What is wmiprvse.exe? And can I turn it off? [Archive]

View Full Version : What is wmiprvse.exe? And can I turn it off?

area51

January 20th 04, 03:01 AM

x-no-archive: yes

It seems everyday at 1:22 my XP Pro machine hangs for a few second because
something is starting up. It turned out to be a network service called
Wimprvse.exe. According to Process Explorer it says the following about it:

Process: wmiprvse.exe Pid: 1868

Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
Event \BaseNamedObjects\userenv: User Profile setup event
Event \BaseNamedObjects\crypt32LogoffEvent
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM
File \Device\WMIDataDevice
File \Device\NamedPipe\ntsvcs
File \Device\Tcp
File \Device\Tcp
File \Device\Ip
File \Device\Ip
File \Device\Ip
File \Device\Gpc
File \Device\WMIDataDevice
File
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0
..10.0_x-ww_f7fb5805
File \Device\KsecDD
File C:\WINDOWS\system32
Key HKCR
Key HKLM
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameter s
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameter s\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameter s
Key HKU
Key HKU\.DEFAULT
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKCR
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Port \RPC Control\OLE1e
Process wmiprvse.exe(1868)
Section \BaseNamedObjects\__R_000000000007_SMem__
Section \BaseNamedObjects\Wmi Provider Sub System Counters
Thread wmiprvse.exe(1868): 1972
Thread wmiprvse.exe(1868): 1384
Thread wmiprvse.exe(1868): 1964
Thread wmiprvse.exe(1868): 1212
Thread wmiprvse.exe(1868): 1344
Thread wmiprvse.exe(1868): 1344
Thread wmiprvse.exe(1868): 1972
Thread wmiprvse.exe(1868): 1800
Thread wmiprvse.exe(1868): 1280
Thread wmiprvse.exe(1868): 1800
Thread wmiprvse.exe(1868): 1972
Thread wmiprvse.exe(1868): 1384
Thread wmiprvse.exe(1868): 556
Token NT AUTHORITY\NETWORK SERVICE
Token NT AUTHORITY\SYSTEM
Token NT AUTHORITY\SYSTEM
WindowStation \Windows\WindowStations\Service-0x0-3e4$
WindowStation \Windows\WindowStations\Service-0x0-3e4$

What is this? Do I need it? May I disable it? If so, how? The service runs
for about 2 minutes. I have a stand alone PC connected to the internet via
cable modem. Spybot, adaware, and NAV all say my system is clean :)

Thanks

Wesley Vogel

January 20th 04, 05:01 AM

I don't know what wmiprvse.exe is. If you mean wmiapsrv.exe,
I have mine disabled.
C:\WINDOWS\System32\wbem\wmiapsrv.exe

From Black Viper
http://www.blackviper.com/

[WMI Performance Adapter
I have not found a use for this service. Save the 2.5 MB to 6 MB of memory, this service
consumes.]
------------------
--
Hope this helps. Let us know.
Wes

In ,
area51 > hunted and pecked:
> x-no-archive: yes
>
> It seems everyday at 1:22 my XP Pro machine hangs for a few second because
> something is starting up. It turned out to be a network service called
> Wimprvse.exe. According to Process Explorer it says the following about it:
>
> Process: wmiprvse.exe Pid: 1868
>
> Type Name
> Desktop \Default
> Directory \Windows
> Directory \BaseNamedObjects
> Directory \KnownDlls
> Event \BaseNamedObjects\userenv: User Profile setup event
> Event \BaseNamedObjects\crypt32LogoffEvent
> Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
> Event \BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM
> File \Device\WMIDataDevice
> File \Device\NamedPipe\ntsvcs
> File \Device\Tcp
> File \Device\Tcp
> File \Device\Ip
> File \Device\Ip
> File \Device\Ip
> File \Device\Gpc
> File \Device\WMIDataDevice
> File
> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0
> .10.0_x-ww_f7fb5805
> File \Device\KsecDD
> File C:\WINDOWS\system32
> Key HKCR
> Key HKLM
> Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
> Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameter s
> Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameter s\Interfaces
> Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameter s
> Key HKU
> Key HKU\.DEFAULT
> Key HKCR
> Key HKLM\SOFTWARE\Microsoft\COM3
> Key HKU
> Key HKCR
> Key HKU
> Key HKLM\SOFTWARE\Microsoft\COM3
> Key HKLM\SOFTWARE\Microsoft\COM3
> Key HKCR\CLSID
> Key HKCR
> Key HKLM\SOFTWARE\Microsoft\COM3
> Key HKU
> Key HKLM\SOFTWARE\Microsoft\COM3
> Key HKLM\SOFTWARE\Microsoft\COM3
> Key HKCR\CLSID
> KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
> Port \RPC Control\OLE1e
> Process wmiprvse.exe(1868)
> Section \BaseNamedObjects\__R_000000000007_SMem__
> Section \BaseNamedObjects\Wmi Provider Sub System Counters
> Thread wmiprvse.exe(1868): 1972
> Thread wmiprvse.exe(1868): 1384
> Thread wmiprvse.exe(1868): 1964
> Thread wmiprvse.exe(1868): 1212
> Thread wmiprvse.exe(1868): 1344
> Thread wmiprvse.exe(1868): 1344
> Thread wmiprvse.exe(1868): 1972
> Thread wmiprvse.exe(1868): 1800
> Thread wmiprvse.exe(1868): 1280
> Thread wmiprvse.exe(1868): 1800
> Thread wmiprvse.exe(1868): 1972
> Thread wmiprvse.exe(1868): 1384
> Thread wmiprvse.exe(1868): 556
> Token NT AUTHORITY\NETWORK SERVICE
> Token NT AUTHORITY\SYSTEM
> Token NT AUTHORITY\SYSTEM
> WindowStation \Windows\WindowStations\Service-0x0-3e4$
> WindowStation \Windows\WindowStations\Service-0x0-3e4$
>
>
>
>
> What is this? Do I need it? May I disable it? If so, how? The service runs
> for about 2 minutes. I have a stand alone PC connected to the internet via
> cable modem. Spybot, adaware, and NAV all say my system is clean :)
>
> Thanks

Jack

January 24th 04, 11:21 PM

did you do a GOOGLE search on what it is....come on...be a little
aggressive...do some work on your own.....or have your little sister do
it...

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.561 / Virus Database: 353 - Release Date: 1/13/2004

David Nimon

January 25th 04, 01:01 AM

Did you notice the NAME of this newsgroup??

We were ALL newbies once! Your information was useful to the sender was
useful; your sarcasm wasn't.

--
David Nimon

"Jack" > wrote in message
...
> did you do a GOOGLE search on what it is....come on...be a little
> aggressive...do some work on your own.....or have your little sister do
> it...
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.561 / Virus Database: 353 - Release Date: 1/13/2004
>
>

Wesley Vogel

January 25th 04, 05:01 AM

David;
Did you happen to notice that the OP hasn't been
heard from since the original post on 1/19/2004?

Outside of the same post on another NG that I gave
the same reply to.

I DO agree with you about the sarcasm.

You're most definitely right, we were all newbies once. :o)
Keep having fun.

--
Hope this helps. Let us know.
Wes

In ,
David Nimon > hunted and pecked:
> Did you notice the NAME of this newsgroup??
>
> We were ALL newbies once! Your information was useful to the sender was
> useful; your sarcasm wasn't.
>
> --
> David Nimon
>
> "Jack" > wrote in message
> ...
> > did you do a GOOGLE search on what it is....come on...be a little
> > aggressive...do some work on your own.....or have your little sister do
> > it...
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.561 / Virus Database: 353 - Release Date: 1/13/2004