Continuous hard disk activity: wmiprvse.exe

[J]

I get continuous hard disk activity, about once per second, and using
Process Monitor I see that it's this program, wmiprvse.exe. I've read if
it's in the wrong place it could be a virus, but it's in the 2 proper system
folders I think. What do I do about it? Can I just delete it? Really
annoying! Thx.

 

[Leonard Grey]

Windows (and your other software) frequently perform tasks in the
background. That's normal.

Are you experiencing specific issues that concern you (error messages,
crashes, etc.)? If not, nothing to worry about.

 

[Twayne]

I get continuous hard disk activity, about once per second, and using

Process Monitor I see that it's this program, wmiprvse.exe. I've read
if it's in the wrong place it could be a virus, but it's in the 2
proper system folders I think. What do I do about it? Can I just
delete it? Really annoying! Thx.

As Leonard mentioned, if you aren't having any troubles, there is very
little to be concerned about. It could be one of several different
things working inthe background from indexing to antivirus checks I
suppose. Here is what Bill P Studios has to say about that file:
WMI
wmiprvse.exe

Company: Microsoft Corporation
Copyright: © Microsoft Corporation. All rights reserved.
Version: 5.1.2600.5512
Path: wmiprvse.exe
Created
2006-08-01 8:14 PM First Detected
File Size
218,112



WMI Provider Host Program – WMIPRVSE.EXE

Wmiprvse.exe is the Windows Management Instrumentation (WMI)
Provider Host program. This file is described by Microsoft as follows:
"In earlier versions of Windows, providers were loaded in-process with
the Windows Management service (WinMgmt.exe), running under the
LocalSystem security account. Failure of a provider caused the entire
WMI service to fail. The next request to WMI restarted the service.
Beginning with Windows XP, WMI resides in a shared service host with
several other services. To avoid stopping all the services when a
provider fails, providers are loaded into a separate host process
(Wmiprvse.exe). Wmiprvse.exe can run as either LocalSystem,
NetworkService, or LocalService depending on the hosting model. Multiple
instances of Wmiprvse.exe may run at the same time.". More info can be
found at
http://msdn.microsoft.com/library/d.../wmisdk/wmi/provider_hosting_and_security.asp.

In plain English, it would probably be a good idea to leave this
file running. If you stop wmiprvse.exe, winmgmt.exe, winmgt.exe,
wmaipsrv.exe, wmiexe.exe or wmisvc.dll, your system could become
unstable.


a.. Safe

Microsoft

 

[J]

Ok thanks for the replies. It just seems weird that it goes continuously
and this is what's going on, from Process monitor, over & over again:

11:55:39.6147794 PM wmiprvse.exe 2800 QueryOpen
C:\WINDOWS\system32\wbem\Perfctrs.dll NAME NOT FOUND

11:55:39.6151028 PM wmiprvse.exe 2800 QueryOpen
C:\WINDOWS\system32\perfctrs.dll SUCCESS CreationTime: 04/08/2004 8:00:00
AM, LastAccessTime: 26/12/2008 3:47:09 PM, LastWriteTime: 13/04/2008 8:12:02
PM, ChangeTime: 22/08/2008 9:15:57 PM, AllocationSize: 40,960, EndOfFile:
39,936, FileAttributes: ANCI

11:55:39.6159444 PM wmiprvse.exe 2800 QueryOpen
C:\WINDOWS\system32\perfctrs.dll SUCCESS CreationTime: 04/08/2004 8:00:00
AM, LastAccessTime: 26/12/2008 3:47:09 PM, LastWriteTime: 13/04/2008 8:12:02
PM, ChangeTime: 22/08/2008 9:15:57 PM, AllocationSize: 40,960, EndOfFile:
39,936, FileAttributes: ANCI

 

[Twayne]

Hmm, this one went over my head pretty quickly; I think you'll need more
power than I can provide.
The data you provided from the process monitor doesn't really look like
the problem; I'm guessing that something is busy the first time it asks
for it, but the second time it gets it, and successfully loads it,
satisfying at least that requirement. I'd more suspect it's what is
causing the query to begin with that's the problem and which host it
comes from. But I don't know where to go beyond that.

Is this new or has it "always been there" type of thing?

Did it start after a program install or changes to settings of a program
or programs? I think you can see why I'd ask something like that.

Have you done a disk defrag lately? Perhaps what you're hearing is
simply normal processes, reads/writes of scattered data as the OS
manages itself. If there is a lot of fragmentation, a defrag might cure
that.

Have you looked in Event Viewer for Errors? Start; Programs;
Accessories; System Tools; Event Viewer.
Look for any errors just before or even just after, the times of the
process monitor entries you detailed. There may be other errors in
Event Viewer, too; for now stick to the ones that seem to have somethign
to do with your problem. Are any of them in the 1S interval you
mentioned? IS there a repeating 1S task listed? Even if it's not an
error, it could be causign the query and nothing is really wrong. This
sort of trouble shooting can easily get confusing if one isn't careful.
A lot of times when I have a constant problem like that I'll blank
the Event Viewer log so I can see only what's happening NOW, and not in
the past. But it's not a necessity as long as you watch the dates
you're looking at and make sure they're relevant.

Are you sure you don't purposely have background tasks running that
could explain these disk accesses? Indexing, idle time defrags, on disk
background AV checks, monitors, things like that? A lot of programs do
work in the background while the computer is otherwise idle and 1S is
often the repeat time for monitors of about any kind.

Does it happen in Safe Mode?

Have you tried, in regular mode, using MSConfig to stop loaded tasks
from running and see if it goes away? MSConfig is a great
troubleshooting tool; if you can make it stop by stopping all the
backgrouns stuff, then you can add them back one at a time until it
starts again, and that'll tell you which program might be causing that
query to be sent. But ... I'm not even sure that query is relevant; can
you see it happening once per second? If not, it's likely a wild goose
chase there. Look for your 1 S timings you're hearing on the disk.

Unless your post trips a memory in someone, I think you have to go thru
all the above steps to get a handle on this. They can eliminate an
awful lot of things from being the source of the problem.

HTH

Twayne