PDA

View Full Version : Severall instances of wmiprvse.exe starting Up?

Tom772
October 30th, 2005, 05:44 PM
Hi, Today i turned on my PC and ProcessGuard alerted me that ''c:\windows\system32\wbem\wmiadap.exe'', which i disabled as i have never seen this before. Then I went to taskmanager and there were 5 instances of wmiprvse.exe for system and network, so i stoppd them and searched for it on my system. I found it C:\WINDOWS\System32\Wbem and there was a large Prefetch file 116KB(I deleted this one).

I had a look in my event logs and found this;

Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.<--(anybody know waht this means, as i havnt deleted anything lately??)

I did have alook at Event id.net, but there wasnt really anything i found helpful, so i was wondering if any one has any ideas as to what has happened inregards to all the instances of 'Wmiprvse.exe'?

I will be really greatflull for any help and
advice,

Regards

Tom
Tom772
October 30th, 2005, 05:58 PM
Hey again, I was wondering could this having some to do with Rootkit Revealer creating a service while dumping its hive, before scanning. Then not deleting it once it was shut down, so when I next restarted windows this temp service would try to load this service, hench the many extra wmiprvse.exe????

I am not sure but as i have never seen this before, but this is what a friend said it might have been!

Thanks again

T
T772
November 3rd, 2005, 07:59 PM
{QUOTE-> Hi, Today i turned on my PC and ProcessGuard alerted me that ''c:\windows\system32\wbem\wmiadap.exe'', which i disabled as i have never seen this before. Then I went to taskmanager and there were 5 instances of wmiprvse.exe for system and network, so i stoppd them and searched for it on my system. I found it C:\WINDOWS\System32\Wbem and there was a large Prefetch file 116KB(I deleted this one).

I had a look in my event logs and found this;

Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.<--(anybody know waht this means, as i havnt deleted anything lately??)

I did have alook at Event id.net, but there wasnt really anything i found helpful, so i was wondering if any one has any ideas as to what has happened inregards to all the instances of 'Wmiprvse.exe'?

I will be really greatflull for any help and
advice,

Regards

Tom <-QUOTE}
No ideas!! Oh well, not too worried, T