoxy+0x3cbb
06 085effec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 43
System Thread ID: e90
Kernel Time: 0:0:0.15
User Time: 0:0:0.31
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 0864fe18 7c821c54 ntdll!KiFastSystemCallRet
01 0864fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
02 0864ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 0864ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
04 0864ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 0864ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 0864ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 44
System Thread ID: 718
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 0868feac 7c821bf4 ntdll!KiFastSystemCallRet
01 0868feb0 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 0868fedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29
03 0868ff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1
04 0868ff84 77c5f9f1 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117
05 0868ff8c 77c5f7dd RPCRT4!ProcessIOEventsWrapper+0xd
06 0868ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
07 0868ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
08 0868ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 45
System Thread ID: 14c4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 086cff0c 7c822124 ntdll!KiFastSystemCallRet
01 086cff10 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 086cff80 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 086cff94 61fa5ea8 kernel32!WaitForSingleObject+0x12
04 086cffb8 77e6608b phatq+0x15ea8
05 086cffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 46
System Thread ID: 16bc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0875fe70 7c822114 ntdll!KiFastSystemCallRet
01 0875fe74 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 0875ff1c 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 0875ff38 6215ff0b kernel32!WaitForMultipleObjects+0x18
04 0875ffb0 62196fd7 reapi+0xff0b
05 0875ffb8 77e6608b reapi+0x46fd7
06 0875ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 47
System Thread ID: 14a0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: SMTP Service Worker Thread
 # ChildEBP RetAddr
00 087dfe7c 7c822114 ntdll!KiFastSystemCallRet
01 087dfe80 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 087dff28 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 087dff44 61fa5d38 kernel32!WaitForMultipleObjects+0x18
04 087dffa4 4f081cd6 phatq+0x15d38
05 087dffb8 77e6608b SMTPSVC!PERSIST_QUEUE::QueueThreadRoutine+0x23
06 087dffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 48
System Thread ID: 1684
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr
00 0882ff54 7c821bf4 ntdll!KiFastSystemCallRet
01 0882ff58 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 0882ff84 08765b87 kernel32!GetQueuedCompletionStatus+0x29
03 0882ffb8 77e6608b drviis+0x5b87
04 0882ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 49
System Thread ID: bd0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr
00 0886ff54 7c821bf4 ntdll!KiFastSystemCallRet
01 0886ff58 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 0886ff84 08765b87 kernel32!GetQueuedCompletionStatus+0x29
03 0886ffb8 77e6608b drviis+0x5b87
04 0886ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 50
System Thread ID: 1478
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr
00 088aff54 7c821bf4 ntdll!KiFastSystemCallRet
01 088aff58 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 088aff84 08765b87 kernel32!GetQueuedCompletionStatus+0x29
03 088affb8 77e6608b drviis+0x5b87
04 088affec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 51
System Thread ID: 11c0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr
00 088eff54 7c821bf4 ntdll!KiFastSystemCallRet
01 088eff58 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 088eff84 08765b87 kernel32!GetQueuedCompletionStatus+0x29
03 088effb8 77e6608b drviis+0x5b87
04 088effec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 52
System Thread ID: f24
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0894fe90 7c822114 ntdll!KiFastSystemCallRet
01 0894fe94 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 0894ff3c 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 0894ff58 62f33a01 kernel32!WaitForMultipleObjects+0x18
04 0894ffb0 62f33cbb Epoxy+0x3a01
05 0894ffb8 77e6608b Epoxy+0x3cbb
06 0894ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 53
System Thread ID: 81c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0898ab2c 7c822124 ntdll!KiFastSystemCallRet
01 0898ab30 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 0898aba0 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 0898abb4 62ec548a kernel32!WaitForSingleObject+0x12
04 0899ff84 77bcb530 dsaccess+0x3548a
05 0899ffb8 77e6608b msvcrt!_endthreadex+0xa3
06 0899ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 54
System Thread ID: 1768
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 089dff04 7c822124 ntdll!KiFastSystemCallRet
01 089dff08 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 089dff78 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 089dff8c 621ad58a kernel32!WaitForSingleObject+0x12
04 089dffb0 621ad714 reapi+0x5d58a
05 089dffb8 77e6608b reapi+0x5d714
06 089dffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 55
System Thread ID: 114c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 08a3feb4 7c822114 ntdll!KiFastSystemCallRet
01 08a3feb8 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 08a3ff60 62156563 kernel32!WaitForMultipleObjectsEx+0x11a
03 08a3ff98 62156300 reapi+0x6563
04 08a3ffb0 6218bfc6 reapi+0x6300
05 08a3ffb8 77e6608b reapi+0x3bfc6
06 08a3ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 56
System Thread ID: 140
Kernel Time: 0:0:0.78
User Time: 0:0:0.140
Thread Type: Other
 # ChildEBP RetAddr
00 0871ff50 7c821bf4 ntdll!KiFastSystemCallRet
01 0871ff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 0871ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x29
03 0871ffb8 77e6608b LSATQ!AtqPoolThread+0x40
04 0871ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 57
System Thread ID: 11fc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 08a7fe98 7c822114 ntdll!KiFastSystemCallRet
01 08a7fe9c 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 08a7ff44 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 08a7ff60 019b817d kernel32!WaitForMultipleObjects+0x18
04 08a7ffb0 019b0053 resvc+0x2817d
05 08a7ffb8 77e6608b resvc+0x20053
06 08a7ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 58
System Thread ID: a5c
Kernel Time: 0:0:0.15
User Time: 0:0:0.15
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 08abfc90 7c822124 ntdll!KiFastSystemCallRet
01 08abfc94 71b23a09 ntdll!NtWaitForSingleObject+0xc
02 08abfcd0 71b23a52 mswsock!SockWaitForSingleObject+0x19d
03 08abfdc0 71c0470c mswsock!WSPSelect+0x380
04 08abfe10 76f14a0f WS2_32!select+0xb9
05 08abfe64 76f1e6da WLDAP32!DrainWinsock+0x2fc
06 08abfeb0 76f165ed WLDAP32!LdapWaitForResponseFromServer+0x325
07 08abfeec 76f2a264 WLDAP32!ldap_result_with_error+0x109
08 08abff1c 62e92f9f WLDAP32!ldap_result+0x4b
09 08abff5c 62e92d34 dsaccess+0x2f9f
0a 08abff8c 62ec4a50 dsaccess+0x2d34
0b 08abffb8 77e6608b dsaccess+0x34a50
0c 08abffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 59
System Thread ID: 1658
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: HTTP Listener
 # ChildEBP RetAddr
00 08b9fe0c 7c822124 ntdll!KiFastSystemCallRet
01 08b9fe10 71b23a09 ntdll!NtWaitForSingleObject+0xc
02 08b9fe4c 71b23a52 mswsock!SockWaitForSingleObject+0x19d
03 08b9ff3c 71c0470c mswsock!WSPSelect+0x380
04 08b9ff8c 63ec4696 WS2_32!select+0xb9
05 08b9ffb4 63ec4700 ISATQ!ATQ_BMON_SET::BmonThreadFunc+0x22
06 08b9ffb8 77e6608b ISATQ!BmonThreadFunc+0x9
07 63ec4700 8b575600 kernel32!BaseThreadStart+0x34
WARNING: Frame IP not in any known module. Following frames may be
wrong.
08 04c2c033 00000000 0x8b575600




Thread ID: 60
System Thread ID: c64
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 09a6fecc 7c822114 ntdll!KiFastSystemCallRet
01 09a6fed0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 09a6ff78 01a01f3b kernel32!WaitForMultipleObjectsEx+0x11a
03 09a6ffb0 01a02060 tranmsg+0x1f3b
04 09a6ffb8 77e6608b tranmsg+0x2060
05 09a6ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 61
System Thread ID: 990
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
 # ChildEBP RetAddr
00 09aaff50 7c821bf4 ntdll!KiFastSystemCallRet
01 09aaff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 09aaff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x29
03 09aaffb8 77e6608b ISATQ!AtqPoolThread+0x40
04 09aaffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 62
System Thread ID: 169c
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 09afff18 7c822124 ntdll!KiFastSystemCallRet
01 09afff1c 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 09afff8c 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 09afffa0 09a1d460 kernel32!WaitForSingleObject+0x12
04 09afffb8 77e6608b miscat+0xd460
05 09afffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 63
System Thread ID: 10c0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 09b3fde8 7c822124 ntdll!KiFastSystemCallRet
01 09b3fdec 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 09b3fe5c 76f29e92 kernel32!WaitForSingleObjectEx+0xac
03 09b3feb0 76f165ed WLDAP32!LdapWaitForResponseFromServer+0x409
04 09b3feec 76f2a264 WLDAP32!ldap_result_with_error+0x109
05 09b3ff1c 62e92f9f WLDAP32!ldap_result+0x4b
06 09b3ff5c 62e92d34 dsaccess+0x2f9f
07 09b3ff8c 62ec4a50 dsaccess+0x2d34
08 09b3ffb8 77e6608b dsaccess+0x34a50
09 09b3ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 64
System Thread ID: 224
Kernel Time: 0:0:0.0
User Time: 0:0:0.31
Thread Type: Other
 # ChildEBP RetAddr
00 09b7ff70 7c821bf4 ntdll!KiFastSystemCallRet
01 09b7ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
02 09b7ffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
03 09b7ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 65
System Thread ID: 11e8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 09befeac 7c821bf4 ntdll!KiFastSystemCallRet
01 09befeb0 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 09befedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29
03 09beff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1
04 09beff84 77c5f9f1 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117
05 09beff8c 77c5f7dd RPCRT4!ProcessIOEventsWrapper+0xd
06 09beffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
07 09beffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
08 09beffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 66
System Thread ID: 11e8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 09befeac 7c821bf4 ntdll!KiFastSystemCallRet
01 09befeb0 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 09befedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29
03 09beff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1
04 09beff84 77c5f9f1 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117
05 09beff8c 77c5f7dd RPCRT4!ProcessIOEventsWrapper+0xd
06 09beffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
07 09beffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
08 09beffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 67
System Thread ID: 1524
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 09cdab2c 7c822124 ntdll!KiFastSystemCallRet
01 09cdab30 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 09cdaba0 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 09cdabb4 62ec548a kernel32!WaitForSingleObject+0x12
04 09ceff84 77bcb530 dsaccess+0x3548a
05 09ceffb8 77e6608b msvcrt!_endthreadex+0xa3
06 09ceffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 68
System Thread ID: 1148
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 09d2ff04 7c822124 ntdll!KiFastSystemCallRet
01 09d2ff08 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 09d2ff78 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 09d2ff8c 09c75b0e kernel32!WaitForSingleObject+0x12
04 09d2ffb0 09c75c98 phatcat+0x45b0e
05 09d2ffb8 77e6608b phatcat+0x45c98
06 09d2ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 69
System Thread ID: 1648
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 09d5ab2c 7c822124 ntdll!KiFastSystemCallRet
01 09d5ab30 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 09d5aba0 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 09d5abb4 62ec548a kernel32!WaitForSingleObject+0x12
04 09d6ff84 77bcb530 dsaccess+0x3548a
05 09d6ffb8 77e6608b msvcrt!_endthreadex+0xa3
06 09d6ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 70
System Thread ID: 13b4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 09daff04 7c822124 ntdll!KiFastSystemCallRet
01 09daff08 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 09daff78 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 09daff8c 09c75b0e kernel32!WaitForSingleObject+0x12
04 09daffb0 09c75c98 phatcat+0x45b0e
05 09daffb8 77e6608b phatcat+0x45c98
06 09daffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 71
System Thread ID: 834
Kernel Time: 0:0:0.78
User Time: 0:0:0.125
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 09deff0c 7c822124 ntdll!KiFastSystemCallRet
01 09deff10 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 09deff80 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 09deff94 61fa5db5 kernel32!WaitForSingleObject+0x12
04 09deffb8 77e6608b phatq+0x15db5
05 09deffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 72
System Thread ID: e6c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
 # ChildEBP RetAddr
00 09e8ff14 7739c78d ntdll!KiFastSystemCallRet
01 09e8ff34 77694ff1 USER32!NtUserGetMessage+0xc
02 09e8ff74 776cf35b ole32!CDllHost::STAWorkerLoop+0x72
03 09e8ff90 776cf2a3 ole32!CDllHost::WorkerThread+0xc8
04 09e8ff98 776b2307 ole32!DLLHostThreadEntry+0xd
05 09e8ffac 776b2374 ole32!CRpcThread::WorkerLoop+0x1e
06 09e8ffb8 77e6608b ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x20
07 09e8ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 73
System Thread ID: 14d8
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0a3bfde8 7c822124 ntdll!KiFastSystemCallRet
01 0a3bfdec 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 0a3bfe5c 76f29e92 kernel32!WaitForSingleObjectEx+0xac
03 0a3bfeb0 76f165ed WLDAP32!LdapWaitForResponseFromServer+0x409
04 0a3bfeec 76f2a264 WLDAP32!ldap_result_with_error+0x109
05 0a3bff1c 62e92f9f WLDAP32!ldap_result+0x4b
06 0a3bff5c 62e92d34 dsaccess+0x2f9f
07 0a3bff8c 62ec4a50 dsaccess+0x2d34
08 0a3bffb8 77e6608b dsaccess+0x34a50
09 0a3bffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 74
System Thread ID: 1398
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0aaffde8 7c822124 ntdll!KiFastSystemCallRet
01 0aaffdec 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 0aaffe5c 76f29e92 kernel32!WaitForSingleObjectEx+0xac
03 0aaffeb0 76f165ed WLDAP32!LdapWaitForResponseFromServer+0x409
04 0aaffeec 76f2a264 WLDAP32!ldap_result_with_error+0x109
05 0aafff1c 62e92f9f WLDAP32!ldap_result+0x4b
06 0aafff5c 62e92d34 dsaccess+0x2f9f
07 0aafff8c 62ec4a50 dsaccess+0x2d34
08 0aafffb8 77e6608b dsaccess+0x34a50
09 0aafffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 75
System Thread ID: 1798
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
 # ChildEBP RetAddr
00 0ab3fde8 7c822124 ntdll!KiFastSystemCallRet
01 0ab3fdec 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 0ab3fe5c 76f29e92 kernel32!WaitForSingleObjectEx+0xac
03 0ab3feb0 76f165ed WLDAP32!LdapWaitForResponseFromServer+0x409
04 0ab3feec 76f2a264 WLDAP32!ldap_result_with_error+0x109
05 0ab3ff1c 62e92f9f WLDAP32!ldap_result+0x4b
06 0ab3ff5c 62e92d34 dsaccess+0x2f9f
07 0ab3ff8c 62ec4a50 dsaccess+0x2d34
08 0ab3ffb8 77e6608b dsaccess+0x34a50
09 0ab3ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 76
System Thread ID: 810
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 2048fe18 7c821c54 ntdll!KiFastSystemCallRet
01 2048fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
02 2048ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 2048ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
04 2048ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 2048ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 2048ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 77
System Thread ID: 810
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 2048fe18 7c821c54 ntdll!KiFastSystemCallRet
01 2048fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
02 2048ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 2048ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
04 2048ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 2048ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 2048ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 78
System Thread ID: 10e0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 2050fe18 7c821c54 ntdll!KiFastSystemCallRet
01 2050fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
02 2050ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 2050ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
04 2050ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 2050ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 2050ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 79
System Thread ID: 1330
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
 # ChildEBP RetAddr
00 2054ff50 7c821bf4 ntdll!KiFastSystemCallRet
01 2054ff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 2054ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x29
03 2054ffb8 77e6608b LSATQ!AtqPoolThread+0x40
04 2054ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 80
System Thread ID: d9c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 2062fe18 7c821c54 ntdll!KiFastSystemCallRet
01 2062fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
02 2062ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 2062ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
04 2062ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 2062ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 2062ffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 81
System Thread ID: 16e0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 00bffe18 7c821c54 ntdll!KiFastSystemCallRet
01 00bffe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
02 00bfff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 00bfff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
04 00bfffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 00bfffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 00bfffec 00000000 kernel32!BaseThreadStart+0x34




Thread ID: 82
System Thread ID: 1560
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page.  Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

 # ChildEBP RetAddr
00 205afe18 7c821c54 ntdll!KiFastSystemCallRet
01 205afe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
02 205aff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 205aff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
04 205affac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 205affb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 205affec 00000000 kernel32!BaseThreadStart+0x34

Closing open log file C:\iisstate\output\IISState-5500.log

0
12/5/2006 2:34:56 AM
exchange.admin 57650 articles. 1 followers. Follow

23 Replies
892 Views

Similar Articles

[PageSpeed] 44

google@itpcny.com wrote:
> Sorry, if this is consider a double-post. Anyway, I have a Exchange
> 2003 SP2 server running on Windows 2003 SP1 and IIS keeps crashing
> unexpectedly. I installed all the latest windows updates, rebooted,
> same thing. Seems to keep occuring every 15-20 mins. I found a KB

Please see
http://groups.google.com/group/microsoft.public.exchange.admin/browse_frm/thread/c3139cc2d05f77c7/b641639e4256fa04?lnk=st&q=&rnum=2#b641639e4256fa04

-- 
If my message is helpful, please help me by registering at 
http://www.openoffice.org/servlets/Join and voting for the following issues:
http://www.openoffice.org/issues/show_bug.cgi?id=70753
http://www.openoffice.org/issues/show_bug.cgi?id=15220
http://www.openoffice.org/issues/show_bug.cgi?id=10931
http://www.openoffice.org/issues/show_bug.cgi?id=35579
http://www.openoffice.org/issues/show_bug.cgi?id=32785
http://www.openoffice.org/issues/show_bug.cgi?id=29807
http://www.openoffice.org/issues/show_bug.cgi?id=67838
http://www.openoffice.org/issues/show_bug.cgi?id=39527
http://www.openoffice.org/issues/show_bug.cgi?id=64785

Thank you very much!
0
kpalagin (1838)
12/5/2006 11:38:50 AM
'libspamhunter!bltModGetVersion' is Symantec.

Raise a call with them regarding the product you have installed and are
using on the server, in the interim to keep the Exchange Server up and
running consider disabling it

Oliver 


0
o.moazzeziNO (822)
12/5/2006 3:15:16 PM
We are seeing the exact same issue with nearly the exact same setup 
(Exchange 2003 SP2 on Windows 2003 SP1 with SMSMSE 5.0.4.363) every 15 
minutes on the average the thing blows with events 7031 and 7034.

Just started in the last few days.

- MEK

"Oliver Moazzezi" <o.moazzeziNO@SPAMfreenet.co.uk> wrote in message 
news:evYPtAIGHHA.2464@TK2MSFTNGP06.phx.gbl...
> 'libspamhunter!bltModGetVersion' is Symantec.
>
> Raise a call with them regarding the product you have installed and are
> using on the server, in the interim to keep the Exchange Server up and
> running consider disabling it
>
> Oliver
> 

0
nospam7515 (2085)
12/5/2006 4:05:26 PM
I've handed off what you have posted here to my Exchange Team and will let 
you know how the workaround goes.

Thanks much for the heads-up.

- MEK

"Chris" <Chris@discussions.microsoft.com> wrote in message 
news:DB090753-9CCD-4527-A352-7273757AA1C1@microsoft.com...
> Ok, guys.  Just got off the phone with Symantec.  As I suspected, there 
> was a
> bad ruleset included with a recent update.  And surprising me was the fact
> that they actually admitted this and told me how to work around it.  They 
> are
> working on a new rule set that will be posted as an update hopefully today 
> or
> tomorrow, but in the meantime here is the workaround from the email they 
> sent
> me.  Be sure to make a backup of the .xml file before proceeding. 
> Apparently
> there is no further action required - the update will fix the ruleset in 
> the
> .xml automatically:
>
> Greetings,Chris
> To modify bmiconfig.xml to work around the issue:
> Open the services menu by going to Start -> Run and typing services.msc
> Stop the Symantec Mail security for Microsoft exchange service, and the
> Symantec Mail security spam statistics service, if they are started
> Open <system drive>:\Program
> iles\Symantec\SMSMSE\5.0\Server\SpamPrevention\bmiconfig.xml in a text 
> editor
> such as notepad
> Go to the File menu, choose save as, and save the file as bmiconfig.old
> Delete the following strings:
>
>    <ruleType>header_regex</ruleType>
>
>  <ruleType>body_regex</ruleType>
>
>  <ruleType>lang_header_regex</ruleType>
>
>  <ruleType>lang_body_regex</ruleType>
>
>  <ruleType>bodysig</ruleType>
>
>
>
> ·         Once those entries are deleted, go to the File menu, and choose
> save as, save the file as bmiconfig.xml
>
> ·         Restart the Symantec mail security for Microsoft exchange 
> service;
> it is not necessary to restart the Spam statistics service.
>
>
> Sincerely,Rudy
>
> --------------------------------------------------------------------------------
>
>
> Symantec Technical Support
>
> I don't usually cross-post, but I'm going to throw this out on the few 
> other
> threads for this topic, so don't kill me.  Good luck!
>
> -Chris
>
> "Chris" wrote:
>
>> Same thing - this is getting to be quite the epidemic.  We are seeing 
>> this on
>> 3 separate customers now.  The first one started last Wednesday, the 
>> other
>> two yesterday.  All 3 servers are running Exchange 2003 and Symantec 
>> AV/Mail
>> Security with premium antispam.  The only difference is that the 1st 
>> server
>> affected is runing version 4.5 of Mail Sec, while the other two are 
>> running
>> the latest version.  Disabling the Symantec premium antispam stops the
>> problem.
>>
>> It's clear that there's either a coding error in the latest spam update, 
>> or
>> someone has figured out an exploit in the antispam software.  Either way
>> Symantec has nothing posted on their site concerning this - typical, huh?
>> I'm going to call them, but I feel completely confident that they will 
>> never
>> admit their software is screwed up, so we're probably on our own.  I'll 
>> post
>> again if I come up with anything, please do the same if any of you do.
>>
>> -Chris
>>
>> "Michael Edward Kohlman" wrote:
>>
>> > We are seeing the exact same issue with nearly the exact same setup
>> > (Exchange 2003 SP2 on Windows 2003 SP1 with SMSMSE 5.0.4.363) every 15
>> > minutes on the average the thing blows with events 7031 and 7034.
>> >
>> > Just started in the last few days.
>> >
>> > - MEK
>> >
>> > "Oliver Moazzezi" <o.moazzeziNO@SPAMfreenet.co.uk> wrote in message
>> > news:evYPtAIGHHA.2464@TK2MSFTNGP06.phx.gbl...
>> > > 'libspamhunter!bltModGetVersion' is Symantec.
>> > >
>> > > Raise a call with them regarding the product you have installed and 
>> > > are
>> > > using on the server, in the interim to keep the Exchange Server up 
>> > > and
>> > > running consider disabling it
>> > >
>> > > Oliver
>> > >
>> > 

0
nospam7515 (2085)
12/5/2006 7:40:22 PM
Just an FYI - same setup, exact same thing happening to me - last couple 
days can't seem to keep things running - getting through to symantec is near 
impossible.... anybody else have any luck?






"Michael Edward Kohlman" <NoSpam@NoSpam.com> wrote in message 
news:15000438-C4E9-4568-B262-65DCF029FA76@microsoft.com...
> I've handed off what you have posted here to my Exchange Team and will let 
> you know how the workaround goes.
>
> Thanks much for the heads-up.
>
> - MEK
>
> "Chris" <Chris@discussions.microsoft.com> wrote in message 
> news:DB090753-9CCD-4527-A352-7273757AA1C1@microsoft.com...
>> Ok, guys.  Just got off the phone with Symantec.  As I suspected, there 
>> was a
>> bad ruleset included with a recent update.  And surprising me was the 
>> fact
>> that they actually admitted this and told me how to work around it.  They 
>> are
>> working on a new rule set that will be posted as an update hopefully 
>> today or
>> tomorrow, but in the meantime here is the workaround from the email they 
>> sent
>> me.  Be sure to make a backup of the .xml file before proceeding. 
>> Apparently
>> there is no further action required - the update will fix the ruleset in 
>> the
>> .xml automatically:
>>
>> Greetings,Chris
>> To modify bmiconfig.xml to work around the issue:
>> Open the services menu by going to Start -> Run and typing services.msc
>> Stop the Symantec Mail security for Microsoft exchange service, and the
>> Symantec Mail security spam statistics service, if they are started
>> Open <system drive>:\Program
>> iles\Symantec\SMSMSE\5.0\Server\SpamPrevention\bmiconfig.xml in a text 
>> editor
>> such as notepad
>> Go to the File menu, choose save as, and save the file as bmiconfig.old
>> Delete the following strings:
>>
>>    <ruleType>header_regex</ruleType>
>>
>>  <ruleType>body_regex</ruleType>
>>
>>  <ruleType>lang_header_regex</ruleType>
>>
>>  <ruleType>lang_body_regex</ruleType>
>>
>>  <ruleType>bodysig</ruleType>
>>
>>
>>
>> �         Once those entries are deleted, go to the File menu, and choose
>> save as, save the file as bmiconfig.xml
>>
>> �         Restart the Symantec mail security for Microsoft exchange 
>> service;
>> it is not necessary to restart the Spam statistics service.
>>
>>
>> Sincerely,Rudy
>>
>> --------------------------------------------------------------------------------
>>
>>
>> Symantec Technical Support
>>
>> I don't usually cross-post, but I'm going to throw this out on the few 
>> other
>> threads for this topic, so don't kill me.  Good luck!
>>
>> -Chris
>>
>> "Chris" wrote:
>>
>>> Same thing - this is getting to be quite the epidemic.  We are seeing 
>>> this on
>>> 3 separate customers now.  The first one started last Wednesday, the 
>>> other
>>> two yesterday.  All 3 servers are running Exchange 2003 and Symantec 
>>> AV/Mail
>>> Security with premium antispam.  The only difference is that the 1st 
>>> server
>>> affected is runing version 4.5 of Mail Sec, while the other two are 
>>> running
>>> the latest version.  Disabling the Symantec premium antispam stops the
>>> problem.
>>>
>>> It's clear that there's either a coding error in the latest spam update, 
>>> or
>>> someone has figured out an exploit in the antispam software.  Either way
>>> Symantec has nothing posted on their site concerning this - typical, 
>>> huh?
>>> I'm going to call them, but I feel completely confident that they will 
>>> never
>>> admit their software is screwed up, so we're probably on our own.  I'll 
>>> post
>>> again if I come up with anything, please do the same if any of you do.
>>>
>>> -Chris
>>>
>>> "Michael Edward Kohlman" wrote:
>>>
>>> > We are seeing the exact same issue with nearly the exact same setup
>>> > (Exchange 2003 SP2 on Windows 2003 SP1 with SMSMSE 5.0.4.363) every 15
>>> > minutes on the average the thing blows with events 7031 and 7034.
>>> >
>>> > Just started in the last few days.
>>> >
>>> > - MEK
>>> >
>>> > "Oliver Moazzezi" <o.moazzeziNO@SPAMfreenet.co.uk> wrote in message
>>> > news:evYPtAIGHHA.2464@TK2MSFTNGP06.phx.gbl...
>>> > > 'libspamhunter!bltModGetVersion' is Symantec.
>>> > >
>>> > > Raise a call with them regarding the product you have installed and 
>>> > > are
>>> > > using on the server, in the interim to keep the Exchange Server up 
>>> > > and
>>> > > running consider disabling it
>>> > >
>>> > > Oliver
>>> > >
>>> >
> 


0
12/6/2006 5:21:47 PM
Thanks Chris & everybody else, I didn't get to follow up on this
yesterday but it seems the issue resolved itself sometime yesterday
morning. The server was rebooted about 9:30a, then the services
terminated a couple of minutes thereafter. After it reset itself,
everything has been stable. Not sure if Symantec released an update
that resolved the issue. I do have one of the users complaining that
all spam seems to be going to there Inbox instead of the Spam folder.

0
12/6/2006 5:35:11 PM
I just got off the phone with symantec - the issue hasn't been fixed yet - 
I'm going to test which line out of the 5 might be causing the issue - after 
our server was rebooted this morning the log shows the services restarting 
quickly after it was closed so it did stay up after reboot but the issue 
remained until I fixed the xml file.


<google@itpcny.com> wrote in message 
news:1165426511.680563.272590@73g2000cwn.googlegroups.com...
> Thanks Chris & everybody else, I didn't get to follow up on this
> yesterday but it seems the issue resolved itself sometime yesterday
> morning. The server was rebooted about 9:30a, then the services
> terminated a couple of minutes thereafter. After it reset itself,
> everything has been stable. Not sure if Symantec released an update
> that resolved the issue. I do have one of the users complaining that
> all spam seems to be going to there Inbox instead of the Spam folder.
> 


0
12/6/2006 6:10:03 PM
The workaround changes recommended by Symantec did resolve the crashing 
issue but the amount of SPAM getting through to our end-users is up as a 
result.

This is getting fairly annoying....

- MEK

"DavidH" <david_haskell@NOSPAMpleasekyzen.com> wrote in message 
news:OgvBCHWGHHA.1188@TK2MSFTNGP06.phx.gbl...
>I just got off the phone with symantec - the issue hasn't been fixed yet - 
>I'm going to test which line out of the 5 might be causing the issue - 
>after our server was rebooted this morning the log shows the services 
>restarting quickly after it was closed so it did stay up after reboot but 
>the issue remained until I fixed the xml file.
>
>
> <google@itpcny.com> wrote in message 
> news:1165426511.680563.272590@73g2000cwn.googlegroups.com...
>> Thanks Chris & everybody else, I didn't get to follow up on this
>> yesterday but it seems the issue resolved itself sometime yesterday
>> morning. The server was rebooted about 9:30a, then the services
>> terminated a couple of minutes thereafter. After it reset itself,
>> everything has been stable. Not sure if Symantec released an update
>> that resolved the issue. I do have one of the users complaining that
>> all spam seems to be going to there Inbox instead of the Spam folder.
>>
>
> 

0
nospam7515 (2085)
12/6/2006 7:42:25 PM
All,

I just finished an hour long wait on tech support with Symantec for
Symantec Mail Security for Exchange v 5.0.4.363.  They have a
workaround that disables the "suspected" spam filtering until they have
a final fix.  I am posting their fix here.


IIS buffer overrun issues with libspamhunter.dll:

Situation:

Situation: IIS crashes every 5-25 minutes, with errors in the event log
similar to:

The description for Event ID ( 1 ) in Source ( IISCTLS ) cannot be
found. The local computer may not have the necessary registry
information or message DLL files to display messages from a remote
computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description; see Help and Support for details. The following
information is part of the event: NT AUTHORITY\SYSTEM.

Solution:

At this time,  the recommended workaround is to modify brightmail to no
longer use the rulesets that are causing the issue.

To modify bmiconfig.xml to work around the issue:
Open the services menu by going to Start -> Run and typing services.msc

Stop the Symantec Mail security for Microsoft exchange service, and the
Symantec Mail security spam statistics service, if they are started
Open <system drive>:\Program
iles\Symantec\SMSMSE\5.0\Server\SpamPrevention\bmiconfig.xml in a text
editor such as notepad
Go to the File menu, choose save as, and save the file as bmiconfig.old

Delete the following strings:

  <ruleType>header_regex</ruleType>
  <ruleType>body_regex</ruleType>
  <ruleType>lang_header_regex</ruleType>
  <ruleType>lang_body_regex</ruleType>
  <ruleType>bodysig</ruleType>

Once those entries are deleted, go to the File menu, and choose save
as, save the file as bmiconfig.xml
Restart the Symantec mail security for Microsoft exchange service; it
is not necessary to restart the Spam statistics service.
This workaround should temporarily resolve the issue until the root
cause can be addressed.


I have performed these steps as it should at least keep us from having
to revive OWA every half an hour.  I didn't see any gotchas or errors
with this procedure.  Albeit we run in a clustered environment, the
bmiconfig.xml is stored on a local node HDD, so you have to perform the
same procedure on each node, in case you have a failover event before
they get it really fixed.

D

google@itpcny.com wrote:
> Sorry, if this is consider a double-post. Anyway, I have a Exchange
> 2003 SP2 server running on Windows 2003 SP1 and IIS keeps crashing
> unexpectedly. I installed all the latest windows updates, rebooted,
> same thing. Seems to keep occuring every 15-20 mins. I found a KB
> Article pointing to Message Tracking, disabled it, same issue. I found
> several posts telling people to run IISState. I downloaded & ran
> IISState, but I am unclear how to interpret the logs. I will post the
> log here with hopes that someone can help or point me in the right
> direction. Thanks in advance.
>
> Opened log file 'C:\iisstate\output\IISState-5500.log'
>
> ***********************
> Starting new log output
> IISState version 3.3.1
>
> Mon Dec 04 21:27:16 2006
>
> OS = Windows 2003 Server
> Executable: inetinfo.exe
> PID =  5500
>
> Note: Thread times are formatted as HH:MM:SS.ms
>
> ***********************
>
>
> IIS has crashed...
> Beginning Analysis
> *** ERROR: Symbol file could not be found.  Defaulted to export symbols
> for C:\Program Files\Symantec\SMSMSE\5.0\Server\bin\libspamhunter.dll -
>
> DLL (!FunctionName) that failed: libspamhunter!bltModGetVersion
>
>
>
>
> Thread ID: 16
> System Thread ID: ba4
> Kernel Time: 0:0:2.750
> User Time: 0:0:25.500
> Thread Type: Other
>  # ChildEBP RetAddr
> WARNING: Stack unwind information not available. Following frames may
> be wrong.
> 00 1d6cd2b9 20202020 libspamhunter!bltModGetVersion+0x16136
> 01 20202020 00000000 0x20202020
> Closing open log file C:\iisstate\output\IISState-5500.log
> Opened log file 'C:\iisstate\output\IISState-5500.log'
>
> ***********************
> Starting new log output
> IISState version 3.3.1
>
> Mon Dec 04 21:27:16 2006
>
> OS = Windows 2003 Server
> Executable: inetinfo.exe
> PID =  5500
>
> Note: Thread times are formatted as HH:MM:SS.ms
>
> ***********************
>
>
>
>
> Thread ID: 0
> System Thread ID: d2c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.15
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0006f99c 7c821b84 ntdll!KiFastSystemCallRet
> 01 0006f9a0 77e4189f ntdll!NtReadFile+0xc
> 02 0006fa08 77f795ab kernel32!ReadFile+0x16c
> 03 0006fa34 77f7943c ADVAPI32!ScGetPipeInput+0x2a
> 04 0006faa8 77fb2ec9 ADVAPI32!ScDispatcherLoop+0x51
> 05 0006fcec 010027be ADVAPI32!StartServiceCtrlDispatcherA+0x93
> 06 0006fe1c 01002969 inetinfo!StartDispatchTable+0x277
> 07 0006ff44 0100339d inetinfo!main+0x117
> 08 0006ffc0 77e523e5 inetinfo!mainCRTStartup+0x12f
> 09 0006fff0 00000000 kernel32!BaseProcessStart+0x23
>
>
>
>
> Thread ID: 1
> System Thread ID: 3e8
> Kernel Time: 0:0:0.15
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0082fe14 7c822124 ntdll!KiFastSystemCallRet
> 01 0082fe18 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 0082fe88 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 0082fe9c 01002ebf kernel32!WaitForSingleObject+0x12
> 04 0082ffb8 77e6608b inetinfo!W3SVCThreadEntry+0x3d
> 05 0082ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 2
> System Thread ID: 4e4
> Kernel Time: 0:0:0.15
> User Time: 0:0:0.125
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0086fcb8 7c822124 ntdll!KiFastSystemCallRet
> 01 0086fcbc 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 0086fd2c 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 0086fd40 649f26a4 kernel32!WaitForSingleObject+0x12
> 04 0086fd68 010024b3 iisadmin!ServiceEntry+0x28a
> 05 0086ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
> 06 0086ffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
> 07 0086ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 3
> System Thread ID: 11e0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 00c3ff9c 7c821364 ntdll!KiFastSystemCallRet
> 01 00c3ffa0 7c81fe26 ntdll!NtDelayExecution+0xc
> 02 00c3ffb8 77e6608b ntdll!RtlpTimerThread+0x47
> 03 00c3ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 4
> System Thread ID: af4
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 00d4feac 7c822114 ntdll!KiFastSystemCallRet
> 01 00d4feb0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 00d4ff58 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 00d4ff74 56f951ef kernel32!WaitForMultipleObjects+0x18
> 04 00d4ffa0 56f96a06 COADMIN!NOTIFY_CONTEXT::GetNextContext+0x67
> 05 00d4ffb8 77e6608b COADMIN!NOTIFY_CONTEXT::NotifyThreadProc+0x5f
> 06 00d4ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 5
> System Thread ID: 1434
> Kernel Time: 0:0:0.15
> User Time: 0:0:0.62
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 016dfe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 016dfe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 016dff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 016dff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 016dffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 016dffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 016dffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 6
> System Thread ID: 1508
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0171ff10 7c821364 ntdll!KiFastSystemCallRet
> 01 0171ff14 77e41ea7 ntdll!NtDelayExecution+0xc
> 02 0171ff7c 77e424c1 kernel32!SleepEx+0x68
> 03 0171ff8c 776b22a0 kernel32!Sleep+0xf
> 04 0171ff98 776b2307 ole32!CROIDTable::WorkerThreadLoop+0x14
> 05 0171ffa8 77670000 ole32!CRpcThread::WorkerLoop+0x1e
> 06 0171ffb8 77e6608b ole32!_imp__InstallApplication <PERF> (ole32+0x0)
> 07 0171ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 7
> System Thread ID: 9d4
> Kernel Time: 0:0:0.62
> User Time: 0:0:0.234
> Thread Status: Thread is in a WAIT state.
> Thread Type: SMTP Service Worker Thread
>  # ChildEBP RetAddr
> 00 0179fbb8 7c822114 ntdll!KiFastSystemCallRet
> 01 0179fbbc 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 0179fc64 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a
> 03 0179fcc0 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141
> 04 0179fcdc 6c7d63d5 USER32!MsgWaitForMultipleObjects+0x1f
> 05 0179fd28 4f075436 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x231
> 06 0179fd68 010024b3 SMTPSVC!ServiceEntry+0x12b
> 07 0179ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
> 08 0179ffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
> 09 0179ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 8
> System Thread ID: 10e4
> Kernel Time: 0:0:0.78
> User Time: 0:0:0.62
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 017dfbac 7c822114 ntdll!KiFastSystemCallRet
> 01 017dfbb0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 017dfc58 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a
> 03 017dfcb4 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141
> 04 017dfcd0 685a366e USER32!MsgWaitForMultipleObjects+0x1f
> 05 017dfd1c 019a4d10 LNFOCOMM!IIS_SERVICE::StartServiceOperation+0x1d9
> 06 017dfd68 010024b3 resvc+0x14d10
> 07 017dffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
> 08 017dffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
> 09 017dffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 9
> System Thread ID: 16f8
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.31
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 06fcfbb0 7c822114 ntdll!KiFastSystemCallRet
> 01 06fcfbb4 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 06fcfc5c 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a
> 03 06fcfcb8 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141
> 04 06fcfcd4 685a366e USER32!MsgWaitForMultipleObjects+0x1f
> 05 06fcfd20 619269ad LNFOCOMM!IIS_SERVICE::StartServiceOperation+0x1d9
> 06 06fcfd68 010024b3 pop3svc+0x69ad
> 07 06fcffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
> 08 06fcffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
> 09 06fcffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 10
> System Thread ID: 1408
> Kernel Time: 0:0:0.31
> User Time: 0:0:0.15
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0708fbb0 7c822114 ntdll!KiFastSystemCallRet
> 01 0708fbb4 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 0708fc5c 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a
> 03 0708fcb8 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141
> 04 0708fcd4 685a366e USER32!MsgWaitForMultipleObjects+0x1f
> 05 0708fd20 61954198 LNFOCOMM!IIS_SERVICE::StartServiceOperation+0x1d9
> 06 0708fd68 010024b3 imap4svc+0x4198
> 07 0708ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
> 08 0708ffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
> 09 0708ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 11
> System Thread ID: 208
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 070cfec4 7c822114 ntdll!KiFastSystemCallRet
> 01 070cfec8 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 070cff70 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 070cff8c 63042b69 kernel32!WaitForMultipleObjects+0x18
> 04 070cffb8 77e6608b pttrace+0x2b69
> 05 070cffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 12
> System Thread ID: 174c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0710fec8 7c822114 ntdll!KiFastSystemCallRet
> 01 0710fecc 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 0710ff74 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 0710ff90 6304208b kernel32!WaitForMultipleObjects+0x18
> 04 0710ffb8 77e6608b pttrace+0x208b
> 05 0710ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 13
> System Thread ID: 15b8
> Kernel Time: 0:0:0.656
> User Time: 0:0:0.234
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0714fe08 7c822114 ntdll!KiFastSystemCallRet
> 01 0714fe0c 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 0714feb4 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a
> 03 0714ff10 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141
> 04 0714ff2c 679cbbc6 USER32!MsgWaitForMultipleObjects+0x1f
> 05 0714ff80 77bbcefb LisRTL!SchedulerWorkerThread+0xa7
> 06 0714ffb8 77e6608b msvcrt!free+0xc8
> 07 0714ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 14
> System Thread ID: 1680
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0718fe08 7c822114 ntdll!KiFastSystemCallRet
> 01 0718fe0c 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 0718feb4 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a
> 03 0718ff10 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141
> 04 0718ff2c 679cbbc6 USER32!MsgWaitForMultipleObjects+0x1f
> 05 0718ff80 77bbcefb LisRTL!SchedulerWorkerThread+0xa7
> 06 0718ffb8 77e6608b msvcrt!free+0xc8
> 07 0718ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 15
> System Thread ID: 124c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0720fcec 7c822114 ntdll!KiFastSystemCallRet
> 01 0720fcf0 7c83acfd ntdll!NtWaitForMultipleObjects+0xc
> 02 0720ffb8 77e6608b ntdll!RtlpWaitThread+0x161
> 03 0720ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 16
> System Thread ID: ba4
> Kernel Time: 0:0:2.750
> User Time: 0:0:25.500
> Thread Type: Other
>  # ChildEBP RetAddr
> WARNING: Stack unwind information not available. Following frames may
> be wrong.
> 00 1d6cd2b9 20202020 libspamhunter!bltModGetVersion+0x16136
> 01 20202020 00000000 0x20202020
>
>
>
>
> Thread ID: 17
> System Thread ID: e60
> Kernel Time: 0:0:0.234
> User Time: 0:0:0.46
> Thread Type: HTTP Listener
>  # ChildEBP RetAddr
> 00 072cff50 7c821bf4 ntdll!KiFastSystemCallRet
> 01 072cff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 072cff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x29
> 03 072cffb8 77e6608b ISATQ!AtqPoolThread+0x40
> 04 072cffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 18
> System Thread ID: ba0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0738ff50 7c821bf4 ntdll!KiFastSystemCallRet
> 01 0738ff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 0738ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x29
> 03 0738ffb8 77e6608b LSATQ!AtqPoolThread+0x40
> 04 0738ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 19
> System Thread ID: 1324
> Kernel Time: 0:0:0.15
> User Time: 0:0:0.0
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 073cff50 7c821bf4 ntdll!KiFastSystemCallRet
> 01 073cff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 073cff80 68628d05 kernel32!GetQueuedCompletionStatus+0x29
> 03 073cffb8 77e6608b LSATQ!AtqPoolThread+0x40
> 04 073cffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 20
> System Thread ID: b74
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 075cff70 7c821bf4 ntdll!KiFastSystemCallRet
> 01 075cff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
> 02 075cffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
> 03 075cffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 21
> System Thread ID: 544
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 0765fe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 0765fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 0765ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 0765ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 0765ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 0765ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 0765ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 22
> System Thread ID: 1694
> Kernel Time: 0:0:0.15
> User Time: 0:0:0.0
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 0769ff70 7c821364 ntdll!KiFastSystemCallRet
> 01 0769ff74 77c5fa28 ntdll!NtDelayExecution+0xc
> 02 0769ff8c 77c5f824 RPCRT4!TIMER::Wait+0x2b
> 03 0769ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0xe8
> 04 0769ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 05 0769ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 23
> System Thread ID: 1258
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0730fec4 7c822114 ntdll!KiFastSystemCallRet
> 01 0730fec8 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 0730ff70 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 0730ff8c 695324f7 kernel32!WaitForMultipleObjects+0x18
> 04 0730ffb8 77e6608b exstrace!RegNotifyThread+0x6a
> 05 0730ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 24
> System Thread ID: 358
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 076dfec8 7c822114 ntdll!KiFastSystemCallRet
> 01 076dfecc 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 076dff74 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 076dff90 69531a1d kernel32!WaitForMultipleObjects+0x18
> 04 076dffb8 77e6608b exstrace!WriteTraceThread+0x31
> 05 076dffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 25
> System Thread ID: 464
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0785ff18 7c822124 ntdll!KiFastSystemCallRet
> 01 0785ff1c 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 0785ff8c 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 0785ffa0 4ba58f8c kernel32!WaitForSingleObject+0x12
> 04 0785ffb8 77e6608b FCACHDLL!CScheduleThread::ScheduleThread+0x61
> 05 0785ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 26
> System Thread ID: f00
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: SMTP Service Worker Thread
>  # ChildEBP RetAddr
> 00 0799febc 7c822114 ntdll!KiFastSystemCallRet
> 01 0799fec0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 0799ff68 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 0799ff84 4f08f0a4 kernel32!WaitForMultipleObjects+0x18
> 04 0799ffb8 77e6608b SMTPSVC!TcpRegNotifyThread+0xde
> 05 0799ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 27
> System Thread ID: cf4
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: SMTP Service Worker Thread
>  # ChildEBP RetAddr
> 00 079dff1c 7c822124 ntdll!KiFastSystemCallRet
> 01 079dff20 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 079dff90 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 079dffa4 4f08ef41 kernel32!WaitForSingleObject+0x12
> 04 079dffb8 77e6608b SMTPSVC!FreeLibThread+0x2e
> 05 079dffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 28
> System Thread ID: e3c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 07a9fe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 07a9fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 07a9ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 07a9ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 07a9ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 07a9ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 07a9ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 29
> System Thread ID: 13ec
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 07b6fecc 7c822114 ntdll!KiFastSystemCallRet
> 01 07b6fed0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 07b6ff78 01a01f3b kernel32!WaitForMultipleObjectsEx+0x11a
> 03 07b6ffb0 01a02060 tranmsg+0x1f3b
> 04 07b6ffb8 77e6608b tranmsg+0x2060
> 05 07b6ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 30
> System Thread ID: 87c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 07beff0c 7c822124 ntdll!KiFastSystemCallRet
> 01 07beff10 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 07beff80 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 07beff94 62ec49e5 kernel32!WaitForSingleObject+0x12
> 04 07beffb8 77e6608b dsaccess+0x349e5
> 05 07beffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 31
> System Thread ID: 3c4
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 07c3fe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 07c3fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 07c3ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 07c3ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 07c3ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 07c3ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 07c3ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 32
> System Thread ID: 1220
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 07cefecc 7c822114 ntdll!KiFastSystemCallRet
> 01 07cefed0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 07ceff78 62efa634 kernel32!WaitForMultipleObjectsEx+0x11a
> 03 07ceffb0 62efa759 dsaccess+0x6a634
> 04 07ceffb8 77e6608b dsaccess+0x6a759
> 05 07ceffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 33
> System Thread ID: 1070
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 07d2f680 7c822114 ntdll!KiFastSystemCallRet
> 01 07d2f684 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 07d2f72c 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 07d2f748 62ec5815 kernel32!WaitForMultipleObjects+0x18
> 04 07d2ffb0 62eebd00 dsaccess+0x35815
> 05 07d2ffb8 77e6608b dsaccess+0x5bd00
> 06 07d2ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 34
> System Thread ID: 9b0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 07d6fe98 7c822114 ntdll!KiFastSystemCallRet
> 01 07d6fe9c 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 07d6ff44 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 07d6ff60 62f35006 kernel32!WaitForMultipleObjects+0x18
> 04 07d6ffb0 62f354ed Epoxy+0x5006
> 05 07d6ffb8 77e6608b Epoxy+0x54ed
> 06 07d6ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 35
> System Thread ID: adc
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 081efe0c 7c822124 ntdll!KiFastSystemCallRet
> 01 081efe10 71b23a09 ntdll!NtWaitForSingleObject+0xc
> 02 081efe4c 71b23a52 mswsock!SockWaitForSingleObject+0x19d
> 03 081eff3c 71c0470c mswsock!WSPSelect+0x380
> 04 081eff8c 686264b5 WS2_32!select+0xb9
> 05 081effb4 68626806 LSATQ!ATQ_BMON_SET::BmonThreadFunc+0x22
> 06 081effb8 77e6608b LSATQ!BmonThreadFunc+0x9
> 07 081effec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 36
> System Thread ID: 738
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0832ff00 7c822124 ntdll!KiFastSystemCallRet
> 01 0832ff04 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 0832ff74 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 0832ff88 62ec578b kernel32!WaitForSingleObject+0x12
> 04 0832ffb8 77e6608b dsaccess+0x3578b
> 05 0832ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 37
> System Thread ID: 1730
> Kernel Time: 0:0:0.15
> User Time: 0:0:0.0
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 083aff7c 7c821bf4 ntdll!KiFastSystemCallRet
> 01 083aff80 71b23eb4 ntdll!NtRemoveIoCompletion+0xc
> 02 083affb8 77e6608b mswsock!SockAsyncThread+0x69
> 03 083affec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 38
> System Thread ID: 145c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> *** ERROR: Symbol file could not be found.  Defaulted to export symbols
> for C:\Program Files\Exchsrvr\bin\ifsproxy.dll -
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 084eff34 7c821bf4 ntdll!KiFastSystemCallRet
> 01 084eff38 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 084eff64 62292084 kernel32!GetQueuedCompletionStatus+0x29
> WARNING: Stack unwind information not available. Following frames may
> be wrong.
> 03 084effb8 77e6608b ifsproxy!CIfsGlobals::operator=+0x7e
> 04 084effec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 39
> System Thread ID: 1058
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0856ff10 7c822124 ntdll!KiFastSystemCallRet
> 01 0856ff14 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 0856ff84 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 0856ff98 618d3c78 kernel32!WaitForSingleObject+0x12
> 04 0856ffb8 77e6608b iisif+0x3c78
> 05 0856ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 40
> System Thread ID: 12c0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 085afe90 7c822114 ntdll!KiFastSystemCallRet
> 01 085afe94 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 085aff3c 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 085aff58 62f33a01 kernel32!WaitForMultipleObjects+0x18
> 04 085affb0 62f33cbb Epoxy+0x3a01
> 05 085affb8 77e6608b Epoxy+0x3cbb
> 06 085affec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 41
> System Thread ID: 116c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 085efe90 7c822114 ntdll!KiFastSystemCallRet
> 01 085efe94 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 085eff3c 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 085eff58 62f33a01 kernel32!WaitForMultipleObjects+0x18
> 04 085effb0 62f33cbb Epoxy+0x3a01
> 05 085effb8 77e6608b Epoxy+0x3cbb
> 06 085effec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 42
> System Thread ID: 116c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 085efe90 7c822114 ntdll!KiFastSystemCallRet
> 01 085efe94 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 085eff3c 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 085eff58 62f33a01 kernel32!WaitForMultipleObjects+0x18
> 04 085effb0 62f33cbb Epoxy+0x3a01
> 05 085effb8 77e6608b Epoxy+0x3cbb
> 06 085effec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 43
> System Thread ID: e90
> Kernel Time: 0:0:0.15
> User Time: 0:0:0.31
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 0864fe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 0864fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 0864ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 0864ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 0864ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 0864ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 0864ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 44
> System Thread ID: 718
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.15
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 0868feac 7c821bf4 ntdll!KiFastSystemCallRet
> 01 0868feb0 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 0868fedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29
> 03 0868ff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1
> 04 0868ff84 77c5f9f1 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117
> 05 0868ff8c 77c5f7dd RPCRT4!ProcessIOEventsWrapper+0xd
> 06 0868ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 07 0868ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 08 0868ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 45
> System Thread ID: 14c4
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 086cff0c 7c822124 ntdll!KiFastSystemCallRet
> 01 086cff10 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 086cff80 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 086cff94 61fa5ea8 kernel32!WaitForSingleObject+0x12
> 04 086cffb8 77e6608b phatq+0x15ea8
> 05 086cffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 46
> System Thread ID: 16bc
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0875fe70 7c822114 ntdll!KiFastSystemCallRet
> 01 0875fe74 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 0875ff1c 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 0875ff38 6215ff0b kernel32!WaitForMultipleObjects+0x18
> 04 0875ffb0 62196fd7 reapi+0xff0b
> 05 0875ffb8 77e6608b reapi+0x46fd7
> 06 0875ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 47
> System Thread ID: 14a0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: SMTP Service Worker Thread
>  # ChildEBP RetAddr
> 00 087dfe7c 7c822114 ntdll!KiFastSystemCallRet
> 01 087dfe80 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 087dff28 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 087dff44 61fa5d38 kernel32!WaitForMultipleObjects+0x18
> 04 087dffa4 4f081cd6 phatq+0x15d38
> 05 087dffb8 77e6608b SMTPSVC!PERSIST_QUEUE::QueueThreadRoutine+0x23
> 06 087dffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 48
> System Thread ID: 1684
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0882ff54 7c821bf4 ntdll!KiFastSystemCallRet
> 01 0882ff58 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 0882ff84 08765b87 kernel32!GetQueuedCompletionStatus+0x29
> 03 0882ffb8 77e6608b drviis+0x5b87
> 04 0882ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 49
> System Thread ID: bd0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0886ff54 7c821bf4 ntdll!KiFastSystemCallRet
> 01 0886ff58 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 0886ff84 08765b87 kernel32!GetQueuedCompletionStatus+0x29
> 03 0886ffb8 77e6608b drviis+0x5b87
> 04 0886ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 50
> System Thread ID: 1478
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 088aff54 7c821bf4 ntdll!KiFastSystemCallRet
> 01 088aff58 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 088aff84 08765b87 kernel32!GetQueuedCompletionStatus+0x29
> 03 088affb8 77e6608b drviis+0x5b87
> 04 088affec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 51
> System Thread ID: 11c0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 088eff54 7c821bf4 ntdll!KiFastSystemCallRet
> 01 088eff58 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 088eff84 08765b87 kernel32!GetQueuedCompletionStatus+0x29
> 03 088effb8 77e6608b drviis+0x5b87
> 04 088effec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 52
> System Thread ID: f24
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0894fe90 7c822114 ntdll!KiFastSystemCallRet
> 01 0894fe94 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 0894ff3c 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 0894ff58 62f33a01 kernel32!WaitForMultipleObjects+0x18
> 04 0894ffb0 62f33cbb Epoxy+0x3a01
> 05 0894ffb8 77e6608b Epoxy+0x3cbb
> 06 0894ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 53
> System Thread ID: 81c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0898ab2c 7c822124 ntdll!KiFastSystemCallRet
> 01 0898ab30 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 0898aba0 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 0898abb4 62ec548a kernel32!WaitForSingleObject+0x12
> 04 0899ff84 77bcb530 dsaccess+0x3548a
> 05 0899ffb8 77e6608b msvcrt!_endthreadex+0xa3
> 06 0899ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 54
> System Thread ID: 1768
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 089dff04 7c822124 ntdll!KiFastSystemCallRet
> 01 089dff08 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 089dff78 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 089dff8c 621ad58a kernel32!WaitForSingleObject+0x12
> 04 089dffb0 621ad714 reapi+0x5d58a
> 05 089dffb8 77e6608b reapi+0x5d714
> 06 089dffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 55
> System Thread ID: 114c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 08a3feb4 7c822114 ntdll!KiFastSystemCallRet
> 01 08a3feb8 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 08a3ff60 62156563 kernel32!WaitForMultipleObjectsEx+0x11a
> 03 08a3ff98 62156300 reapi+0x6563
> 04 08a3ffb0 6218bfc6 reapi+0x6300
> 05 08a3ffb8 77e6608b reapi+0x3bfc6
> 06 08a3ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 56
> System Thread ID: 140
> Kernel Time: 0:0:0.78
> User Time: 0:0:0.140
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0871ff50 7c821bf4 ntdll!KiFastSystemCallRet
> 01 0871ff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 0871ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x29
> 03 0871ffb8 77e6608b LSATQ!AtqPoolThread+0x40
> 04 0871ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 57
> System Thread ID: 11fc
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 08a7fe98 7c822114 ntdll!KiFastSystemCallRet
> 01 08a7fe9c 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 08a7ff44 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 08a7ff60 019b817d kernel32!WaitForMultipleObjects+0x18
> 04 08a7ffb0 019b0053 resvc+0x2817d
> 05 08a7ffb8 77e6608b resvc+0x20053
> 06 08a7ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 58
> System Thread ID: a5c
> Kernel Time: 0:0:0.15
> User Time: 0:0:0.15
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 08abfc90 7c822124 ntdll!KiFastSystemCallRet
> 01 08abfc94 71b23a09 ntdll!NtWaitForSingleObject+0xc
> 02 08abfcd0 71b23a52 mswsock!SockWaitForSingleObject+0x19d
> 03 08abfdc0 71c0470c mswsock!WSPSelect+0x380
> 04 08abfe10 76f14a0f WS2_32!select+0xb9
> 05 08abfe64 76f1e6da WLDAP32!DrainWinsock+0x2fc
> 06 08abfeb0 76f165ed WLDAP32!LdapWaitForResponseFromServer+0x325
> 07 08abfeec 76f2a264 WLDAP32!ldap_result_with_error+0x109
> 08 08abff1c 62e92f9f WLDAP32!ldap_result+0x4b
> 09 08abff5c 62e92d34 dsaccess+0x2f9f
> 0a 08abff8c 62ec4a50 dsaccess+0x2d34
> 0b 08abffb8 77e6608b dsaccess+0x34a50
> 0c 08abffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 59
> System Thread ID: 1658
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: HTTP Listener
>  # ChildEBP RetAddr
> 00 08b9fe0c 7c822124 ntdll!KiFastSystemCallRet
> 01 08b9fe10 71b23a09 ntdll!NtWaitForSingleObject+0xc
> 02 08b9fe4c 71b23a52 mswsock!SockWaitForSingleObject+0x19d
> 03 08b9ff3c 71c0470c mswsock!WSPSelect+0x380
> 04 08b9ff8c 63ec4696 WS2_32!select+0xb9
> 05 08b9ffb4 63ec4700 ISATQ!ATQ_BMON_SET::BmonThreadFunc+0x22
> 06 08b9ffb8 77e6608b ISATQ!BmonThreadFunc+0x9
> 07 63ec4700 8b575600 kernel32!BaseThreadStart+0x34
> WARNING: Frame IP not in any known module. Following frames may be
> wrong.
> 08 04c2c033 00000000 0x8b575600
>
>
>
>
> Thread ID: 60
> System Thread ID: c64
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 09a6fecc 7c822114 ntdll!KiFastSystemCallRet
> 01 09a6fed0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 09a6ff78 01a01f3b kernel32!WaitForMultipleObjectsEx+0x11a
> 03 09a6ffb0 01a02060 tranmsg+0x1f3b
> 04 09a6ffb8 77e6608b tranmsg+0x2060
> 05 09a6ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 61
> System Thread ID: 990
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: HTTP Listener
>  # ChildEBP RetAddr
> 00 09aaff50 7c821bf4 ntdll!KiFastSystemCallRet
> 01 09aaff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 09aaff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x29
> 03 09aaffb8 77e6608b ISATQ!AtqPoolThread+0x40
> 04 09aaffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 62
> System Thread ID: 169c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.15
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 09afff18 7c822124 ntdll!KiFastSystemCallRet
> 01 09afff1c 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 09afff8c 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 09afffa0 09a1d460 kernel32!WaitForSingleObject+0x12
> 04 09afffb8 77e6608b miscat+0xd460
> 05 09afffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 63
> System Thread ID: 10c0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 09b3fde8 7c822124 ntdll!KiFastSystemCallRet
> 01 09b3fdec 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 09b3fe5c 76f29e92 kernel32!WaitForSingleObjectEx+0xac
> 03 09b3feb0 76f165ed WLDAP32!LdapWaitForResponseFromServer+0x409
> 04 09b3feec 76f2a264 WLDAP32!ldap_result_with_error+0x109
> 05 09b3ff1c 62e92f9f WLDAP32!ldap_result+0x4b
> 06 09b3ff5c 62e92d34 dsaccess+0x2f9f
> 07 09b3ff8c 62ec4a50 dsaccess+0x2d34
> 08 09b3ffb8 77e6608b dsaccess+0x34a50
> 09 09b3ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 64
> System Thread ID: 224
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.31
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 09b7ff70 7c821bf4 ntdll!KiFastSystemCallRet
> 01 09b7ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
> 02 09b7ffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
> 03 09b7ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 65
> System Thread ID: 11e8
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 09befeac 7c821bf4 ntdll!KiFastSystemCallRet
> 01 09befeb0 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 09befedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29
> 03 09beff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1
> 04 09beff84 77c5f9f1 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117
> 05 09beff8c 77c5f7dd RPCRT4!ProcessIOEventsWrapper+0xd
> 06 09beffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 07 09beffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 08 09beffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 66
> System Thread ID: 11e8
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 09befeac 7c821bf4 ntdll!KiFastSystemCallRet
> 01 09befeb0 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 09befedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29
> 03 09beff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1
> 04 09beff84 77c5f9f1 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117
> 05 09beff8c 77c5f7dd RPCRT4!ProcessIOEventsWrapper+0xd
> 06 09beffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 07 09beffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 08 09beffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 67
> System Thread ID: 1524
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 09cdab2c 7c822124 ntdll!KiFastSystemCallRet
> 01 09cdab30 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 09cdaba0 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 09cdabb4 62ec548a kernel32!WaitForSingleObject+0x12
> 04 09ceff84 77bcb530 dsaccess+0x3548a
> 05 09ceffb8 77e6608b msvcrt!_endthreadex+0xa3
> 06 09ceffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 68
> System Thread ID: 1148
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 09d2ff04 7c822124 ntdll!KiFastSystemCallRet
> 01 09d2ff08 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 09d2ff78 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 09d2ff8c 09c75b0e kernel32!WaitForSingleObject+0x12
> 04 09d2ffb0 09c75c98 phatcat+0x45b0e
> 05 09d2ffb8 77e6608b phatcat+0x45c98
> 06 09d2ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 69
> System Thread ID: 1648
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 09d5ab2c 7c822124 ntdll!KiFastSystemCallRet
> 01 09d5ab30 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 09d5aba0 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 09d5abb4 62ec548a kernel32!WaitForSingleObject+0x12
> 04 09d6ff84 77bcb530 dsaccess+0x3548a
> 05 09d6ffb8 77e6608b msvcrt!_endthreadex+0xa3
> 06 09d6ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 70
> System Thread ID: 13b4
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 09daff04 7c822124 ntdll!KiFastSystemCallRet
> 01 09daff08 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 09daff78 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 09daff8c 09c75b0e kernel32!WaitForSingleObject+0x12
> 04 09daffb0 09c75c98 phatcat+0x45b0e
> 05 09daffb8 77e6608b phatcat+0x45c98
> 06 09daffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 71
> System Thread ID: 834
> Kernel Time: 0:0:0.78
> User Time: 0:0:0.125
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 09deff0c 7c822124 ntdll!KiFastSystemCallRet
> 01 09deff10 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 09deff80 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 09deff94 61fa5db5 kernel32!WaitForSingleObject+0x12
> 04 09deffb8 77e6608b phatq+0x15db5
> 05 09deffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 72
> System Thread ID: e6c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 09e8ff14 7739c78d ntdll!KiFastSystemCallRet
> 01 09e8ff34 77694ff1 USER32!NtUserGetMessage+0xc
> 02 09e8ff74 776cf35b ole32!CDllHost::STAWorkerLoop+0x72
> 03 09e8ff90 776cf2a3 ole32!CDllHost::WorkerThread+0xc8
> 04 09e8ff98 776b2307 ole32!DLLHostThreadEntry+0xd
> 05 09e8ffac 776b2374 ole32!CRpcThread::WorkerLoop+0x1e
> 06 09e8ffb8 77e6608b ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x20
> 07 09e8ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 73
> System Thread ID: 14d8
> Kernel Time: 0:0:0.15
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0a3bfde8 7c822124 ntdll!KiFastSystemCallRet
> 01 0a3bfdec 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 0a3bfe5c 76f29e92 kernel32!WaitForSingleObjectEx+0xac
> 03 0a3bfeb0 76f165ed WLDAP32!LdapWaitForResponseFromServer+0x409
> 04 0a3bfeec 76f2a264 WLDAP32!ldap_result_with_error+0x109
> 05 0a3bff1c 62e92f9f WLDAP32!ldap_result+0x4b
> 06 0a3bff5c 62e92d34 dsaccess+0x2f9f
> 07 0a3bff8c 62ec4a50 dsaccess+0x2d34
> 08 0a3bffb8 77e6608b dsaccess+0x34a50
> 09 0a3bffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 74
> System Thread ID: 1398
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0aaffde8 7c822124 ntdll!KiFastSystemCallRet
> 01 0aaffdec 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 0aaffe5c 76f29e92 kernel32!WaitForSingleObjectEx+0xac
> 03 0aaffeb0 76f165ed WLDAP32!LdapWaitForResponseFromServer+0x409
> 04 0aaffeec 76f2a264 WLDAP32!ldap_result_with_error+0x109
> 05 0aafff1c 62e92f9f WLDAP32!ldap_result+0x4b
> 06 0aafff5c 62e92d34 dsaccess+0x2f9f
> 07 0aafff8c 62ec4a50 dsaccess+0x2d34
> 08 0aafffb8 77e6608b dsaccess+0x34a50
> 09 0aafffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 75
> System Thread ID: 1798
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 0ab3fde8 7c822124 ntdll!KiFastSystemCallRet
> 01 0ab3fdec 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 0ab3fe5c 76f29e92 kernel32!WaitForSingleObjectEx+0xac
> 03 0ab3feb0 76f165ed WLDAP32!LdapWaitForResponseFromServer+0x409
> 04 0ab3feec 76f2a264 WLDAP32!ldap_result_with_error+0x109
> 05 0ab3ff1c 62e92f9f WLDAP32!ldap_result+0x4b
> 06 0ab3ff5c 62e92d34 dsaccess+0x2f9f
> 07 0ab3ff8c 62ec4a50 dsaccess+0x2d34
> 08 0ab3ffb8 77e6608b dsaccess+0x34a50
> 09 0ab3ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 76
> System Thread ID: 810
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 2048fe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 2048fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 2048ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 2048ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 2048ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 2048ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 2048ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 77
> System Thread ID: 810
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 2048fe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 2048fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 2048ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 2048ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 2048ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 2048ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 2048ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 78
> System Thread ID: 10e0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 2050fe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 2050fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 2050ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 2050ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 2050ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 2050ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 2050ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 79
> System Thread ID: 1330
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.15
> Thread Type: Other
>  # ChildEBP RetAddr
> 00 2054ff50 7c821bf4 ntdll!KiFastSystemCallRet
> 01 2054ff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 2054ff80 68628d05 kernel32!GetQueuedCompletionStatus+0x29
> 03 2054ffb8 77e6608b LSATQ!AtqPoolThread+0x40
> 04 2054ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 80
> System Thread ID: d9c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 2062fe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 2062fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 2062ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 2062ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 2062ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 2062ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 2062ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 81
> System Thread ID: 16e0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 00bffe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 00bffe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 00bfff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 00bfff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 00bfffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 00bfffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 00bfffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 82
> System Thread ID: 1560
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page.  Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
>  # ChildEBP RetAddr
> 00 205afe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 205afe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 205aff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 205aff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 205affac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 205affb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 205affec 00000000 kernel32!BaseThreadStart+0x34
> 
> Closing open log file C:\iisstate\output\IISState-5500.log

0
12/6/2006 7:52:24 PM
Thought I'd let the group know what I sent symantec to help troubleshoot in 
the hopes they get a fix soon:

since you can't see the colors: timestamps without anything after are when 
the services crashed,  I'm not sure how safe it is to just take out that one 
line in the bmiconfig.xml file -(i'm going to cross post to the other 
posting on the subject)

Red = time services failed and restarted
Blue = time xml file modified


09:52 (am today)
10:22
11:03
11:05
11:08
11:08
11:09
11:09
11:12
11:29
12:19
12:20
12:21
12:21
12:22
12:23
12:50 - removed 5 lines from xml file and restarted symantec mail security 
service
01:46 - added "<ruleType>header_regex</ruleType>" line back to xml file and 
restarted symantec mail security service
02:21 - added "<ruleType>body_regex</ruleType>" line back to xml file and 
restarted symantec mail security service
02:49
03:00 - removed  "<ruleType>body_regex</ruleType>"  and added 
"<ruleType>lang_header_regex</ruleType>" and restarted symantec mail 
security service
03:37 - added "<ruleType>lang_body_regex</ruleType>" line back to xml file 
and restarted symantec mail security service
04:08 - added "<ruleType>bodysig</ruleType>" line back to xml file and 
restarted symantec mail security service
04:38 - no services stopping 


0
12/6/2006 9:45:38 PM
Seems that Symantec finally updated the definitions to fix this.  My
server loaded up the new definitions around 8:00 pm tonight.  So far my
event viewer has been clean as a whistle.  No service crashes in over 3
hours.  Thank God--I've been pulling my hair out for days trying to
solve this.



DavidH wrote:
> Thought I'd let the group know what I sent symantec to help troubleshoot in
> the hopes they get a fix soon:
>
> since you can't see the colors: timestamps without anything after are when
> the services crashed,  I'm not sure how safe it is to just take out that one
> line in the bmiconfig.xml file -(i'm going to cross post to the other
> posting on the subject)
>
> Red = time services failed and restarted
> Blue = time xml file modified
>
>
> 09:52 (am today)
> 10:22
> 11:03
> 11:05
> 11:08
> 11:08
> 11:09
> 11:09
> 11:12
> 11:29
> 12:19
> 12:20
> 12:21
> 12:21
> 12:22
> 12:23
> 12:50 - removed 5 lines from xml file and restarted symantec mail security
> service
> 01:46 - added "<ruleType>header_regex</ruleType>" line back to xml file and
> restarted symantec mail security service
> 02:21 - added "<ruleType>body_regex</ruleType>" line back to xml file and
> restarted symantec mail security service
> 02:49
> 03:00 - removed  "<ruleType>body_regex</ruleType>"  and added
> "<ruleType>lang_header_regex</ruleType>" and restarted symantec mail
> security service
> 03:37 - added "<ruleType>lang_body_regex</ruleType>" line back to xml file
> and restarted symantec mail security service
> 04:08 - added "<ruleType>bodysig</ruleType>" line back to xml file and
> restarted symantec mail security service
> 04:38 - no services stopping

0
12/7/2006 5:23:55 AM
I've got my Symantec updated to the 12/7 Rev. 20 definitions and after
an uneventful morning this issue popped up again.  Is anyone else
experiencing this problem even after the update?

I've only been running Symantec for about 2 weeks now and I'm about
ready to dump it after this fiasco.

0
12/7/2006 8:54:34 PM
I've been chashing this same problem for days now. I applied the quick
fix listed above. I only removed the one line
<ruleType>body_regex</ruleType>, and my server is a lot happier.

0
zcolton (2)
12/8/2006 4:50:01 AM
i've been wrestling with what seems like this since 2 dec. also seeing
the messages which seem to trigger it reappearing in the smtp queues,
which led me down the blind alley of looking at a temptable# corruption
in the store. anyone else seen duplicate delivery of the messages which
crash the service? have just patched the xml file, and so far clean.
will report back.

0
12/8/2006 12:00:42 PM
My problem came back too!!!  This is annoying.  I'm about ready to dump
Symantec for good.


Darrell Berry wrote:
> i've been wrestling with what seems like this since 2 dec. also seeing
> the messages which seem to trigger it reappearing in the smtp queues,
> which led me down the blind alley of looking at a temptable# corruption
> in the store. anyone else seen duplicate delivery of the messages which
> crash the service? have just patched the xml file, and so far clean.
> will report back.

0
12/8/2006 3:30:36 PM
Same problems with our Exchange SP2/SMS with Premium.  I haven't tried
any of the workarounds posted but Symantec obviously hasn't sent any
updates to fix this.  I'll be keeping an eye on this thread.

catsarecool wrote:
> My problem came back too!!!  This is annoying.  I'm about ready to dump
> Symantec for good.
>
>
> Darrell Berry wrote:
> > i've been wrestling with what seems like this since 2 dec. also seeing
> > the messages which seem to trigger it reappearing in the smtp queues,
> > which led me down the blind alley of looking at a temptable# corruption
> > in the store. anyone else seen duplicate delivery of the messages which
> > crash the service? have just patched the xml file, and so far clean.
> > will report back.

0
alamein (1)
12/8/2006 7:09:46 PM
It's been almost 24 hours since I made the change in the xml file and
the problem has not come back.

0
zcolton (2)
12/9/2006 12:58:27 AM
zcolton@gmail.com wrote:
> It's been almost 24 hours since I made the change in the xml file and
> the problem has not come back.

New definitions or changing the xml file is only a work around. The
Brightmail Service is actually partially disabled. Symantec still does
not have a fix as of Dec 13. Symantec finally posted the work around in
KB article. I was instructed to check on the article for a permanent
fix once it was discovered.
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2006120116344254

0
12/13/2006 1:13:30 PM
The same Problem > The same solution!!!

Symantec where are you?

0
toto707 (1)
12/14/2006 6:38:37 AM
Symantec has recently resolved this issue (after nearly two months)
according to the page posted before:
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2006120116344254

However, that page says that a software update fixes the problem,
rather than just the updated ruleset.  A software update is all well
and good, but you have to call technical support to get it?  They
screwed up their software and brought my exchange server to its knees
and they won't even provide the download without more hassles?

On Dec 14 2006, 1:38 am, toto...@gmail.com wrote:
> The same Problem > The same solution!!!
> 
> Symantecwhere are you?

0
1/26/2007 10:08:58 PM
On Jan 26, 5:08 pm, lordredsn...@gmail.com wrote:
> Symantec has recently resolved this issue (after nearly two months)
> according to the page posted before:http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2006120116344254
>
> However, that page says that a software update fixes the problem,
> rather than just the updated ruleset.  A software update is all well
> and good, but you have to call technical support to get it?  They
> screwed up their software and brought my exchange server to its knees
> and they won't even provide the download without more hassles?
>
> On Dec 14 2006, 1:38 am, toto...@gmail.com wrote:
>
>
>
> > The same Problem > The same solution!!!
>
> > Symantecwhere are you?- Hide quoted text -
>
> - Show quoted text -

I upgraded our FE Exchange Server to their new version 5.0.5.366 and
the server is still having IIS buffer overrun issues with
libspamhunter.dll.  Unfortunately Symantec Gold Tech Support closes at
5PM PST and I will have to call them in the morning.

0
2/27/2007 3:33:58 AM
On Feb 26, 10:33 pm, mike.dri...@gmail.com wrote:
> On Jan 26, 5:08 pm, lordredsn...@gmail.com wrote:
>
>
>
>
>
> > Symantec has recently resolved this issue (after nearly two months)
> > according to the page posted before:http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2006120116344254
>
> > However, that page says that a software update fixes the problem,
> > rather than just the updated ruleset.  A software update is all well
> > and good, but you have to call technical support to get it?  They
> > screwed up their software and brought my exchange server to its knees
> > and they won't even provide the download without more hassles?
>
> > On Dec 14 2006, 1:38 am, toto...@gmail.com wrote:
>
> > > The same Problem > The same solution!!!
>
> > > Symantecwhere are you?- Hide quoted text -
>
> > - Show quoted text -
>
> I upgraded our FE Exchange Server to their new version 5.0.5.366 and
> the server is still having IIS buffer overrun issues with
> libspamhunter.dll.  Unfortunately Symantec Gold Tech Support closes at
> 5PM PST and I will have to call them in the morning.- Hide quoted text -
>
> - Show quoted text -

I will have to concur.  I applied the new build as well and still have
an issue.  Although the issue has changed somewhat.. the message no
longer gets stuck on the upstream server anymore. You re-start the
SMTP gateway and the message delivers (or at least goes somewhere) on
the 2nd attempt.

0
2/27/2007 11:27:19 PM
Does anyone know of a compareable/better alternative to symantec for the 
exchange server?

<clif.godfrey@mindspring.com> wrote in message 
news:1172618839.551989.201670@q2g2000cwa.googlegroups.com...
> On Feb 26, 10:33 pm, mike.dri...@gmail.com wrote:
>> On Jan 26, 5:08 pm, lordredsn...@gmail.com wrote:
>>
>>
>>
>>
>>
>> > Symantec has recently resolved this issue (after nearly two months)
>> > according to the page posted 
>> > before:http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2006120116344254
>>
>> > However, that page says that a software update fixes the problem,
>> > rather than just the updated ruleset.  A software update is all well
>> > and good, but you have to call technical support to get it?  They
>> > screwed up their software and brought my exchange server to its knees
>> > and they won't even provide the download without more hassles?
>>
>> > On Dec 14 2006, 1:38 am, toto...@gmail.com wrote:
>>
>> > > The same Problem > The same solution!!!
>>
>> > > Symantecwhere are you?- Hide quoted text -
>>
>> > - Show quoted text -
>>
>> I upgraded our FE Exchange Server to their new version 5.0.5.366 and
>> the server is still having IIS buffer overrun issues with
>> libspamhunter.dll.  Unfortunately Symantec Gold Tech Support closes at
>> 5PM PST and I will have to call them in the morning.- Hide quoted text -
>>
>> - Show quoted text -
>
> I will have to concur.  I applied the new build as well and still have
> an issue.  Although the issue has changed somewhat.. the message no
> longer gets stuck on the upstream server anymore. You re-start the
> SMTP gateway and the message delivers (or at least goes somewhere) on
> the 2nd attempt.
> 


0
2/28/2007 1:50:23 PM
Reply:

Similar Artilces:

shell_notifyicon in a service
I have an MFC dialog-based application that is being launched as a service using the srvany utility. I just added code to create a systray icon using shell_notifyicon. It works fine when the application is running in normal mode. When launched as service without desktop interaction the icon doesn't come up. Is this just a problem with where I'm making the calls to shell_notifyicon in my code or is something extra necessary when creating a systray icon from a service when there is no visible GUI? Thanks Eric Hi, Well, service process should not display an icon in the ...

Can someone please describe why impersonation requires the impersonator to be local admin?
Can someone please describe why impersonation requires the impersonator to be local admin? ...

Unable to open Exchange Server Admin with MAPI error
When I try to open Exchange Server Admin on my Win2k Server running Exchange 5.5, I get the following error MAPI was unable to load the information service emsabp.dll. Be sure the service is correctly installed and configured MAPI or an unspecified service providor ID no. 00040380-0000-0000000 I can open Exchange Server Admin on another Exchange Server and access the one that gives the error and it seems to be running fine. Just can't get to it on the same server Any help greatly appreciated Do you also have Outlook 2002 installed on the server? -- Nicholas Basile(MSFT) nicbas@onl...

Service pack problems with auto-generated account code
I applied the latest service pack and now the software is adding 5 digits to our account codes (10000). I assume this is a bug because I have found nowhere that references this number being added. You got a lot of posts on this board that are incorrect. Can't your reseller help you with your questions and procedural issues? Sorry, but I don't have the time. Are you learning the program by trial and error and assuming the program is wrong? Mark (2) "Mark" wrote: > I applied the latest service pack and now the software is adding 5 digits to > our account codes ...

ADMIN SNAPIN FOR 2003
I know this sounds silly but how do you install the admin pack for exchange 2003. Everytime I try to install it on XP professional it says that I need IIS running. Is this true. I just want the Exchange snapin for ADUC. If you know please share. I use to be able with exchange 2000 install it from the cd. I think it has changed somehow. In article <60e301c3e5f4$0f592ff0$a001280a@phx.gbl>, ntborg@yahoo.com says... > I know this sounds silly but how do you install the admin > pack for exchange 2003. Everytime I try to install it on > XP professional it says that I need IIS...

IIS Reinstall
Is there a way to remove and reinstall IIS and have it automatically pick up the EXCHANGE Specific stuff for OWA and whatever other ities Exchange has in with IIS? Thanks K You can reset these directories to default permissions but you will need to reinstall Exchange if you want to reinstall IIS. -- John Oliver, Jr MCSE, MCT, CCNA Exchange MVP 2007 Microsoft Certified Partner "Kerry" <Kerry@discussions.microsoft.com> wrote in message news:AFC2BA7F-92B0-4E8F-9E3A-E6231EAF84AF@microsoft.com... > Is there a way to remove and reinstall IIS and have it automatically pick...

Analyical services License for SQL 2000 Standard
We are on SQL Server 2000 Standard Edition. Do we need any additional license for installing SQL Analytical services for Analysis cubes or is it already included when SQL Server 2000 Standard is purchased. thank you. The SQL Server Analysis Services portion is "free" because it is part of the SQL Server 2000 product. The prebuilt GP cubes are not free and must be purchased from MBS. In GP 9, for the benefit of those who may not know, the Business Intelligence Foundation layer includes the cube for the financial modules. The distribution and multi-company cubes are extra c...

Connecting to Online Services- password lengths do not match
When I try to download my online statements from my bank's website using Money 2001, it prompts me for my online password, which is 8 characters long through my bank, but the password box in Money only allows me to input 4 characters. I have tried to change my password through my bank to 4 characters, but the minimum length with them is 8 characters. What should I do? I had the same problem and my bank won't set me up with a four character password. I go to my bank site and log in, then I tell the bank to download to MSMoney. It works for me. Bill "candy4U" <can...

IIS log files filling up my drive
I have a severely under utilized SBS2008R2-sp2 server. It does not support any websites. The files in the web root are the default ones. We use Exchange and store files, and rarely log in remotely. We stopped receiving emails recently and I was asked to find out why. I found the c: drive at 99% full. Exchange is on d: drive. I found 13 gigs of IIS log files and moved them to another drive to fix the problem. But, why is IIS generating so much data? Where can I find information on all the different IIS log file categories? One folder W3SVC1372222313 was a real hog with single ...

Admin/User
Hey, I was wondering if there were an api or a way that would allow me to determine whether the current account was an admin or an user account? Thanks ...

Exchange Admin can't open Other Users Folder
Help, I am the Exchange admin for a small company with one Exchange 2000 server (AD). I am trying to open users folders much like I used to with Exchange 5.5 as the System Attendant. I am currently a member of everya dmin and exchange admin group available. And if I'm not, I can make myself a member of any group if I have to. Any suggestion is appreciated. Thank you -G gaguilar@caresclinic.org What do you mean under "users folders"? By default, administrators have Deny access permission set to Full mailbox access right. Hence they cannot see users mailboxes. Regards, Boris...

ocx in a service
I want use an ocx in a service. The create method of the ocx is the following virtual BOOL Create(LPCTSTR lpszClassName, LPCTSTR lpszWindowName, DWORD dwStyle, const RECT& rect, CWnd* pParentWnd, UINT nID, CCreateContext* pContext = NULL) In a service I do not have any CWnd, so I don’t know what put in the argument “CWnd* pParentWnd”. How can I solve this? Tks. Rui You should be using CoCreateInstance to create the OCX control. AliR. "Rui Oliveira" <RuiOliveira@discussions.microsoft.com> wrote in message news:A1D47112-53FC-4B85-97A5-614A7139960A@microsoft.com....

Unable to use manage online services
Yall, This issue is plaguing me for a while already. It happens that I installed Money 2005 SB and now I am unable to manage online services. When I try to go to set up online services, I chose credit card, and right after I am presented with a red font message saying “ …. To set up your accounts, you must be online. Please close Money, and then sign in to your file. When you sign in, make sure the Work offline box is cleared. ….”. The work offline is not set at File Menu so I am at a loss here. In addition, if I try to alter my passport at Password Manager I am presented with a...

WMC says UI unexpectedly launched and then closes
Hi All, I was previously able to listen to music via my X-box Extender but now when I try to connect to WMC it says an application launched UI unexpectedly and the connection is lost. I can't seem to resolve this issue - can anyone please help. The extender shows up on my network until this message is shown then disappears yet all connections are fine. -- raw68 ------------------------------------------------------------------------ raw68's Profile: http://forums.techarena.in/members/174452.htm View this thread: http://forums.techarena.in/mediacenter/1293597.htm ht...

70-284: unable to run Exchange services using a service account
I'm working through the MS study kit for 70-284. I installed Exchange 2003 using a service account set up for the purpose; all OK. Initially the services run as LocalSystem so I changed them to run using the service account. However the System Attendant now does not start. I get an Event ID 1005 with text: "Unexpected error The logon attempt failed ID no: 8009030c Microsoft Exchange System Attendant occurred. " That would suggest a problem with authenticating as the service account, yet I was logged on with that account and the Exchange Management service starts up fine using ...

IIS
Hi, I have a functional .aspx page on IIS, I added a IFRAME but nothing is posted in CRM3.0 Thanck You. Hi, Please give some more details for us to comment on your issue. -- PLEASE do click on Yes or No button if this post was helpful or not for our feedback. uMar Khan Email for direct contact: imumar at gmail dot com "ahmed" wrote: > Hi, > I have a functional .aspx page on IIS, I added a IFRAME but nothing is > posted in CRM3.0 > Thanck You. ...

ASP.NET 1.1 Website migrated from IIS 6 to IIS 7
Hi all I don't know if this is the correct forum to pose this question. I have an ASP.NET 1.1 web application that I'm required to migrate from an IIS 6 environment (Windows Server 2003) to an IIS 7 environment (Windows Server 2008). I'm experiencing problems with the DHTML menus. In IIS 6 they display the text and the link whereas in IIS 7 it only displays the text, not the link. Is there a patch that I need to install on Windows Server 2008 to rectify this problem? What am I missing? Has anyone else experienced this problem? :confused: I am most confuzzle...

admin vs admin
I have 3 exch servers in a routing group and i am administrating it ... a new hired administrator step up in the organization , so the management wants me to give him one exchange server for administration ... so i want him to administrate only one exchange server ... but i want to administrate all 3 ... On Mon, 17 Jul 2006 22:56:01 -0700, Feelings <Feelings@discussions.microsoft.com> wrote: >I have 3 exch servers in a routing group and i am administrating it ... a new >hired administrator step up in the organization , so the management wants me >to give him one exchange ...

IIS service
Exchange 5.5 sp4 - does the IIS Admin service need to be running on a plain jane exchange server? We currently have it enabled and started, but want to disable it. I do not know of any problems this will cause, but wanted to verify it. Can someone help and let me know - can I turn this off ? TIA Nancy Stevens Nstevens@tycoint.com I dont see any reason you need it started. On Tue, 15 Jun 2004 17:07:31 -0400, "Nancy Stevens" <nstevens@tycoint.com> wrote: >Exchange 5.5 sp4 - does the IIS Admin service need to be running on a plain >jane exchange server? We curr...

Connection to the DPM service has been lost
I have 2 servers with a shared library. I just swapped out the tapes and upon performing a detailed or fast inventory, I get the Connection has been lost message. Events logs show the following error. The description for Event ID 943 from source MSDPM cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information ...

remote admin
dear all, I am planning to remotely administer our co-located server. before on a w2k box i used terminal services plugin for IE. As security is of a bigger concern now, i would like to make it as secure as possible without a great investment. The hosting company has offered to use pc anywhere, I have no experience with this, can some one please advise me which option is more secure; built in remote admin, or pc anywhere. thanks very much, Dirk van Mierlo Datacentral.co.uk Ltd. What you should do is to install firewall on that server, and limit which boxes / hosts can do remote admin to ...

Office XP Service Pack 3 Install Failure
error code 0x8024002D Auto update informed me of an update downloaded - but failed to install, asking for a Office XP Business CD it required. I don't have Business Office software on my computer, so wondering why it's trying to update it. Also, even with install failure of this update, now my long standing excel spreadsheet files won't open; seem to be looking for this update..... Help? leal1928 wrote: > error code 0x8024002D > Auto update informed me of an update downloaded - but failed to > install, asking for a Office XP Business CD it required. I don'...

SharePoint Services.
Hi, We are trying to do a migration of Sharepoint Services V2.0 from one server to another. Run smigrate to do a migration of the database and website, this appears to work, it backups and compresses all the files into a .fwp format. When we do a restore it becomes apparent that not everything has been backedup correctly. large chunks of the website are missing and no users or permissions have been transferred. The command i am using to back is smigrate.exe –w http://server/site –f C:\companywebbackup\companyweb.fwp -u user_name -pw password To restore smigrate.exe -r -...

Service pack 3 year end update
Does anyone know of any issues with 2008 year end update which includes service pack 3??? ALso is there any docs out there that tell you what service pack 3 includes and what it updates, had a clients update done and now when the are posting they the error THE STORED PROCEDURE GLPBATCHCLEANUP RETURNED THE FOLLOWING RESULTS: DBMS O, GREAT PLAINS 20488, is this an issue with the update?? Help Thanks, Jim The installation guide for SP3 contains the fixes. I don't have information about the error you're experiencing. -- Charles Allen, MVP "Jim" wrote: > Does a...

Exchange Directory Service is missing!
Help please! I have a fresh Win 2000 Server running Exchange 5.5. The problem is that I cannot open the Exchange Admin because there is NO "Exchange Directory Service" listed as a Service in Control Panel. Therefore I cannot start it as a service. Windows is setup as a DC and Global Catalog. I think it's set up right. Any suggestions would be appreciated. Thank you! Marco Santarelli On Thu, 5 Jan 2006 01:51:03 -0800, "Marco Santarelli" <Marco Santarelli@discussions.microsoft.com> wrote: >Help please! > >I have a fresh Win 2000 Server running...