IIS hangs and IISState log
IIS hangs and IISState log
am 23.10.2007 15:27:52 von chichikov
Hi there,
I'm having problems diagnosing why a website IIS 6 is hanging. It's
been happening sporadically for many weeks, but recently the problem
has become acute. The site hangs several times a day, and the fix is
to RDP to the server in question, start IE and navigate to the
external URL of the site. Usually, the RDP connection then breaks, but
external connectivity to the site is restored.
During the last time the problem happened, I collected data from
IISState. The log follows below - any help making sense of it would be
greatly appreciated!
Opened log file 'C:\Program Files\IIS Resources\IISState\output
\IISState.log'
***********************
Starting new log output
IISState version 3.0
Tue Oct 23 14:12:20 2007
OS = Windows 2003 Server
Executable: inetinfo.exe
PID = 512
Note: Thread times are formatted as HH:MM:SS.ms
***********************
Thread ID: 0
System Thread ID: ff0
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Type: Other
# ChildEBP RetAddr
00 0006f99c 7c821b84 ntdll!KiFastSystemCallRet
01 0006f9a0 77e4189f ntdll!NtReadFile+0xc
02 0006fa08 77f795ab kernel32!ReadFile+0x16c
03 0006fa34 77f7943c ADVAPI32!ScGetPipeInput+0x2a
04 0006faa8 77fb2ec9 ADVAPI32!ScDispatcherLoop+0x51
05 0006fcec 010027be ADVAPI32!StartServiceCtrlDispatcherA+0x93
06 0006fe1c 01002969 inetinfo!StartDispatchTable+0x277
07 0006ff44 0100339d inetinfo!main+0x117
08 0006ffc0 77e523e5 inetinfo!mainCRTStartup+0x12f
09 0006fff0 00000000 kernel32!BaseProcessStart+0x23
Thread ID: 1
System Thread ID: ef4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0082fe14 7c822124 ntdll!KiFastSystemCallRet
01 0082fe18 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 0082fe88 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 0082fe9c 01002ebf kernel32!WaitForSingleObject+0x12
04 0082ffb8 77e6608b inetinfo!W3SVCThreadEntry+0x3d
05 0082ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 2
System Thread ID: 96c
Kernel Time: 0:0:0.31
User Time: 0:0:0.46
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0086fcb8 7c822124 ntdll!KiFastSystemCallRet
01 0086fcbc 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 0086fd2c 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 0086fd40 649f26a4 kernel32!WaitForSingleObject+0x12
04 0086fd68 010024b3 iisadmin!ServiceEntry+0x28a
05 0086ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
06 0086ffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
07 0086ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 3
System Thread ID: 860
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 00c3ff9c 7c821364 ntdll!KiFastSystemCallRet
01 00c3ffa0 7c81fe26 ntdll!NtDelayExecution+0xc
02 00c3ffb8 77e6608b ntdll!RtlpTimerThread+0x47
03 00c3ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 4
System Thread ID: 3fc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 00d4feac 7c822114 ntdll!KiFastSystemCallRet
01 00d4feb0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 00d4ff58 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 00d4ff74 56f951ef kernel32!WaitForMultipleObjects+0x18
04 00d4ffa0 56f96a06 COADMIN!NOTIFY_CONTEXT::GetNextContext+0x67
05 00d4ffb8 77e6608b COADMIN!NOTIFY_CONTEXT::NotifyThreadProc+0x5f
06 00d4ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 5
System Thread ID: 690
Kernel Time: 0:0:0.31
User Time: 0:0:0.62
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0180fbb8 7c822114 ntdll!KiFastSystemCallRet
01 0180fbbc 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 0180fc64 7739cd38 kernel32!WaitForMultipleObjectsEx+0x11a
03 0180fcc0 7738e3b1 USER32!RealMsgWaitForMultipleObjectsEx+0x141
04 0180fcdc 6c7d63d5 USER32!MsgWaitForMultipleObjects+0x1f
05 0180fd28 4f075436 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x231
06 0180fd68 010024b3 SMTPSVC!ServiceEntry+0x12b
07 0180ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
08 0180ffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
09 0180ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 6
System Thread ID: 5f8
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01b3ff50 7c821bf4 ntdll!KiFastSystemCallRet
01 01b3ff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 01b3ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x29
03 01b3ffb8 77e6608b ISATQ!AtqPoolThread+0x40
04 01b3ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 7
System Thread ID: dc
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 01b7ff50 7c821bf4 ntdll!KiFastSystemCallRet
01 01b7ff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 01b7ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x29
03 01b7ffb8 77e6608b ISATQ!AtqPoolThread+0x40
04 01b7ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 8
System Thread ID: ac0
Kernel Time: 0:0:0.31
User Time: 0:0:0.31
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 01d7feac 7c821bf4 ntdll!KiFastSystemCallRet
01 01d7feb0 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 01d7fedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29
03 01d7ff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1
04 01d7ff84 77c5f9f7 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117
05 01d7ff8c 77c5f7e3 RPCRT4!ProcessIOEventsWrapper+0xd
06 01d7ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
07 01d7ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
08 01d7ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 9
System Thread ID: 9a8
Kernel Time: 0:0:0.0
User Time: 0:0:0.15
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 01dffcec 7c822114 ntdll!KiFastSystemCallRet
01 01dffcf0 7c83acfd ntdll!NtWaitForMultipleObjects+0xc
02 01dfffb8 77e6608b ntdll!RtlpWaitThread+0x161
03 01dfffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 10
System Thread ID: b50
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 01e3fec4 7c822114 ntdll!KiFastSystemCallRet
01 01e3fec8 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 01e3ff70 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 01e3ff8c 695324f7 kernel32!WaitForMultipleObjects+0x18
04 01e3ffb8 77e6608b exstrace!RegNotifyThread+0x6a
05 01e3ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 11
System Thread ID: 724
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 01e7fec8 7c822114 ntdll!KiFastSystemCallRet
01 01e7fecc 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 01e7ff74 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 01e7ff90 69531a1d kernel32!WaitForMultipleObjects+0x18
04 01e7ffb8 77e6608b exstrace!WriteTraceThread+0x31
05 01e7ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 12
System Thread ID: d48
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 020bff18 7c822124 ntdll!KiFastSystemCallRet
01 020bff1c 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 020bff8c 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 020bffa0 4ba58f8c kernel32!WaitForSingleObject+0x12
04 020bffb8 77e6608b FCACHDLL!CScheduleThread::ScheduleThread+0x61
05 020bffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 13
System Thread ID: 138
Kernel Time: 0:0:0.15
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 021ffebc 7c822114 ntdll!KiFastSystemCallRet
01 021ffec0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 021fff68 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 021fff84 4f08f0a4 kernel32!WaitForMultipleObjects+0x18
04 021fffb8 77e6608b SMTPSVC!TcpRegNotifyThread+0xde
05 021fffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 14
System Thread ID: b34
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 0223ff1c 7c822124 ntdll!KiFastSystemCallRet
01 0223ff20 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 0223ff90 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 0223ffa4 4f08ef41 kernel32!WaitForSingleObject+0x12
04 0223ffb8 77e6608b SMTPSVC!FreeLibThread+0x2e
05 0223ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 15
System Thread ID: 628
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 0298fe18 7c821c54 ntdll!KiFastSystemCallRet
01 0298fe1c 77c7539c ntdll!ZwReplyWaitReceivePortEx+0xc
02 0298ff84 77c5778c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 0298ff8c 77c5f7e3 RPCRT4!RecvLotsaCallsWrapper+0xd
04 0298ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 0298ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 0298ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 16
System Thread ID: 918
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 029cfe18 7c821c54 ntdll!KiFastSystemCallRet
01 029cfe1c 77c7539c ntdll!ZwReplyWaitReceivePortEx+0xc
02 029cff84 77c5778c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 029cff8c 77c5f7e3 RPCRT4!RecvLotsaCallsWrapper+0xd
04 029cffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 029cffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 029cffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 17
System Thread ID: 264
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 02a4ff0c 7c822124 ntdll!KiFastSystemCallRet
01 02a4ff10 77e6bad8 ntdll!NtWaitForSingleObject+0xc
02 02a4ff80 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
03 02a4ff94 4ef6f9e7 kernel32!WaitForSingleObject+0x12
04 02a4ffb8 77e6608b aqueue!CSMTP_RETRY_HANDLER::RetryThreadRoutine
+0xbd
05 02a4ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 18
System Thread ID: f3c
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: Other
# ChildEBP RetAddr
00 02acfe7c 7c822114 ntdll!KiFastSystemCallRet
01 02acfe80 77e67143 ntdll!NtWaitForMultipleObjects+0xc
02 02acff28 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
03 02acff44 4ef4cc27 kernel32!WaitForMultipleObjects+0x18
04 02acffa4 4f081cd6 aqueue!CConnMgr::GetNextConnection+0x1c4
05 02acffb8 77e6608b SMTPSVC!PERSIST_QUEUE::QueueThreadRoutine+0x23
06 02acffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 19
System Thread ID: 3f4
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Status: Thread is in a WAIT state.
Thread Type: HTTP Listener
# ChildEBP RetAddr
00 02a8fe0c 7c822124 ntdll!KiFastSystemCallRet
01 02a8fe10 71b23a09 ntdll!NtWaitForSingleObject+0xc
02 02a8fe4c 71b23a52 mswsock!SockWaitForSingleObject+0x19d
03 02a8ff3c 71c0470c mswsock!WSPSelect+0x380
04 02a8ff8c 63ec4696 WS2_32!select+0xb9
05 02a8ffb4 63ec4700 ISATQ!ATQ_BMON_SET::BmonThreadFunc+0x22
06 02a8ffb8 77e6608b ISATQ!BmonThreadFunc+0x9
07 63ec4700 8b575600 kernel32!BaseThreadStart+0x34
WARNING: Frame IP not in any known module. Following frames may be
wrong.
08 63ec4700 00000000 0x8b575600
Thread ID: 20
System Thread ID: 614
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 02bcfeac 7c821bf4 ntdll!KiFastSystemCallRet
01 02bcfeb0 77e66142 ntdll!NtRemoveIoCompletion+0xc
02 02bcfedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29
03 02bcff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1
04 02bcff84 77c5f9f7 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117
05 02bcff8c 77c5f7e3 RPCRT4!ProcessIOEventsWrapper+0xd
06 02bcffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
07 02bcffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
08 02bcffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 21
System Thread ID: ee8
Kernel Time: 0:0:0.31
User Time: 0:0:0.78
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 00c7fe18 7c821c54 ntdll!KiFastSystemCallRet
01 00c7fe1c 77c7539c ntdll!ZwReplyWaitReceivePortEx+0xc
02 00c7ff84 77c5778c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 00c7ff8c 77c5f7e3 RPCRT4!RecvLotsaCallsWrapper+0xd
04 00c7ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 00c7ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 00c7ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 22
System Thread ID: 198
Kernel Time: 0:0:0.31
User Time: 0:0:0.46
Thread Type: Possible ASP page. Possible DCOM activity
Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
Continuing with other analysis.
No remote call being made
# ChildEBP RetAddr
00 00bffe18 7c821c54 ntdll!KiFastSystemCallRet
01 00bffe1c 77c7539c ntdll!ZwReplyWaitReceivePortEx+0xc
02 00bfff84 77c5778c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
03 00bfff8c 77c5f7e3 RPCRT4!RecvLotsaCallsWrapper+0xd
04 00bfffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
05 00bfffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
06 00bfffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 23
System Thread ID: f80
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0114ff10 7c821364 ntdll!KiFastSystemCallRet
01 0114ff14 77e41ea7 ntdll!NtDelayExecution+0xc
02 0114ff7c 77e424c1 kernel32!SleepEx+0x68
03 0114ff8c 776b22a0 kernel32!Sleep+0xf
04 0114ff98 776b2307 ole32!CROIDTable::WorkerThreadLoop+0x14
05 0114ffac 776b2374 ole32!CRpcThread::WorkerLoop+0x1e
06 0114ffb8 77e6608b ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x20
07 0114ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 24
System Thread ID: 180
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0108ff70 7c821bf4 ntdll!KiFastSystemCallRet
01 0108ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
02 0108ffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
03 0108ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 25
System Thread ID: eec
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0118ff70 7c821bf4 ntdll!KiFastSystemCallRet
01 0118ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
02 0118ffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
03 0118ffec 00000000 kernel32!BaseThreadStart+0x34
Thread ID: 26
System Thread ID: d40
Kernel Time: 0:0:0.0
User Time: 0:0:0.0
Thread Type: Other
# ChildEBP RetAddr
00 0104ff70 7c821bf4 ntdll!KiFastSystemCallRet
01 0104ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
02 0104ffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
03 0104ffec 00000000 kernel32!BaseThreadStart+0x34
*****
Dump name is formatted as: PID-Timestamp.dmp
Creating C:\Program Files\IIS Resources\IISState\output
\512-1193145196.dmp - user full dump
Dump successfully written
*****
Closing open log file C:\Program Files\IIS Resources\IISState\output
\IISState.log
Sorry for the long post - any pointers would be really appreciated!
Re: IIS hangs and IISState log
am 23.10.2007 16:52:30 von Ken Schaefer
there is nothing in this log.
You may need to run IISState against the actual w3wp.exe process that is
hosting the relevant web app pool.
Cheers
Ken
--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
"chichikov" wrote in message
news:1193146072.115047.101180@q5g2000prf.googlegroups.com...
> Hi there,
>
> I'm having problems diagnosing why a website IIS 6 is hanging. It's
> been happening sporadically for many weeks, but recently the problem
> has become acute. The site hangs several times a day, and the fix is
> to RDP to the server in question, start IE and navigate to the
> external URL of the site. Usually, the RDP connection then breaks, but
> external connectivity to the site is restored.
>
> During the last time the problem happened, I collected data from
> IISState. The log follows below - any help making sense of it would be
> greatly appreciated!
>
> Opened log file 'C:\Program Files\IIS Resources\IISState\output
> \IISState.log'
>
> ***********************
> Starting new log output
> IISState version 3.0
>
> Tue Oct 23 14:12:20 2007
>
> OS = Windows 2003 Server
> Executable: inetinfo.exe
> PID = 512
>
> Note: Thread times are formatted as HH:MM:SS.ms
>
> ***********************
>
>
>
>
> Thread ID: 0
> System Thread ID: ff0
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.15
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0006f99c 7c821b84 ntdll!KiFastSystemCallRet
> 01 0006f9a0 77e4189f ntdll!NtReadFile+0xc
> 02 0006fa08 77f795ab kernel32!ReadFile+0x16c
> 03 0006fa34 77f7943c ADVAPI32!ScGetPipeInput+0x2a
> 04 0006faa8 77fb2ec9 ADVAPI32!ScDispatcherLoop+0x51
> 05 0006fcec 010027be ADVAPI32!StartServiceCtrlDispatcherA+0x93
> 06 0006fe1c 01002969 inetinfo!StartDispatchTable+0x277
> 07 0006ff44 0100339d inetinfo!main+0x117
> 08 0006ffc0 77e523e5 inetinfo!mainCRTStartup+0x12f
> 09 0006fff0 00000000 kernel32!BaseProcessStart+0x23
>
>
>
>
> Thread ID: 1
> System Thread ID: ef4
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0082fe14 7c822124 ntdll!KiFastSystemCallRet
> 01 0082fe18 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 0082fe88 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 0082fe9c 01002ebf kernel32!WaitForSingleObject+0x12
> 04 0082ffb8 77e6608b inetinfo!W3SVCThreadEntry+0x3d
> 05 0082ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 2
> System Thread ID: 96c
> Kernel Time: 0:0:0.31
> User Time: 0:0:0.46
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0086fcb8 7c822124 ntdll!KiFastSystemCallRet
> 01 0086fcbc 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 0086fd2c 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 0086fd40 649f26a4 kernel32!WaitForSingleObject+0x12
> 04 0086fd68 010024b3 iisadmin!ServiceEntry+0x28a
> 05 0086ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
> 06 0086ffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
> 07 0086ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 3
> System Thread ID: 860
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 00c3ff9c 7c821364 ntdll!KiFastSystemCallRet
> 01 00c3ffa0 7c81fe26 ntdll!NtDelayExecution+0xc
> 02 00c3ffb8 77e6608b ntdll!RtlpTimerThread+0x47
> 03 00c3ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 4
> System Thread ID: 3fc
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
> # ChildEBP RetAddr
> 00 00d4feac 7c822114 ntdll!KiFastSystemCallRet
> 01 00d4feb0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 00d4ff58 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 00d4ff74 56f951ef kernel32!WaitForMultipleObjects+0x18
> 04 00d4ffa0 56f96a06 COADMIN!NOTIFY_CONTEXT::GetNextContext+0x67
> 05 00d4ffb8 77e6608b COADMIN!NOTIFY_CONTEXT::NotifyThreadProc+0x5f
> 06 00d4ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 5
> System Thread ID: 690
> Kernel Time: 0:0:0.31
> User Time: 0:0:0.62
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0180fbb8 7c822114 ntdll!KiFastSystemCallRet
> 01 0180fbbc 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 0180fc64 7739cd38 kernel32!WaitForMultipleObjectsEx+0x11a
> 03 0180fcc0 7738e3b1 USER32!RealMsgWaitForMultipleObjectsEx+0x141
> 04 0180fcdc 6c7d63d5 USER32!MsgWaitForMultipleObjects+0x1f
> 05 0180fd28 4f075436 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x231
> 06 0180fd68 010024b3 SMTPSVC!ServiceEntry+0x12b
> 07 0180ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
> 08 0180ffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
> 09 0180ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 6
> System Thread ID: 5f8
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: HTTP Listener
> # ChildEBP RetAddr
> 00 01b3ff50 7c821bf4 ntdll!KiFastSystemCallRet
> 01 01b3ff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 01b3ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x29
> 03 01b3ffb8 77e6608b ISATQ!AtqPoolThread+0x40
> 04 01b3ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 7
> System Thread ID: dc
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: HTTP Listener
> # ChildEBP RetAddr
> 00 01b7ff50 7c821bf4 ntdll!KiFastSystemCallRet
> 01 01b7ff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 01b7ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x29
> 03 01b7ffb8 77e6608b ISATQ!AtqPoolThread+0x40
> 04 01b7ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 8
> System Thread ID: ac0
> Kernel Time: 0:0:0.31
> User Time: 0:0:0.31
> Thread Type: Possible ASP page. Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
> # ChildEBP RetAddr
> 00 01d7feac 7c821bf4 ntdll!KiFastSystemCallRet
> 01 01d7feb0 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 01d7fedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29
> 03 01d7ff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1
> 04 01d7ff84 77c5f9f7 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117
> 05 01d7ff8c 77c5f7e3 RPCRT4!ProcessIOEventsWrapper+0xd
> 06 01d7ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 07 01d7ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 08 01d7ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 9
> System Thread ID: 9a8
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.15
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
> # ChildEBP RetAddr
> 00 01dffcec 7c822114 ntdll!KiFastSystemCallRet
> 01 01dffcf0 7c83acfd ntdll!NtWaitForMultipleObjects+0xc
> 02 01dfffb8 77e6608b ntdll!RtlpWaitThread+0x161
> 03 01dfffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 10
> System Thread ID: b50
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
> # ChildEBP RetAddr
> 00 01e3fec4 7c822114 ntdll!KiFastSystemCallRet
> 01 01e3fec8 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 01e3ff70 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 01e3ff8c 695324f7 kernel32!WaitForMultipleObjects+0x18
> 04 01e3ffb8 77e6608b exstrace!RegNotifyThread+0x6a
> 05 01e3ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 11
> System Thread ID: 724
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
> # ChildEBP RetAddr
> 00 01e7fec8 7c822114 ntdll!KiFastSystemCallRet
> 01 01e7fecc 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 01e7ff74 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 01e7ff90 69531a1d kernel32!WaitForMultipleObjects+0x18
> 04 01e7ffb8 77e6608b exstrace!WriteTraceThread+0x31
> 05 01e7ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 12
> System Thread ID: d48
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
> # ChildEBP RetAddr
> 00 020bff18 7c822124 ntdll!KiFastSystemCallRet
> 01 020bff1c 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 020bff8c 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 020bffa0 4ba58f8c kernel32!WaitForSingleObject+0x12
> 04 020bffb8 77e6608b FCACHDLL!CScheduleThread::ScheduleThread+0x61
> 05 020bffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 13
> System Thread ID: 138
> Kernel Time: 0:0:0.15
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
> # ChildEBP RetAddr
> 00 021ffebc 7c822114 ntdll!KiFastSystemCallRet
> 01 021ffec0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 021fff68 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 021fff84 4f08f0a4 kernel32!WaitForMultipleObjects+0x18
> 04 021fffb8 77e6608b SMTPSVC!TcpRegNotifyThread+0xde
> 05 021fffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 14
> System Thread ID: b34
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0223ff1c 7c822124 ntdll!KiFastSystemCallRet
> 01 0223ff20 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 0223ff90 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 0223ffa4 4f08ef41 kernel32!WaitForSingleObject+0x12
> 04 0223ffb8 77e6608b SMTPSVC!FreeLibThread+0x2e
> 05 0223ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 15
> System Thread ID: 628
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page. Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
> # ChildEBP RetAddr
> 00 0298fe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 0298fe1c 77c7539c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 0298ff84 77c5778c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 0298ff8c 77c5f7e3 RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 0298ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 0298ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 0298ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 16
> System Thread ID: 918
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page. Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
> # ChildEBP RetAddr
> 00 029cfe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 029cfe1c 77c7539c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 029cff84 77c5778c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 029cff8c 77c5f7e3 RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 029cffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 029cffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 029cffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 17
> System Thread ID: 264
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
> # ChildEBP RetAddr
> 00 02a4ff0c 7c822124 ntdll!KiFastSystemCallRet
> 01 02a4ff10 77e6bad8 ntdll!NtWaitForSingleObject+0xc
> 02 02a4ff80 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
> 03 02a4ff94 4ef6f9e7 kernel32!WaitForSingleObject+0x12
> 04 02a4ffb8 77e6608b aqueue!CSMTP_RETRY_HANDLER::RetryThreadRoutine
> +0xbd
> 05 02a4ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 18
> System Thread ID: f3c
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: Other
> # ChildEBP RetAddr
> 00 02acfe7c 7c822114 ntdll!KiFastSystemCallRet
> 01 02acfe80 77e67143 ntdll!NtWaitForMultipleObjects+0xc
> 02 02acff28 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
> 03 02acff44 4ef4cc27 kernel32!WaitForMultipleObjects+0x18
> 04 02acffa4 4f081cd6 aqueue!CConnMgr::GetNextConnection+0x1c4
> 05 02acffb8 77e6608b SMTPSVC!PERSIST_QUEUE::QueueThreadRoutine+0x23
> 06 02acffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 19
> System Thread ID: 3f4
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Status: Thread is in a WAIT state.
> Thread Type: HTTP Listener
> # ChildEBP RetAddr
> 00 02a8fe0c 7c822124 ntdll!KiFastSystemCallRet
> 01 02a8fe10 71b23a09 ntdll!NtWaitForSingleObject+0xc
> 02 02a8fe4c 71b23a52 mswsock!SockWaitForSingleObject+0x19d
> 03 02a8ff3c 71c0470c mswsock!WSPSelect+0x380
> 04 02a8ff8c 63ec4696 WS2_32!select+0xb9
> 05 02a8ffb4 63ec4700 ISATQ!ATQ_BMON_SET::BmonThreadFunc+0x22
> 06 02a8ffb8 77e6608b ISATQ!BmonThreadFunc+0x9
> 07 63ec4700 8b575600 kernel32!BaseThreadStart+0x34
> WARNING: Frame IP not in any known module. Following frames may be
> wrong.
> 08 63ec4700 00000000 0x8b575600
>
>
>
>
> Thread ID: 20
> System Thread ID: 614
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Possible ASP page. Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
> # ChildEBP RetAddr
> 00 02bcfeac 7c821bf4 ntdll!KiFastSystemCallRet
> 01 02bcfeb0 77e66142 ntdll!NtRemoveIoCompletion+0xc
> 02 02bcfedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29
> 03 02bcff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1
> 04 02bcff84 77c5f9f7 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117
> 05 02bcff8c 77c5f7e3 RPCRT4!ProcessIOEventsWrapper+0xd
> 06 02bcffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 07 02bcffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 08 02bcffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 21
> System Thread ID: ee8
> Kernel Time: 0:0:0.31
> User Time: 0:0:0.78
> Thread Type: Possible ASP page. Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
> # ChildEBP RetAddr
> 00 00c7fe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 00c7fe1c 77c7539c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 00c7ff84 77c5778c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 00c7ff8c 77c5f7e3 RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 00c7ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 00c7ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 00c7ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 22
> System Thread ID: 198
> Kernel Time: 0:0:0.31
> User Time: 0:0:0.46
> Thread Type: Possible ASP page. Possible DCOM activity
> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> Continuing with other analysis.
>
> No remote call being made
>
> # ChildEBP RetAddr
> 00 00bffe18 7c821c54 ntdll!KiFastSystemCallRet
> 01 00bffe1c 77c7539c ntdll!ZwReplyWaitReceivePortEx+0xc
> 02 00bfff84 77c5778c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
> 03 00bfff8c 77c5f7e3 RPCRT4!RecvLotsaCallsWrapper+0xd
> 04 00bfffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
> 05 00bfffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
> 06 00bfffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 23
> System Thread ID: f80
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0114ff10 7c821364 ntdll!KiFastSystemCallRet
> 01 0114ff14 77e41ea7 ntdll!NtDelayExecution+0xc
> 02 0114ff7c 77e424c1 kernel32!SleepEx+0x68
> 03 0114ff8c 776b22a0 kernel32!Sleep+0xf
> 04 0114ff98 776b2307 ole32!CROIDTable::WorkerThreadLoop+0x14
> 05 0114ffac 776b2374 ole32!CRpcThread::WorkerLoop+0x1e
> 06 0114ffb8 77e6608b ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x20
> 07 0114ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 24
> System Thread ID: 180
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0108ff70 7c821bf4 ntdll!KiFastSystemCallRet
> 01 0108ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
> 02 0108ffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
> 03 0108ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 25
> System Thread ID: eec
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0118ff70 7c821bf4 ntdll!KiFastSystemCallRet
> 01 0118ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
> 02 0118ffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
> 03 0118ffec 00000000 kernel32!BaseThreadStart+0x34
>
>
>
>
> Thread ID: 26
> System Thread ID: d40
> Kernel Time: 0:0:0.0
> User Time: 0:0:0.0
> Thread Type: Other
> # ChildEBP RetAddr
> 00 0104ff70 7c821bf4 ntdll!KiFastSystemCallRet
> 01 0104ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
> 02 0104ffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
> 03 0104ffec 00000000 kernel32!BaseThreadStart+0x34
>
> *****
>
> Dump name is formatted as: PID-Timestamp.dmp
>
> Creating C:\Program Files\IIS Resources\IISState\output
> \512-1193145196.dmp - user full dump
> Dump successfully written
>
> *****
>
> Closing open log file C:\Program Files\IIS Resources\IISState\output
> \IISState.log
>
> Sorry for the long post - any pointers would be really appreciated!
>
Re: IIS hangs and IISState log
am 23.10.2007 22:35:48 von Rick Barber
Just a little more information to add:
You would do that by isstate -p XXXX where XXXX is the process ID (PID). If
you are having a hard time finding the PID for the specific w3wp.exe
process, you should be able to get it through running iisapp at a command
prompt.
--
Rick Barber
http://www.orcsweb.com
Managed Complex Hosting
#1 in Service and Support
"Ken Schaefer" wrote in message
news:uM5RvRYFIHA.5228@TK2MSFTNGP05.phx.gbl...
> there is nothing in this log.
>
> You may need to run IISState against the actual w3wp.exe process that is
> hosting the relevant web app pool.
>
> Cheers
> Ken
>
> --
> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>
> "chichikov" wrote in message
> news:1193146072.115047.101180@q5g2000prf.googlegroups.com...
>> Hi there,
>>
>> I'm having problems diagnosing why a website IIS 6 is hanging. It's
>> been happening sporadically for many weeks, but recently the problem
>> has become acute. The site hangs several times a day, and the fix is
>> to RDP to the server in question, start IE and navigate to the
>> external URL of the site. Usually, the RDP connection then breaks, but
>> external connectivity to the site is restored.
>>
>> During the last time the problem happened, I collected data from
>> IISState. The log follows below - any help making sense of it would be
>> greatly appreciated!
>>
>> Opened log file 'C:\Program Files\IIS Resources\IISState\output
>> \IISState.log'
>>
>> ***********************
>> Starting new log output
>> IISState version 3.0
>>
>> Tue Oct 23 14:12:20 2007
>>
>> OS = Windows 2003 Server
>> Executable: inetinfo.exe
>> PID = 512
>>
>> Note: Thread times are formatted as HH:MM:SS.ms
>>
>> ***********************
>>
>>
>>
>>
>> Thread ID: 0
>> System Thread ID: ff0
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.15
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 0006f99c 7c821b84 ntdll!KiFastSystemCallRet
>> 01 0006f9a0 77e4189f ntdll!NtReadFile+0xc
>> 02 0006fa08 77f795ab kernel32!ReadFile+0x16c
>> 03 0006fa34 77f7943c ADVAPI32!ScGetPipeInput+0x2a
>> 04 0006faa8 77fb2ec9 ADVAPI32!ScDispatcherLoop+0x51
>> 05 0006fcec 010027be ADVAPI32!StartServiceCtrlDispatcherA+0x93
>> 06 0006fe1c 01002969 inetinfo!StartDispatchTable+0x277
>> 07 0006ff44 0100339d inetinfo!main+0x117
>> 08 0006ffc0 77e523e5 inetinfo!mainCRTStartup+0x12f
>> 09 0006fff0 00000000 kernel32!BaseProcessStart+0x23
>>
>>
>>
>>
>> Thread ID: 1
>> System Thread ID: ef4
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 0082fe14 7c822124 ntdll!KiFastSystemCallRet
>> 01 0082fe18 77e6bad8 ntdll!NtWaitForSingleObject+0xc
>> 02 0082fe88 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
>> 03 0082fe9c 01002ebf kernel32!WaitForSingleObject+0x12
>> 04 0082ffb8 77e6608b inetinfo!W3SVCThreadEntry+0x3d
>> 05 0082ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 2
>> System Thread ID: 96c
>> Kernel Time: 0:0:0.31
>> User Time: 0:0:0.46
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 0086fcb8 7c822124 ntdll!KiFastSystemCallRet
>> 01 0086fcbc 77e6bad8 ntdll!NtWaitForSingleObject+0xc
>> 02 0086fd2c 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
>> 03 0086fd40 649f26a4 kernel32!WaitForSingleObject+0x12
>> 04 0086fd68 010024b3 iisadmin!ServiceEntry+0x28a
>> 05 0086ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
>> 06 0086ffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
>> 07 0086ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 3
>> System Thread ID: 860
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 00c3ff9c 7c821364 ntdll!KiFastSystemCallRet
>> 01 00c3ffa0 7c81fe26 ntdll!NtDelayExecution+0xc
>> 02 00c3ffb8 77e6608b ntdll!RtlpTimerThread+0x47
>> 03 00c3ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 4
>> System Thread ID: 3fc
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 00d4feac 7c822114 ntdll!KiFastSystemCallRet
>> 01 00d4feb0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
>> 02 00d4ff58 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
>> 03 00d4ff74 56f951ef kernel32!WaitForMultipleObjects+0x18
>> 04 00d4ffa0 56f96a06 COADMIN!NOTIFY_CONTEXT::GetNextContext+0x67
>> 05 00d4ffb8 77e6608b COADMIN!NOTIFY_CONTEXT::NotifyThreadProc+0x5f
>> 06 00d4ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 5
>> System Thread ID: 690
>> Kernel Time: 0:0:0.31
>> User Time: 0:0:0.62
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 0180fbb8 7c822114 ntdll!KiFastSystemCallRet
>> 01 0180fbbc 77e67143 ntdll!NtWaitForMultipleObjects+0xc
>> 02 0180fc64 7739cd38 kernel32!WaitForMultipleObjectsEx+0x11a
>> 03 0180fcc0 7738e3b1 USER32!RealMsgWaitForMultipleObjectsEx+0x141
>> 04 0180fcdc 6c7d63d5 USER32!MsgWaitForMultipleObjects+0x1f
>> 05 0180fd28 4f075436 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x231
>> 06 0180fd68 010024b3 SMTPSVC!ServiceEntry+0x12b
>> 07 0180ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc
>> 08 0180ffb8 77e6608b ADVAPI32!ScSvcctrlThreadA+0x21
>> 09 0180ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 6
>> System Thread ID: 5f8
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Type: HTTP Listener
>> # ChildEBP RetAddr
>> 00 01b3ff50 7c821bf4 ntdll!KiFastSystemCallRet
>> 01 01b3ff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
>> 02 01b3ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x29
>> 03 01b3ffb8 77e6608b ISATQ!AtqPoolThread+0x40
>> 04 01b3ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 7
>> System Thread ID: dc
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Type: HTTP Listener
>> # ChildEBP RetAddr
>> 00 01b7ff50 7c821bf4 ntdll!KiFastSystemCallRet
>> 01 01b7ff54 77e66142 ntdll!NtRemoveIoCompletion+0xc
>> 02 01b7ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x29
>> 03 01b7ffb8 77e6608b ISATQ!AtqPoolThread+0x40
>> 04 01b7ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 8
>> System Thread ID: ac0
>> Kernel Time: 0:0:0.31
>> User Time: 0:0:0.31
>> Thread Type: Possible ASP page. Possible DCOM activity
>> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
>> Continuing with other analysis.
>>
>> No remote call being made
>>
>> # ChildEBP RetAddr
>> 00 01d7feac 7c821bf4 ntdll!KiFastSystemCallRet
>> 01 01d7feb0 77e66142 ntdll!NtRemoveIoCompletion+0xc
>> 02 01d7fedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29
>> 03 01d7ff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1
>> 04 01d7ff84 77c5f9f7 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117
>> 05 01d7ff8c 77c5f7e3 RPCRT4!ProcessIOEventsWrapper+0xd
>> 06 01d7ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
>> 07 01d7ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
>> 08 01d7ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 9
>> System Thread ID: 9a8
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.15
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 01dffcec 7c822114 ntdll!KiFastSystemCallRet
>> 01 01dffcf0 7c83acfd ntdll!NtWaitForMultipleObjects+0xc
>> 02 01dfffb8 77e6608b ntdll!RtlpWaitThread+0x161
>> 03 01dfffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 10
>> System Thread ID: b50
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 01e3fec4 7c822114 ntdll!KiFastSystemCallRet
>> 01 01e3fec8 77e67143 ntdll!NtWaitForMultipleObjects+0xc
>> 02 01e3ff70 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
>> 03 01e3ff8c 695324f7 kernel32!WaitForMultipleObjects+0x18
>> 04 01e3ffb8 77e6608b exstrace!RegNotifyThread+0x6a
>> 05 01e3ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 11
>> System Thread ID: 724
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 01e7fec8 7c822114 ntdll!KiFastSystemCallRet
>> 01 01e7fecc 77e67143 ntdll!NtWaitForMultipleObjects+0xc
>> 02 01e7ff74 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
>> 03 01e7ff90 69531a1d kernel32!WaitForMultipleObjects+0x18
>> 04 01e7ffb8 77e6608b exstrace!WriteTraceThread+0x31
>> 05 01e7ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 12
>> System Thread ID: d48
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 020bff18 7c822124 ntdll!KiFastSystemCallRet
>> 01 020bff1c 77e6bad8 ntdll!NtWaitForSingleObject+0xc
>> 02 020bff8c 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
>> 03 020bffa0 4ba58f8c kernel32!WaitForSingleObject+0x12
>> 04 020bffb8 77e6608b FCACHDLL!CScheduleThread::ScheduleThread+0x61
>> 05 020bffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 13
>> System Thread ID: 138
>> Kernel Time: 0:0:0.15
>> User Time: 0:0:0.0
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 021ffebc 7c822114 ntdll!KiFastSystemCallRet
>> 01 021ffec0 77e67143 ntdll!NtWaitForMultipleObjects+0xc
>> 02 021fff68 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
>> 03 021fff84 4f08f0a4 kernel32!WaitForMultipleObjects+0x18
>> 04 021fffb8 77e6608b SMTPSVC!TcpRegNotifyThread+0xde
>> 05 021fffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 14
>> System Thread ID: b34
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 0223ff1c 7c822124 ntdll!KiFastSystemCallRet
>> 01 0223ff20 77e6bad8 ntdll!NtWaitForSingleObject+0xc
>> 02 0223ff90 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
>> 03 0223ffa4 4f08ef41 kernel32!WaitForSingleObject+0x12
>> 04 0223ffb8 77e6608b SMTPSVC!FreeLibThread+0x2e
>> 05 0223ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 15
>> System Thread ID: 628
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Type: Possible ASP page. Possible DCOM activity
>> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
>> Continuing with other analysis.
>>
>> No remote call being made
>>
>> # ChildEBP RetAddr
>> 00 0298fe18 7c821c54 ntdll!KiFastSystemCallRet
>> 01 0298fe1c 77c7539c ntdll!ZwReplyWaitReceivePortEx+0xc
>> 02 0298ff84 77c5778c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
>> 03 0298ff8c 77c5f7e3 RPCRT4!RecvLotsaCallsWrapper+0xd
>> 04 0298ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
>> 05 0298ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
>> 06 0298ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 16
>> System Thread ID: 918
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Type: Possible ASP page. Possible DCOM activity
>> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
>> Continuing with other analysis.
>>
>> No remote call being made
>>
>> # ChildEBP RetAddr
>> 00 029cfe18 7c821c54 ntdll!KiFastSystemCallRet
>> 01 029cfe1c 77c7539c ntdll!ZwReplyWaitReceivePortEx+0xc
>> 02 029cff84 77c5778c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
>> 03 029cff8c 77c5f7e3 RPCRT4!RecvLotsaCallsWrapper+0xd
>> 04 029cffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
>> 05 029cffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
>> 06 029cffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 17
>> System Thread ID: 264
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 02a4ff0c 7c822124 ntdll!KiFastSystemCallRet
>> 01 02a4ff10 77e6bad8 ntdll!NtWaitForSingleObject+0xc
>> 02 02a4ff80 77e6ba42 kernel32!WaitForSingleObjectEx+0xac
>> 03 02a4ff94 4ef6f9e7 kernel32!WaitForSingleObject+0x12
>> 04 02a4ffb8 77e6608b aqueue!CSMTP_RETRY_HANDLER::RetryThreadRoutine
>> +0xbd
>> 05 02a4ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 18
>> System Thread ID: f3c
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 02acfe7c 7c822114 ntdll!KiFastSystemCallRet
>> 01 02acfe80 77e67143 ntdll!NtWaitForMultipleObjects+0xc
>> 02 02acff28 77e6109d kernel32!WaitForMultipleObjectsEx+0x11a
>> 03 02acff44 4ef4cc27 kernel32!WaitForMultipleObjects+0x18
>> 04 02acffa4 4f081cd6 aqueue!CConnMgr::GetNextConnection+0x1c4
>> 05 02acffb8 77e6608b SMTPSVC!PERSIST_QUEUE::QueueThreadRoutine+0x23
>> 06 02acffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 19
>> System Thread ID: 3f4
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Status: Thread is in a WAIT state.
>> Thread Type: HTTP Listener
>> # ChildEBP RetAddr
>> 00 02a8fe0c 7c822124 ntdll!KiFastSystemCallRet
>> 01 02a8fe10 71b23a09 ntdll!NtWaitForSingleObject+0xc
>> 02 02a8fe4c 71b23a52 mswsock!SockWaitForSingleObject+0x19d
>> 03 02a8ff3c 71c0470c mswsock!WSPSelect+0x380
>> 04 02a8ff8c 63ec4696 WS2_32!select+0xb9
>> 05 02a8ffb4 63ec4700 ISATQ!ATQ_BMON_SET::BmonThreadFunc+0x22
>> 06 02a8ffb8 77e6608b ISATQ!BmonThreadFunc+0x9
>> 07 63ec4700 8b575600 kernel32!BaseThreadStart+0x34
>> WARNING: Frame IP not in any known module. Following frames may be
>> wrong.
>> 08 63ec4700 00000000 0x8b575600
>>
>>
>>
>>
>> Thread ID: 20
>> System Thread ID: 614
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Type: Possible ASP page. Possible DCOM activity
>> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
>> Continuing with other analysis.
>>
>> No remote call being made
>>
>> # ChildEBP RetAddr
>> 00 02bcfeac 7c821bf4 ntdll!KiFastSystemCallRet
>> 01 02bcfeb0 77e66142 ntdll!NtRemoveIoCompletion+0xc
>> 02 02bcfedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29
>> 03 02bcff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1
>> 04 02bcff84 77c5f9f7 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117
>> 05 02bcff8c 77c5f7e3 RPCRT4!ProcessIOEventsWrapper+0xd
>> 06 02bcffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
>> 07 02bcffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
>> 08 02bcffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 21
>> System Thread ID: ee8
>> Kernel Time: 0:0:0.31
>> User Time: 0:0:0.78
>> Thread Type: Possible ASP page. Possible DCOM activity
>> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
>> Continuing with other analysis.
>>
>> No remote call being made
>>
>> # ChildEBP RetAddr
>> 00 00c7fe18 7c821c54 ntdll!KiFastSystemCallRet
>> 01 00c7fe1c 77c7539c ntdll!ZwReplyWaitReceivePortEx+0xc
>> 02 00c7ff84 77c5778c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
>> 03 00c7ff8c 77c5f7e3 RPCRT4!RecvLotsaCallsWrapper+0xd
>> 04 00c7ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
>> 05 00c7ffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
>> 06 00c7ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 22
>> System Thread ID: 198
>> Kernel Time: 0:0:0.31
>> User Time: 0:0:0.46
>> Thread Type: Possible ASP page. Possible DCOM activity
>> Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
>> Continuing with other analysis.
>>
>> No remote call being made
>>
>> # ChildEBP RetAddr
>> 00 00bffe18 7c821c54 ntdll!KiFastSystemCallRet
>> 01 00bffe1c 77c7539c ntdll!ZwReplyWaitReceivePortEx+0xc
>> 02 00bfff84 77c5778c RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198
>> 03 00bfff8c 77c5f7e3 RPCRT4!RecvLotsaCallsWrapper+0xd
>> 04 00bfffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d
>> 05 00bfffb8 77e6608b RPCRT4!ThreadStartRoutine+0x1b
>> 06 00bfffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 23
>> System Thread ID: f80
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 0114ff10 7c821364 ntdll!KiFastSystemCallRet
>> 01 0114ff14 77e41ea7 ntdll!NtDelayExecution+0xc
>> 02 0114ff7c 77e424c1 kernel32!SleepEx+0x68
>> 03 0114ff8c 776b22a0 kernel32!Sleep+0xf
>> 04 0114ff98 776b2307 ole32!CROIDTable::WorkerThreadLoop+0x14
>> 05 0114ffac 776b2374 ole32!CRpcThread::WorkerLoop+0x1e
>> 06 0114ffb8 77e6608b ole32!CRpcThreadCache::RpcWorkerThreadEntry+0x20
>> 07 0114ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 24
>> System Thread ID: 180
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 0108ff70 7c821bf4 ntdll!KiFastSystemCallRet
>> 01 0108ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
>> 02 0108ffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
>> 03 0108ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 25
>> System Thread ID: eec
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 0118ff70 7c821bf4 ntdll!KiFastSystemCallRet
>> 01 0118ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
>> 02 0118ffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
>> 03 0118ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>>
>>
>>
>> Thread ID: 26
>> System Thread ID: d40
>> Kernel Time: 0:0:0.0
>> User Time: 0:0:0.0
>> Thread Type: Other
>> # ChildEBP RetAddr
>> 00 0104ff70 7c821bf4 ntdll!KiFastSystemCallRet
>> 01 0104ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc
>> 02 0104ffb8 77e6608b ntdll!RtlpWorkerThread+0x3d
>> 03 0104ffec 00000000 kernel32!BaseThreadStart+0x34
>>
>> *****
>>
>> Dump name is formatted as: PID-Timestamp.dmp
>>
>> Creating C:\Program Files\IIS Resources\IISState\output
>> \512-1193145196.dmp - user full dump
>> Dump successfully written
>>
>> *****
>>
>> Closing open log file C:\Program Files\IIS Resources\IISState\output
>> \IISState.log
>>
>> Sorry for the long post - any pointers would be really appreciated!
>>
>