Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wmiprvse.exe creates file tzres.dll over and over


  • Please log in to reply
5 replies to this topic

#1 Redjam

Redjam

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 01 December 2011 - 09:01 AM

Hello, I have Windows Vista Home Premium SP2 up to date Windows Update running on a quad core with 4GB of RAM. MS Security Essentials installed.

Problem: Procmon shows wmiprvse.exe performing a CREATE FILE operation on tzres.dll over and over and over, apparently as fast as it can. I do not know how long this situation has been happening. This has some apparent effects, though: one CPU core is constantly occupied with this activity, all the I/O seems to impact the I/O performance, and procmon does nothing but capture these events, which number in the hundreds of thousands very quickly (I could use a filter, I know). Please see below for the Procmon entries in question, and just multiply by 100,000 to get an idea what my procmon looks like every few minutes.

What I have done: searched for the problem and found nothing exactly the same on Vista. Some people have reported the exact same behavior on Windows 2008 server running Windows System Resource Manager (WSRM) but I couldn't correlate that to my installation or issue. Full scan with MS Security Essentials finds nothing. Full scan with Malwarebytes finds nothing. Full scan with Spybot Search and Destroy finds nothing. As I mentioned, I am not sure how long it's been doing this, so unfortunately I couldn't state whether this started with a particular update or install. Thanks for any additional diagnostic or resolving ideas you can provide.

This, over and over and over:
6:39:45.1272851 AM wmiprvse.exe 4020 CreateFile C:\Windows\System32\tzres.dll SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened
6:39:45.1274625 AM wmiprvse.exe 4020 CreateFileMapping C:\Windows\System32\tzres.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY
6:39:45.1274739 AM wmiprvse.exe 4020 QueryStandardInformationFile C:\Windows\System32\tzres.dll SUCCESS AllocationSize: 4,096, EndOfFile: 2,048, NumberOfLinks: 2, DeletePending: False, Directory: False
6:39:45.1274963 AM wmiprvse.exe 4020 CreateFileMapping C:\Windows\System32\tzres.dll SUCCESS SyncType: SyncTypeOther
6:39:45.1275379 AM wmiprvse.exe 4020 CloseFile C:\Windows\System32\tzres.dll SUCCESS

BC AdBot (Login to Remove)

 


#2 willydd3

willydd3

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 07 December 2011 - 07:18 AM

I have the same exact problem and it's driving me crazy! I can't find an answer anywhere. I re-installed Win7 (not a clean install) last night and the problem is still there.

Apparently some people are finding the answer here: http://blogs.msdn.com/b/wmi/archive/2009/05/27/is-wmiprvse-a-real-villain.aspx
I followed the steps provided but it didn't help because the ClientID shows up as 0 and doesn't match anything in the Task Manager.

PLEASE HELP!

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,872 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:10 AM

Posted 07 December 2011 - 08:22 AM

http://social.technet.microsoft.com/Forums/en-US/winserverManagement/thread/0b0d0f2c-3a1b-4959-a557-b44d1612b6bb/ , scroll down to comment by Bill Phillips Jr.

Louis

#4 Redjam

Redjam
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 07 December 2011 - 08:28 AM

Louis, that looks related, except for the part about WSRM, which I already mentioned is not installed on my system. That seems irrelevant to Vista, or to my problem.

Willydd3 I will try that out and reply with any other info it may give me.

#5 willydd3

willydd3

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 07 December 2011 - 09:00 AM

Louis - thank you, but I'm not running WSRM either, unless it's hiding somewhere other than "Install/Uninstall Programs?"

#6 Runningman18

Runningman18

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 11 July 2013 - 11:23 AM

did anyone ever figure this out? Im vista


Edited by Runningman18, 11 July 2013 - 11:24 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users