Hmm, this one went over my head pretty quickly; I think you'll need more
power than I can provide.
The data you provided from the process monitor doesn't really look like
the problem; I'm guessing that something is busy the first time it asks
for it, but the second time it gets it, and successfully loads it,
satisfying at least that requirement. I'd more suspect it's what is
causing the query to begin with that's the problem and which host it
comes from. But I don't know where to go beyond that.
Is this new or has it "always been there" type of thing?
Did it start after a program install or changes to settings of a program
or programs? I think you can see why I'd ask something like that.
Have you done a disk defrag lately? Perhaps what you're hearing is
simply normal processes, reads/writes of scattered data as the OS
manages itself. If there is a lot of fragmentation, a defrag might cure
that.
Have you looked in Event Viewer for Errors? Start; Programs;
Accessories; System Tools; Event Viewer.
Look for any errors just before or even just after, the times of the
process monitor entries you detailed. There may be other errors in
Event Viewer, too; for now stick to the ones that seem to have somethign
to do with your problem. Are any of them in the 1S interval you
mentioned? IS there a repeating 1S task listed? Even if it's not an
error, it could be causign the query and nothing is really wrong. This
sort of trouble shooting can easily get confusing if one isn't careful.
A lot of times when I have a constant problem like that I'll blank
the Event Viewer log so I can see only what's happening NOW, and not in
the past. But it's not a necessity as long as you watch the dates
you're looking at and make sure they're relevant.
Are you sure you don't purposely have background tasks running that
could explain these disk accesses? Indexing, idle time defrags, on disk
background AV checks, monitors, things like that? A lot of programs do
work in the background while the computer is otherwise idle and 1S is
often the repeat time for monitors of about any kind.
Does it happen in Safe Mode?
Have you tried, in regular mode, using MSConfig to stop loaded tasks
from running and see if it goes away? MSConfig is a great
troubleshooting tool; if you can make it stop by stopping all the
backgrouns stuff, then you can add them back one at a time until it
starts again, and that'll tell you which program might be causing that
query to be sent. But ... I'm not even sure that query is relevant; can
you see it happening once per second? If not, it's likely a wild goose
chase there. Look for your 1 S timings you're hearing on the disk.
Unless your post trips a memory in someone, I think you have to go thru
all the above steps to get a handle on this. They can eliminate an
awful lot of things from being the source of the problem.
HTH
Twayne
> Ok thanks for the replies. It just seems weird that it goes
> continuously and this is what's going on, from Process monitor, over
> & over again:
> 11:55:39.6147794 PM wmiprvse.exe 2800 QueryOpen
> C:\WINDOWS\system32\wbem\Perfctrs.dll NAME NOT FOUND
>
> 11:55:39.6151028 PM wmiprvse.exe 2800 QueryOpen
> C:\WINDOWS\system32\perfctrs.dll SUCCESS CreationTime: 04/08/2004
> 8:00:00 AM, LastAccessTime: 26/12/2008 3:47:09 PM, LastWriteTime:
> 13/04/2008 8:12:02 PM, ChangeTime: 22/08/2008 9:15:57 PM,
> AllocationSize: 40,960, EndOfFile: 39,936, FileAttributes: ANCI
>
> 11:55:39.6159444 PM wmiprvse.exe 2800 QueryOpen
> C:\WINDOWS\system32\perfctrs.dll SUCCESS CreationTime: 04/08/2004
> 8:00:00 AM, LastAccessTime: 26/12/2008 3:47:09 PM, LastWriteTime:
> 13/04/2008 8:12:02 PM, ChangeTime: 22/08/2008 9:15:57 PM,
> AllocationSize: 40,960, EndOfFile: 39,936, FileAttributes: ANCI
>
>
> "Twayne" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>> I get continuous hard disk activity, about once per second, and
>>> using Process Monitor I see that it's this program, wmiprvse.exe.
>>> I've read if it's in the wrong place it could be a virus, but it's
>>> in the 2 proper system folders I think. What do I do about it? Can
>>> I just delete it? Really annoying! Thx.
>>
>> As Leonard mentioned, if you aren't having any troubles, there is
>> very little to be concerned about. It could be one of several
>> different things working inthe background from indexing to antivirus
>> checks I suppose. Here is what Bill P Studios has to say about that
>> file: WMI
>> wmiprvse.exe
>>
>> Company: Microsoft Corporation
>> Copyright: © Microsoft Corporation. All rights reserved.
>> Version: 5.1.2600.5512
>> Path: wmiprvse.exe
>> Created
>> 2006-08-01 8:14 PM First Detected
>> File Size
>> 218,112
>>
>>
>>
>> WMI Provider Host Program - WMIPRVSE.EXE
>>
>> Wmiprvse.exe is the Windows Management Instrumentation (WMI)
>> Provider Host program. This file is described by Microsoft as
>> follows: "In earlier versions of Windows, providers were loaded
>> in-process with the Windows Management service (WinMgmt.exe),
>> running under the LocalSystem security account. Failure of a
>> provider caused the entire WMI service to fail. The next request to
>> WMI restarted the service. Beginning with Windows XP, WMI resides in
>> a shared service host with several other services. To avoid stopping
>> all the services when a provider fails, providers are loaded into a
>> separate host process (Wmiprvse.exe). Wmiprvse.exe can run as either
>> LocalSystem, NetworkService, or LocalService depending on the
>> hosting model. Multiple instances of Wmiprvse.exe may run at the
>> same time.". More info can be found at
>> http://msdn.microsoft.com/library/de...d_security.asp.
>>
>> In plain English, it would probably be a good idea to leave
>> this file running. If you stop wmiprvse.exe, winmgmt.exe,
>> winmgt.exe, wmaipsrv.exe, wmiexe.exe or wmisvc.dll, your system
>> could become unstable. a.. Safe
>>
>> Microsoft
Similar Threads
