Thread: Filemon Windowx XP System32 WBEM wmiprov & wbemess log
View Single Post
  #2  
Old 01-05-2006, 02:36 AM
Tom Quan
 
Posts: n/a
Default Re: Filemon Windowx XP System32 WBEM wmiprov & wbemess log
> In summary, do you have insight into why filemon report thousands upon
> thousands of access to wmiprov.log and why these logs contain these errors?

If it helps us get to the bottom of this, here is the filemon log showing
constant and repetitive access to wmiprov.log yet not showing SUCCESS even
though the content of the logs seem to show constant failure (as noted).

5 10:20:08 AM wmiprvse.exe:1660 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\wbem\Logs\wmiprov.log SUCCESS Length: 9225

6 10:20:08 AM wmiprvse.exe:1660 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\wbem\Logs\wmiprov.log SUCCESS Length: 9225

7 10:20:08 AM wmiprvse.exe:1660 IRP_MJ_WRITE
C:\WINDOWS\system32\wbem\Logs\wmiprov.log SUCCESS Offset: 9225 Length: 78

8 10:20:08 AM wmiprvse.exe:1660 IRP_MJ_CLEANUP
C:\WINDOWS\system32\wbem\Logs\wmiprov.log SUCCESS

9 10:20:08 AM wmiprvse.exe:1660 IRP_MJ_CLOSE
C:\WINDOWS\system32\wbem\Logs\wmiprov.log SUCCESS

10 10:20:08 AM wmiprvse.exe:1660 IRP_MJ_CREATE
C:\WINDOWS\system32\WBEM\Logs\wmiprov.log SUCCESS Options: OpenIf Access:
All

11 10:20:08 AM wmiprvse.exe:1660 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\WBEM\Logs\wmiprov.log SUCCESS Length: 9303

12 10:20:08 AM wmiprvse.exe:1660 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\WBEM\Logs\wmiprov.log SUCCESS Length: 9303

13 10:20:08 AM wmiprvse.exe:1660 IRP_MJ_WRITE
C:\WINDOWS\system32\WBEM\Logs\wmiprov.log SUCCESS Offset: 9303 Length: 89

14 10:20:08 AM wmiprvse.exe:1660 IRP_MJ_CLEANUP
C:\WINDOWS\system32\WBEM\Logs\wmiprov.log SUCCESS

15 10:20:08 AM wmiprvse.exe:1660 IRP_MJ_CLOSE
C:\WINDOWS\system32\WBEM\Logs\wmiprov.log SUCCESS

16 10:20:08 AM wmiprvse.exe:1660 IRP_MJ_CREATE
C:\WINDOWS\system32\WBEM\Logs\wmiprov.log SUCCESS Options: OpenIf Access:
All
17 10:20:08 AM wmiprvse.exe:1660 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\WBEM\Logs\wmiprov.log SUCCESS Length: 9392

18 10:20:08 AM wmiprvse.exe:1660 FASTIO_QUERY_STANDARD_INFO
C:\WINDOWS\system32\WBEM\Logs\wmiprov.log SUCCESS Length: 9392

19 10:20:08 AM wmiprvse.exe:1660 IRP_MJ_WRITE
C:\WINDOWS\system32\WBEM\Logs\wmiprov.log SUCCESS Offset: 9392 Length: 39

20 10:20:08 AM wmiprvse.exe:1660 IRP_MJ_CLEANUP
C:\WINDOWS\system32\WBEM\Logs\wmiprov.log SUCCESS

21 10:20:08 AM wmiprvse.exe:1660 IRP_MJ_CLOSE
C:\WINDOWS\system32\WBEM\Logs\wmiprov.log SUCCESS
Reply With Quote