+ Post New Thread
Results 1 to 8 of 8
Windows 7 Thread, Windows 7 - WMIADAP in Technical; Hi guys I'm struggling with a strange problem with Windows 7 on the domain(vanilla 2k8). My machines seem to be ...
  1. #1
    AlexB's Avatar
    Join Date
    Jul 2006
    Location
    Warwickshire
    Posts
    365
    Thank Post
    36
    Thanked 36 Times in 32 Posts
    Rep Power
    23

    Angry Windows 7 - WMIADAP

    Hi guys

    I'm struggling with a strange problem with Windows 7 on the domain(vanilla 2k8). My machines seem to be regularly (a few each week) going 100% on one core for the service calling wmiadap during bootup.

    The only way I can get into the desktop is safemode where the 100% still happens, but I can run process explorer.

    Nothing I seem to try seems to stop this and currently I'm just reimaging to keep these machines running. (I have kept a couple to experiment on).

    The worst part is the randomness... Yesterday I had 2 machines in a room of 30 identical , same OU machines go 100% WMI. I know that after I reimage these 2 machines could still do the same thing, but so could any of the others in the room.

    A few (not complete) software additions...

    Mcafee 8.7 AV
    PCE
    AppV 4.6/4.5
    Office 2k3 (some with 2010 too)
    Adobe CS3


    Any guesses or experience would be welcomed cause I'm banging my head here...

    Cheers

  2. #2

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,696
    Thank Post
    335
    Thanked 515 Times in 483 Posts
    Rep Power
    179
    Stupid question, but where is wmiadap located?

    Is it the "C:Windows\system32\WBEM\WMIADAP.EXE" or another folder? As normally other folders one is a virus disguised.

    Steve

  3. #3
    AlexB's Avatar
    Join Date
    Jul 2006
    Location
    Warwickshire
    Posts
    365
    Thank Post
    36
    Thanked 36 Times in 32 Posts
    Rep Power
    23
    Hi Steve, checking now. Virus has passed my mind, but this has been going on for a few weeks and I'll be seriously miffed if Mcafee has been missing it for that long

  4. #4
    AlexB's Avatar
    Join Date
    Jul 2006
    Location
    Warwickshire
    Posts
    365
    Thank Post
    36
    Thanked 36 Times in 32 Posts
    Rep Power
    23
    It is showing as that location. Although process explorer shows \\? in front of the path which I don't recognise...

  5. #5

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    @AlexB - Are there any errors in the Event Logs?

    Check the wmiadap.log and post here?

    Sukh

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,172
    Thank Post
    868
    Thanked 2,699 Times in 2,288 Posts
    Blog Entries
    11
    Rep Power
    772
    It looks like that process handles cleaning up WMI information, this is expanded by various software and drivers that add performance counters into the WMI subsystem. If one or more of these was behaving badly that might be able to cause a hangup like that. Are you running the latest drivers, BIOS and version of AV?

    You could try looking through the logging information to see if any events are being generated that indicate a corrupt database entry: Tracing WMI Activity (Windows)

    Personally I would be blameing the AV first, so many AV products have weird little issues with modern Windows due to legacy programming that they are still using behind the scenes.

  7. #7
    AlexB's Avatar
    Join Date
    Jul 2006
    Location
    Warwickshire
    Posts
    365
    Thank Post
    36
    Thanked 36 Times in 32 Posts
    Rep Power
    23
    Hi Synack

    The AV is certainly worth a harder look. I am trying to access the wmi trace now

  8. #8
    AlexB's Avatar
    Join Date
    Jul 2006
    Location
    Warwickshire
    Posts
    365
    Thank Post
    36
    Thanked 36 Times in 32 Posts
    Rep Power
    23
    The drivers are reasonably up to date, but not necessarily the latest (new at August, or updated from WSUS). None of our BIOSes have been updated and the AV is 8.7 (8.8 being the latest). All in all that paints a bleak picture for me in terms of ruling out these.

    The WMI trace seems to be recording nothing.... any thoughts?

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 19th March 2012, 08:58 AM
  2. Replies: 1
    Last Post: 28th February 2011, 01:42 PM
  3. Replies: 4
    Last Post: 26th May 2010, 05:29 PM
  4. Replies: 0
    Last Post: 4th September 2009, 12:48 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •