What is wmiprvse.exe? And can I turn it off?

[area51]

x-no-archive: yes

It seems everyday at 1:22 my XP Pro machine hangs for a few second because
something is starting up. It turned out to be a network service called
Wimprvse.exe. According to Process Explorer it says the following about it:

Process: wmiprvse.exe Pid: 1868

Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
Event \BaseNamedObjects\userenv: User Profile setup event
Event \BaseNamedObjects\crypt32LogoffEvent
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM
File \Device\WMIDataDevice
File \Device\NamedPipe\ntsvcs
File \Device\Tcp
File \Device\Tcp
File \Device\Ip
File \Device\Ip
File \Device\Ip
File \Device\Gpc
File \Device\WMIDataDevice
File
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0
..10.0_x-ww_f7fb5805
File \Device\KsecDD
File C:\WINDOWS\system32
Key HKCR
Key HKLM
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
Key HKU
Key HKU\.DEFAULT
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKCR
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Port \RPC Control\OLE1e
Process wmiprvse.exe(1868)
Section \BaseNamedObjects\__R_000000000007_SMem__
Section \BaseNamedObjects\Wmi Provider Sub System Counters
Thread wmiprvse.exe(1868): 1972
Thread wmiprvse.exe(1868): 1384
Thread wmiprvse.exe(1868): 1964
Thread wmiprvse.exe(1868): 1212
Thread wmiprvse.exe(1868): 1344
Thread wmiprvse.exe(1868): 1344
Thread wmiprvse.exe(1868): 1972
Thread wmiprvse.exe(1868): 1800
Thread wmiprvse.exe(1868): 1280
Thread wmiprvse.exe(1868): 1800
Thread wmiprvse.exe(1868): 1972
Thread wmiprvse.exe(1868): 1384
Thread wmiprvse.exe(1868): 556
Token NT AUTHORITY\NETWORK SERVICE
Token NT AUTHORITY\SYSTEM
Token NT AUTHORITY\SYSTEM
WindowStation \Windows\WindowStations\Service-0x0-3e4$
WindowStation \Windows\WindowStations\Service-0x0-3e4$




What is this? Do I need it? May I disable it? If so, how? The service runs
for about 2 minutes. I have a stand alone PC connected to the internet via
cable modem. Spybot, adaware, and NAV all say my system is clean

Thanks

 

[Wesley Vogel]

I don't know what wmiprvse.exe is. If you mean wmiapsrv.exe,
I have mine disabled.
C:\WINDOWS\System32\wbem\wmiapsrv.exe

From Black Viper
http://www.blackviper.com/

[WMI Performance Adapter
I have not found a use for this service. Save the 2.5 MB to 6 MB of memory, this service
consumes.]
------------------

 

[Jack]

did you do a GOOGLE search on what it is....come on...be a little
aggressive...do some work on your own.....or have your little sister do
it...

 

[David Nimon]

Did you notice the NAME of this newsgroup??

We were ALL newbies once! Your information was useful to the sender was
useful; your sarcasm wasn't.

 

[Wesley Vogel]

David;
Did you happen to notice that the OP hasn't been
heard from since the original post on 1/19/2004?

Outside of the same post on another NG that I gave
the same reply to.

I DO agree with you about the sarcasm.

You're most definitely right, we were all newbies once. )
Keep having fun.