IIS5 - inetmon.exe at 99%

"Pat [MSFT]" <patfilot.TakeThisOut@online.microsoft.com> wrote in message
news:eIF%23ASsiEHA.2688@TK2MSFTNGP15.phx.gbl...
 > Next time it goes to high cpu, run IISState (www.iisfaq.com) against
 > inetinfo and post the log. We may be able to identify the cause:
 >
Here is is:
~~~~~~~~~~~~~~~~~~~~~~~~~~
Opened log file 'C:\iisstate\output\IISState-360.log'

***********************
Starting new log output
IISState version 3.3.1

Wed Aug 25 19:14:30 2004

OS = Windows 2000
Executable: inetinfo.exe
PID = 360

Note: Thread times are formatted as HH:MM:SS.ms

***********************

Thread ID: 0
System Thread ID: 2c8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0006f89c 7c5785d1 ntdll!ZwReadFile+0xb
01 0006f910 7c2e4cd9 KERNEL32!ReadFile+0x181
02 0006f93c 7c2e4b5f ADVAPI32!ScGetPipeInput+0x28
03 0006f9b8 7c2e6632 ADVAPI32!ScDispatcherLoop+0x4a
04 0006fbf4 01002884 ADVAPI32!StartServiceCtrlDispatcherA+0x7d
05 0006fd30 01001e94 inetinfo!StartDispatchTable+0x2f1
06 0006ff70 01002fbf inetinfo!main+0x654
07 0006ffc0 7c581af6 inetinfo!mainCRTStartup+0xff
08 0006fff0 00000000 KERNEL32!BaseProcessStart+0x3d

Thread ID: 1
System Thread ID: 334
Kernel Time: 0:0:0.20
User Time: 0:0:0.50
Thread Type: Other
# ChildEBP RetAddr
00 0049fd1c 7c573b28 ntdll!ZwWaitForSingleObject+0xb
01 0049fd44 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
02 0049fd54 6e6f1685 KERNEL32!WaitForSingleObject+0xf
03 0049fd70 01002440 iisadmin!ServiceEntry+0x156
04 0049ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
05 0049ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
06 0049ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 2
System Thread ID: 344
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0059fe5c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 0059feac 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0059ff08 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 0059ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
04 0059ff7c 780085bc IisRTL!SchedulerWorkerThread+0xa7
05 0059ffb4 7c57438b MSVCRT!_endthreadex+0xc1
06 0059ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 3
System Thread ID: 36c
Kernel Time: 0:0:0.50
User Time: 0:0:0.20
Thread Type: Other
# ChildEBP RetAddr
00 00c8fc1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 00c8fc6c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 00c8fcc8 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 00c8fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
04 00c8fd30 6fc6b2f0 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
05 00c8fd70 01002440 ftpsvc2!ServiceEntry+0xc7
06 00c8ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
07 00c8ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
08 00c8ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 4
System Thread ID: 370
Kernel Time: 0:0:0.30
User Time: 0:0:0.80
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 00ccfc1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 00ccfc6c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 00ccfcc8 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 00ccfce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
04 00ccfd30 6b561a78 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
05 00ccfd70 01002440 SMTPSVC!ServiceEntry+0x136
06 00ccffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
07 00ccffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
08 00ccffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 5
System Thread ID: 374
Kernel Time: 0:0:0.10
User Time: 0:0:0.40
Thread Type: Other
# ChildEBP RetAddr
00 00d0fc1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 00d0fc6c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 00d0fcc8 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 00d0fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
04 00d0fd30 65f0cfd8 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
05 00d0fd70 01002440 w3svc!ServiceEntry+0x1b5
06 00d0ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
07 00d0ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
08 00d0ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 6
System Thread ID: 338
Kernel Time: 0:0:15.221
User Time: 0:0:5.648
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 00d8ec98 7c57868f ntdll!ZwSetInformationFile+0xb
01 00d8ece8 6e60e3a7 KERNEL32!SetFilePointer+0xb4
02 00d8ee44 6e60e249 iislog!ILOG_FILE::PositionToEOF+0xea
03 00d8ef6c 6e60e16b iislog!ILOG_FILE::OpenFile+0xc5
04 00d8ef88 6e605719 iislog!ILOG_FILE::Open+0x6a
05 00d8f1dc 6e605bec iislog!CLogFileCtrl::OpenLogFile+0x243
06 00d8f1f4 6e6012c8 iislog!CLogFileCtrl::WriteLogInformation+0x122
07 00d8f530 6d6f115a iislog!CLogFileCtrl::LogInformation+0xe0
08 00d8f630 6d6f1101 iscomlog!COMLOG_CONTEXT::LogInformation+0x54
09 00d8f638 769b1627 iscomlog!ComLogLogInformation+0x11
0a 00d8f64c 65f1c7af INFOCOMM!LOGGING::LogInformation+0x24
0b 00d8ff1c 65f01e1d w3svc!HTTP_REQ_BASE::WriteLogRecord+0x433
0c 00d8ff38 65f047ef w3svc!CLIENT_CONN::DoWork+0x21d
0d 00d8ff4c 6d701a22 w3svc!W3Completion+0x43
0e 00d8ff80 6d7029a6 ISATQ!AtqpProcessContext+0x266
0f 00d8ffb4 7c57438b ISATQ!AtqPoolThread+0x1a8
10 00d8ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 7
System Thread ID: 39c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 0114fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
01 0114ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
02 0114ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9
03 0114ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
04 0114ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
05 0114ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 8
System Thread ID: 3a0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0118fd20 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 0118fd70 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
02 0118fd88 778322b2 KERNEL32!WaitForMultipleObjects+0x17
03 0118ffb4 7c57438b RTUTILS!TraceServerThread+0xde
04 0118ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 9
System Thread ID: 3a4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 011dfeb8 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
01 011dfee4 77d31394 KERNEL32!GetQueuedCompletionStatus+0x27
02 011dff20 77d3e93f RPCRT4!COMMON_ProcessCalls+0x9e
03 011dff74 77d3e8c2 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x99
04 011dff78 77d35924 RPCRT4!ProcessIOEventsWrapper+0x9
05 011dffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
06 011dffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
07 011dffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 10
System Thread ID: 3a8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0121ff00 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 0121ff50 75037871 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0121ff6c 6fc66e80 WS2_32!WSAWaitForMultipleEvents+0x18
03 0121ffb4 7c57438b ftpsvc2!PASV_ACCEPT_CONTEXT::AcceptThreadFunc+0x39
04 0121ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 11
System Thread ID: 3ac
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0126ff20 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 0126ff70 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
02 0126ff88 701224fa KERNEL32!WaitForMultipleObjects+0x17
03 0126ffb4 7c57438b exstrace!RegNotifyThread+0x6f
04 0126ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 12
System Thread ID: 3b0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 012aff24 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 012aff74 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
02 012aff8c 70121e6a KERNEL32!WaitForMultipleObjects+0x17
03 012affb4 7c57438b exstrace!WriteTraceThread+0x2f
04 012affec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 13
System Thread ID: 3b4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 013eff64 7c573b28 ntdll!ZwWaitForSingleObject+0xb
01 013eff8c 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
02 013eff9c 6ff2841e KERNEL32!WaitForSingleObject+0xf
03 013effb4 7c57438b FCACHDLL!CScheduleThread::ScheduleThread+0x22
04 013effec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 14
System Thread ID: 3b8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 0152ff18 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 0152ff68 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
02 0152ff80 6b57b026 KERNEL32!WaitForMultipleObjects+0x17
03 0152ffb4 7c57438b SMTPSVC!TcpRegNotifyThread+0x136
04 0152ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 15
System Thread ID: 3bc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 0157ff68 7c573b28 ntdll!ZwWaitForSingleObject+0xb
01 0157ff90 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
02 0157ffa0 6b57ae5a KERNEL32!WaitForSingleObject+0xf
03 0157ffb4 7c57438b SMTPSVC!FreeLibThread+0x1d
04 0157ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 16
System Thread ID: 3c0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Compression Thread
# ChildEBP RetAddr
00 015fff5c 7c573b28 ntdll!ZwWaitForSingleObject+0xb
01 015fff84 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
02 015fff94 732c3366 KERNEL32!WaitForSingleObject+0xf
03 015fffb4 7c57438b compfilt!CompressionThread+0x29
04 015fffc0 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 17
System Thread ID: 114
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 016ffe70 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 016ffec0 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 016fff1c 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 016fff38 65f09ccb USER32!MsgWaitForMultipleObjects+0x1d
04 016fff7c 78008454 w3svc!CMTACallbackThread::Thread+0x42
05 016fffb4 7c57438b MSVCRT!_endthread+0xc6
06 016fffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 18
System Thread ID: 3d0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0173fea8 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 0173fef8 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
02 0173ff54 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
03 0173ff70 65f09d47 USER32!MsgWaitForMultipleObjects+0x1d
04 0173ffb4 7c57438b w3svc!OleHackThread+0x88
05 0173ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 19
System Thread ID: 3d4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0177fce0 74fd1394 ntdll!ZwWaitForSingleObject+0xb
01 0177fd1c 74fd3c59 msafd!SockWaitForSingleObject+0x1a8
02 0177fe08 750312f5 msafd!WSPSelect+0x24e
03 0177fe6c 6e2b3b6e WS2_32!select+0xe7
04 0177ffb4 7c57438b inetsloc!SocketListenThread+0x51
05 0177ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 20
System Thread ID: 3d8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 017bfe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
01 017bff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
02 017bff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9
03 017bffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
04 017bffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
05 017bffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 21
System Thread ID: 3dc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 017ffdfc 74fd1394 ntdll!ZwWaitForSingleObject+0xb
01 017ffe38 74fd3c59 msafd!SockWaitForSingleObject+0x1a8
02 017fff24 750312f5 msafd!WSPSelect+0x24e
03 017fff88 6d7075bd WS2_32!select+0xe7
04 017fffb0 6d70791b ISATQ!ATQ_BMON_SET::BmonThreadFunc+0x22
05 017fffb4 7c57438b ISATQ!BmonThreadFunc+0x9
06 017fffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 22
System Thread ID: 3e0
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0184ff54 7c573b28 ntdll!ZwWaitForSingleObject+0xb
01 0184ff7c 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
02 0184ff8c 741a99cd KERNEL32!WaitForSingleObject+0xf
03 0184ffb4 7c57438b aqueue!CSMTP_RETRY_HANDLER::RetryThreadRoutine+0xce
04 0184ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 23
System Thread ID: 3ec
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: SMTP Service Worker Thread
# ChildEBP RetAddr
00 018cfed0 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
01 018cff20 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
02 018cff38 741900e1 KERNEL32!WaitForMultipleObjects+0x17
03 018cff9c 6b56dccd aqueue!CConnMgr::GetNextConnection+0x1da
04 018cffb4 7c57438b SMTPSVC!PERSIST_QUEUE::QueueThreadRoutine+0x23
05 018cffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 24
System Thread ID: 644
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 01e2fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
01 01e2ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
02 01e2ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9
03 01e2ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
04 01e2ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
05 01e2ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 25
System Thread ID: 650
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01e6ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
01 01e6ff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27
02 01e6ffb4 7c57438b ISATQ!AtqPoolThread+0x40
03 01e6ffec 00000000 KERNEL32!BaseThreadStart+0x52

Thread ID: 26
System Thread ID: 518
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.

No remote call being made

# ChildEBP RetAddr
00 01eafe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
01 01eaff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
02 01eaff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9
03 01eaffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
04 01eaffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
05 01eaffec 00000000 KERNEL32!BaseThreadStart+0x52

Closing open log file C:\iisstate\output\IISState-360.log

~~~~~~~~~~~~~~~~~~~~~~~~~~

regards

Mark<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS5 - inetmon.exe at 99% 

The only thing going on is the logging of requests to the log file. I would
check to see if you have a virus scanner hitting the log file. You can also
look at the log file itself and see if there is unusual (i.e. DoS) activity.


Pat

"Mark Anderson" <mark RemoveThis @SPAMMENOTyeardley.demon.co.uk> wrote in message
news:OcyE7FtiEHA.2808@TK2MSFTNGP10.phx.gbl...
 >
 > "Pat [MSFT]" <patfilot RemoveThis @online.microsoft.com> wrote in message
 > news:eIF%23ASsiEHA.2688@TK2MSFTNGP15.phx.gbl...
  >> Next time it goes to high cpu, run IISState (www.iisfaq.com) against
  >> inetinfo and post the log. We may be able to identify the cause:
  >>
 > Here is is:
 > ~~~~~~~~~~~~~~~~~~~~~~~~~~
 > Opened log file 'C:\iisstate\output\IISState-360.log'
 >
 > ***********************
 > Starting new log output
 > IISState version 3.3.1
 >
 > Wed Aug 25 19:14:30 2004
 >
 > OS = Windows 2000
 > Executable: inetinfo.exe
 > PID = 360
 >
 > Note: Thread times are formatted as HH:MM:SS.ms
 >
 > ***********************
 >
 > Thread ID: 0
 > System Thread ID: 2c8
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0006f89c 7c5785d1 ntdll!ZwReadFile+0xb
 > 01 0006f910 7c2e4cd9 KERNEL32!ReadFile+0x181
 > 02 0006f93c 7c2e4b5f ADVAPI32!ScGetPipeInput+0x28
 > 03 0006f9b8 7c2e6632 ADVAPI32!ScDispatcherLoop+0x4a
 > 04 0006fbf4 01002884 ADVAPI32!StartServiceCtrlDispatcherA+0x7d
 > 05 0006fd30 01001e94 inetinfo!StartDispatchTable+0x2f1
 > 06 0006ff70 01002fbf inetinfo!main+0x654
 > 07 0006ffc0 7c581af6 inetinfo!mainCRTStartup+0xff
 > 08 0006fff0 00000000 KERNEL32!BaseProcessStart+0x3d
 >
 > Thread ID: 1
 > System Thread ID: 334
 > Kernel Time: 0:0:0.20
 > User Time: 0:0:0.50
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0049fd1c 7c573b28 ntdll!ZwWaitForSingleObject+0xb
 > 01 0049fd44 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
 > 02 0049fd54 6e6f1685 KERNEL32!WaitForSingleObject+0xf
 > 03 0049fd70 01002440 iisadmin!ServiceEntry+0x156
 > 04 0049ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
 > 05 0049ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
 > 06 0049ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 2
 > System Thread ID: 344
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0059fe5c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
 > 01 0059feac 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
 > 02 0059ff08 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
 > 03 0059ff24 6e5a5a7c USER32!MsgWaitForMultipleObjects+0x1d
 > 04 0059ff7c 780085bc IisRTL!SchedulerWorkerThread+0xa7
 > 05 0059ffb4 7c57438b MSVCRT!_endthreadex+0xc1
 > 06 0059ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 3
 > System Thread ID: 36c
 > Kernel Time: 0:0:0.50
 > User Time: 0:0:0.20
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 00c8fc1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
 > 01 00c8fc6c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
 > 02 00c8fcc8 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
 > 03 00c8fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
 > 04 00c8fd30 6fc6b2f0 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
 > 05 00c8fd70 01002440 ftpsvc2!ServiceEntry+0xc7
 > 06 00c8ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
 > 07 00c8ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
 > 08 00c8ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 4
 > System Thread ID: 370
 > Kernel Time: 0:0:0.30
 > User Time: 0:0:0.80
 > Thread Type: SMTP Service Worker Thread
 > # ChildEBP RetAddr
 > 00 00ccfc1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
 > 01 00ccfc6c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
 > 02 00ccfcc8 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
 > 03 00ccfce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
 > 04 00ccfd30 6b561a78 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
 > 05 00ccfd70 01002440 SMTPSVC!ServiceEntry+0x136
 > 06 00ccffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
 > 07 00ccffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
 > 08 00ccffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 5
 > System Thread ID: 374
 > Kernel Time: 0:0:0.10
 > User Time: 0:0:0.40
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 00d0fc1c 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
 > 01 00d0fc6c 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
 > 02 00d0fcc8 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
 > 03 00d0fce4 769c71e0 USER32!MsgWaitForMultipleObjects+0x1d
 > 04 00d0fd30 65f0cfd8 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x209
 > 05 00d0fd70 01002440 w3svc!ServiceEntry+0x1b5
 > 06 00d0ffa4 7c2e4e9b inetinfo!InetinfoStartService+0x2bd
 > 07 00d0ffb4 7c57438b ADVAPI32!ScSvcctrlThreadW+0xe
 > 08 00d0ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 6
 > System Thread ID: 338
 > Kernel Time: 0:0:15.221
 > User Time: 0:0:5.648
 > Thread Type: HTTP Listener
 > # ChildEBP RetAddr
 > 00 00d8ec98 7c57868f ntdll!ZwSetInformationFile+0xb
 > 01 00d8ece8 6e60e3a7 KERNEL32!SetFilePointer+0xb4
 > 02 00d8ee44 6e60e249 iislog!ILOG_FILE::PositionToEOF+0xea
 > 03 00d8ef6c 6e60e16b iislog!ILOG_FILE::OpenFile+0xc5
 > 04 00d8ef88 6e605719 iislog!ILOG_FILE::Open+0x6a
 > 05 00d8f1dc 6e605bec iislog!CLogFileCtrl::OpenLogFile+0x243
 > 06 00d8f1f4 6e6012c8 iislog!CLogFileCtrl::WriteLogInformation+0x122
 > 07 00d8f530 6d6f115a iislog!CLogFileCtrl::LogInformation+0xe0
 > 08 00d8f630 6d6f1101 iscomlog!COMLOG_CONTEXT::LogInformation+0x54
 > 09 00d8f638 769b1627 iscomlog!ComLogLogInformation+0x11
 > 0a 00d8f64c 65f1c7af INFOCOMM!LOGGING::LogInformation+0x24
 > 0b 00d8ff1c 65f01e1d w3svc!HTTP_REQ_BASE::WriteLogRecord+0x433
 > 0c 00d8ff38 65f047ef w3svc!CLIENT_CONN::DoWork+0x21d
 > 0d 00d8ff4c 6d701a22 w3svc!W3Completion+0x43
 > 0e 00d8ff80 6d7029a6 ISATQ!AtqpProcessContext+0x266
 > 0f 00d8ffb4 7c57438b ISATQ!AtqPoolThread+0x1a8
 > 10 00d8ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 7
 > System Thread ID: 39c
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > No remote call being made
 >
 > # ChildEBP RetAddr
 > 00 0114fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
 > 01 0114ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
 > 02 0114ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9
 > 03 0114ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
 > 04 0114ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
 > 05 0114ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 8
 > System Thread ID: 3a0
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0118fd20 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
 > 01 0118fd70 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
 > 02 0118fd88 778322b2 KERNEL32!WaitForMultipleObjects+0x17
 > 03 0118ffb4 7c57438b RTUTILS!TraceServerThread+0xde
 > 04 0118ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 9
 > System Thread ID: 3a4
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > No remote call being made
 >
 > # ChildEBP RetAddr
 > 00 011dfeb8 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
 > 01 011dfee4 77d31394 KERNEL32!GetQueuedCompletionStatus+0x27
 > 02 011dff20 77d3e93f RPCRT4!COMMON_ProcessCalls+0x9e
 > 03 011dff74 77d3e8c2 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x99
 > 04 011dff78 77d35924 RPCRT4!ProcessIOEventsWrapper+0x9
 > 05 011dffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
 > 06 011dffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
 > 07 011dffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 10
 > System Thread ID: 3a8
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0121ff00 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
 > 01 0121ff50 75037871 KERNEL32!WaitForMultipleObjectsEx+0xea
 > 02 0121ff6c 6fc66e80 WS2_32!WSAWaitForMultipleEvents+0x18
 > 03 0121ffb4 7c57438b ftpsvc2!PASV_ACCEPT_CONTEXT::AcceptThreadFunc+0x39
 > 04 0121ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 11
 > System Thread ID: 3ac
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0126ff20 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
 > 01 0126ff70 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
 > 02 0126ff88 701224fa KERNEL32!WaitForMultipleObjects+0x17
 > 03 0126ffb4 7c57438b exstrace!RegNotifyThread+0x6f
 > 04 0126ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 12
 > System Thread ID: 3b0
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 012aff24 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
 > 01 012aff74 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
 > 02 012aff8c 70121e6a KERNEL32!WaitForMultipleObjects+0x17
 > 03 012affb4 7c57438b exstrace!WriteTraceThread+0x2f
 > 04 012affec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 13
 > System Thread ID: 3b4
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 013eff64 7c573b28 ntdll!ZwWaitForSingleObject+0xb
 > 01 013eff8c 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
 > 02 013eff9c 6ff2841e KERNEL32!WaitForSingleObject+0xf
 > 03 013effb4 7c57438b FCACHDLL!CScheduleThread::ScheduleThread+0x22
 > 04 013effec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 14
 > System Thread ID: 3b8
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: SMTP Service Worker Thread
 > # ChildEBP RetAddr
 > 00 0152ff18 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
 > 01 0152ff68 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
 > 02 0152ff80 6b57b026 KERNEL32!WaitForMultipleObjects+0x17
 > 03 0152ffb4 7c57438b SMTPSVC!TcpRegNotifyThread+0x136
 > 04 0152ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 15
 > System Thread ID: 3bc
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: SMTP Service Worker Thread
 > # ChildEBP RetAddr
 > 00 0157ff68 7c573b28 ntdll!ZwWaitForSingleObject+0xb
 > 01 0157ff90 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
 > 02 0157ffa0 6b57ae5a KERNEL32!WaitForSingleObject+0xf
 > 03 0157ffb4 7c57438b SMTPSVC!FreeLibThread+0x1d
 > 04 0157ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 16
 > System Thread ID: 3c0
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: HTTP Compression Thread
 > # ChildEBP RetAddr
 > 00 015fff5c 7c573b28 ntdll!ZwWaitForSingleObject+0xb
 > 01 015fff84 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
 > 02 015fff94 732c3366 KERNEL32!WaitForSingleObject+0xf
 > 03 015fffb4 7c57438b compfilt!CompressionThread+0x29
 > 04 015fffc0 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 17
 > System Thread ID: 114
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 016ffe70 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
 > 01 016ffec0 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
 > 02 016fff1c 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
 > 03 016fff38 65f09ccb USER32!MsgWaitForMultipleObjects+0x1d
 > 04 016fff7c 78008454 w3svc!CMTACallbackThread::Thread+0x42
 > 05 016fffb4 7c57438b MSVCRT!_endthread+0xc6
 > 06 016fffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 18
 > System Thread ID: 3d0
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0173fea8 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
 > 01 0173fef8 77e119e6 KERNEL32!WaitForMultipleObjectsEx+0xea
 > 02 0173ff54 77e11ace USER32!MsgWaitForMultipleObjectsEx+0x153
 > 03 0173ff70 65f09d47 USER32!MsgWaitForMultipleObjects+0x1d
 > 04 0173ffb4 7c57438b w3svc!OleHackThread+0x88
 > 05 0173ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 19
 > System Thread ID: 3d4
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0177fce0 74fd1394 ntdll!ZwWaitForSingleObject+0xb
 > 01 0177fd1c 74fd3c59 msafd!SockWaitForSingleObject+0x1a8
 > 02 0177fe08 750312f5 msafd!WSPSelect+0x24e
 > 03 0177fe6c 6e2b3b6e WS2_32!select+0xe7
 > 04 0177ffb4 7c57438b inetsloc!SocketListenThread+0x51
 > 05 0177ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 20
 > System Thread ID: 3d8
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > No remote call being made
 >
 > # ChildEBP RetAddr
 > 00 017bfe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
 > 01 017bff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
 > 02 017bff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9
 > 03 017bffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
 > 04 017bffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
 > 05 017bffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 21
 > System Thread ID: 3dc
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: HTTP Listener
 > # ChildEBP RetAddr
 > 00 017ffdfc 74fd1394 ntdll!ZwWaitForSingleObject+0xb
 > 01 017ffe38 74fd3c59 msafd!SockWaitForSingleObject+0x1a8
 > 02 017fff24 750312f5 msafd!WSPSelect+0x24e
 > 03 017fff88 6d7075bd WS2_32!select+0xe7
 > 04 017fffb0 6d70791b ISATQ!ATQ_BMON_SET::BmonThreadFunc+0x22
 > 05 017fffb4 7c57438b ISATQ!BmonThreadFunc+0x9
 > 06 017fffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 22
 > System Thread ID: 3e0
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Other
 > # ChildEBP RetAddr
 > 00 0184ff54 7c573b28 ntdll!ZwWaitForSingleObject+0xb
 > 01 0184ff7c 7c573b50 KERNEL32!WaitForSingleObjectEx+0x71
 > 02 0184ff8c 741a99cd KERNEL32!WaitForSingleObject+0xf
 > 03 0184ffb4 7c57438b aqueue!CSMTP_RETRY_HANDLER::RetryThreadRoutine+0xce
 > 04 0184ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 23
 > System Thread ID: 3ec
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: SMTP Service Worker Thread
 > # ChildEBP RetAddr
 > 00 018cfed0 7c573c23 ntdll!ZwWaitForMultipleObjects+0xb
 > 01 018cff20 7c578f0d KERNEL32!WaitForMultipleObjectsEx+0xea
 > 02 018cff38 741900e1 KERNEL32!WaitForMultipleObjects+0x17
 > 03 018cff9c 6b56dccd aqueue!CConnMgr::GetNextConnection+0x1da
 > 04 018cffb4 7c57438b SMTPSVC!PERSIST_QUEUE::QueueThreadRoutine+0x23
 > 05 018cffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 24
 > System Thread ID: 644
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > No remote call being made
 >
 > # ChildEBP RetAddr
 > 00 01e2fe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
 > 01 01e2ff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
 > 02 01e2ff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9
 > 03 01e2ffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
 > 04 01e2ffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
 > 05 01e2ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 25
 > System Thread ID: 650
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: HTTP Listener
 > # ChildEBP RetAddr
 > 00 01e6ff50 7c573c73 ntdll!ZwRemoveIoCompletion+0xb
 > 01 01e6ff7c 6d702957 KERNEL32!GetQueuedCompletionStatus+0x27
 > 02 01e6ffb4 7c57438b ISATQ!AtqPoolThread+0x40
 > 03 01e6ffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Thread ID: 26
 > System Thread ID: 518
 > Kernel Time: 0:0:0.0
 > User Time: 0:0:0.0
 > Thread Type: Possible ASP page. Possible DCOM activity
 > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
 > Continuing with other analysis.
 >
 > No remote call being made
 >
 > # ChildEBP RetAddr
 > 00 01eafe24 77d37ba7 ntdll!ZwReplyWaitReceivePortEx+0xb
 > 01 01eaff74 77d37b4c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x74
 > 02 01eaff78 77d35924 RPCRT4!RecvLotsaCallsWrapper+0x9
 > 03 01eaffa8 77d358d6 RPCRT4!BaseCachedThreadRoutine+0x4f
 > 04 01eaffb4 7c57438b RPCRT4!ThreadStartRoutine+0x18
 > 05 01eaffec 00000000 KERNEL32!BaseThreadStart+0x52
 >
 > Closing open log file C:\iisstate\output\IISState-360.log
 >
 > ~~~~~~~~~~~~~~~~~~~~~~~~~~
 >
 > regards
 >
 > Mark
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS5 - inetmon.exe at 99% 

Pat,

Any thoughts on the isstate log stuff I posted? sorry to ask but I'm
really out of ideas and, no surprise, on a deadline.

Regards

Mark
 >> Stay informed about: IIS5 - inetmon.exe at 99% 

Pat,

 > The only thing going on is the logging of requests to the log file. I
would
 > check to see if you have a virus scanner hitting the log file. You
can also
 > look at the log file itself and see if there is unusual (i.e. DoS)
activity.

I have McAfee VirusScan Online - patched to date (and updated since the
crash) and that seems to be functioning OK.

Googling around on this topic it seems a corrupt metabase might be a
factor? I've no metabase back-up so if I uninstall ISS, remove the
current metabase (which I assume isn't removed) and re-install, what
sort of stuff do I have to reconfigure to get going? I'm a newb when it
comes to server/permissions stuff. FWIW, the drive is FAT32 (never got
round to going to NTFS and now don't dare u/g with so much info on the
drive.)

DoS seems unlikely as this is effectively on a private LAN and the web
connection is ICS on a different machine and which has ZoneAlarm Pro
which seems to keep everything out.

The thing confusing me the most is why a re-install didn't work. I'm
used to tinkering with Regedit so will try the metabase editor out - if
anyone suggests that I'm likely to be able to spot where corruption
might be be. I sense however, that I probably need to start over. Begs
the question as to whether there are other files I need to nuke post
uninstall and pre re-install.

Regards

Mark

"Pat [MSFT]" <patfilot RemoveThis @online.microsoft.com> wrote in message
news:uhPmqrviEHA.3320@TK2MSFTNGP11.phx.gbl...
 > The only thing going on is the logging of requests to the log file. I
would
 > check to see if you have a virus scanner hitting the log file. You
can also
 > look at the log file itself and see if there is unusual (i.e. DoS)
activity.
 >
 >
 > Pat
 >
 > "Mark Anderson" <mark RemoveThis @SPAMMENOTyeardley.demon.co.uk> wrote in message
 > news:OcyE7FtiEHA.2808@TK2MSFTNGP10.phx.gbl...
  > >
  > > "Pat [MSFT]" <patfilot RemoveThis @online.microsoft.com> wrote in message
  > > news:eIF%23ASsiEHA.2688@TK2MSFTNGP15.phx.gbl...
   > >> Next time it goes to high cpu, run IISState (www.iisfaq.com)
against
   > >> inetinfo and post the log. We may be able to identify the cause:
   > >><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS5 - inetmon.exe at 99% 

If you remove the metabase you must re-establish all your IIS configuration.=
Meaning, you must add each site, ftp, smtp, virtual folders etc into IIS.

John Cesta

---------------------------------
The CPU Checker - Maximize Server Uptime
LogFileManager - The only IIS Logfile Management Tool
DomainReportIt PRO - Helps Convert IIS Installs
<a style='text-decoration: underline;' href="http://www.serverautomationtools.com" target="_blank">http://www.serverautomationtools.com</a>


On Wed, 25 Aug 2004 19:40:57 -0400, Mark Anderson wrote:
 >=A0Pat,
  >>=A0The only thing going on is the logging of requests to the log
  >>=A0file. =A0I
 >=A0would
  >>=A0check to see if you have a virus scanner hitting the log file.
  >>=A0You
 >=A0can also
  >>=A0look at the log file itself and see if there is unusual (i.e. DoS)
 >=A0activity.
 >=A0I have McAfee VirusScan Online - patched to date (and updated since
 >=A0the
 >=A0crash) and that seems to be functioning OK.
 >=A0Googling around on this topic it seems a corrupt metabase might be a
 >=A0factor? =A0I've no metabase back-up so if I uninstall ISS, remove the
 >=A0current metabase (which I assume isn't removed) and re-install, what
 >=A0sort of stuff do I have to reconfigure to get going? =A0I'm a newb
 >=A0when it
 >=A0comes to server/permissions stuff. FWIW, the drive is FAT32 (never
 >=A0got
 >=A0round to going to NTFS and now don't dare u/g with so much info on
 >=A0the
 >=A0drive.)
 >=A0DoS seems unlikely as this is effectively on a private LAN and the
 >=A0web
 >=A0connection is ICS on a different machine and which has ZoneAlarm Pro
 >=A0which seems to keep everything out.
 >=A0The thing confusing me the most is why a re-install didn't work.
 >=A0I'm
 >=A0used to tinkering with Regedit so will try the metabase editor out -
 >=A0 if
 >=A0anyone suggests that I'm likely to be able to spot where corruption
 >=A0might be be. =A0I sense however, that I probably need to start over.
 >=A0Begs
 >=A0the question as to whether there are other files I need to nuke post
 >=A0uninstall and pre re-install.
 >=A0Regards
 >=A0Mark
 >=A0"Pat [MSFT]" <patfilot RemoveThis @online.microsoft.com>=A0wrote in message
 >=A0news:uhPmqrviEHA.3320@TK2MSFTNGP11.phx.gbl...
  >>=A0The only thing going on is the logging of requests to the log
  >>=A0file. =A0I
 >=A0would
  >>=A0check to see if you have a virus scanner hitting the log file.
  >>=A0You
 >=A0can also
  >>=A0look at the log file itself and see if there is unusual (i.e. DoS)
 >=A0activity.
  >>
  >>=A0Pat
  >>=A0"Mark Anderson" <mark RemoveThis @SPAMMENOTyeardley.demon.co.uk>=A0wrote in
  >>=A0message
  >>=A0news:OcyE7FtiEHA.2808@TK2MSFTNGP10.phx.gbl...
   >>>=A0"Pat [MSFT]" <patfilot RemoveThis @online.microsoft.com>=A0wrote in message
   >>>=A0news:eIF%23ASsiEHA.2688@TK2MSFTNGP15.phx.gbl...
   >>>>=A0Next time it goes to high cpu, run IISState (www.iisfaq.com)
 >=A0against
   >>>>=A0inetinfo and post the log. =A0We may be able to identify the
   >>>>=A0cause:<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS5 - inetmon.exe at 99% 

Guess that's my only option.

Regards

Mark

"John Cesta" <lists.TakeThisOut@lookwww.com> wrote in message
news:20048269332.183549@poolfact...


If you remove the metabase you must re-establish all your IIS
configuration. Meaning, you must add each site, ftp, smtp, virtual
folders etc into IIS.

John Cesta

---------------------------------
The CPU Checker - Maximize Server Uptime
LogFileManager - The only IIS Logfile Management Tool
DomainReportIt PRO - Helps Convert IIS Installs
<a style='text-decoration: underline;' href="http://www.serverautomationtools.com" target="_blank">http://www.serverautomationtools.com</a>


On Wed, 25 Aug 2004 19:40:57 -0400, Mark Anderson wrote:
 > Pat,
  >> The only thing going on is the logging of requests to the log
  >> file. I
 > would
  >> check to see if you have a virus scanner hitting the log file.
  >> You
 > can also
  >> look at the log file itself and see if there is unusual (i.e. DoS)
 > activity.
 > I have McAfee VirusScan Online - patched to date (and updated since
 > the
 > crash) and that seems to be functioning OK.
 > Googling around on this topic it seems a corrupt metabase might be a
 > factor? I've no metabase back-up so if I uninstall ISS, remove the
 > current metabase (which I assume isn't removed) and re-install, what
 > sort of stuff do I have to reconfigure to get going? I'm a newb
 > when it
 > comes to server/permissions stuff. FWIW, the drive is FAT32 (never
 > got
 > round to going to NTFS and now don't dare u/g with so much info on
 > the
 > drive.)
 > DoS seems unlikely as this is effectively on a private LAN and the
 > web
 > connection is ICS on a different machine and which has ZoneAlarm Pro
 > which seems to keep everything out.
 > The thing confusing me the most is why a re-install didn't work.
 > I'm
 > used to tinkering with Regedit so will try the metabase editor out -
 > if
 > anyone suggests that I'm likely to be able to spot where corruption
 > might be be. I sense however, that I probably need to start over.
 > Begs
 > the question as to whether there are other files I need to nuke post
 > uninstall and pre re-install.
 > Regards
 > Mark
 > "Pat [MSFT]" <patfilot.TakeThisOut@online.microsoft.com> wrote in message
 > news:uhPmqrviEHA.3320@TK2MSFTNGP11.phx.gbl...
  >> The only thing going on is the logging of requests to the log
  >> file. I
 > would
  >> check to see if you have a virus scanner hitting the log file.
  >> You
 > can also
  >> look at the log file itself and see if there is unusual (i.e. DoS)
 > activity.
  >>
  >> Pat
  >> "Mark Anderson" <mark.TakeThisOut@SPAMMENOTyeardley.demon.co.uk> wrote in
  >> message
  >> news:OcyE7FtiEHA.2808@TK2MSFTNGP10.phx.gbl...
   >>> "Pat [MSFT]" <patfilot.TakeThisOut@online.microsoft.com> wrote in message
   >>> news:eIF%23ASsiEHA.2688@TK2MSFTNGP15.phx.gbl...
   >>>> Next time it goes to high cpu, run IISState (www.iisfaq.com)
 > against
   >>>> inetinfo and post the log. We may be able to identify the
   >>>> cause:<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: IIS5 - inetmon.exe at 99%