Severall instances of wmiprvse.exe starting Up?

Discussion in 'other software & services' started by Tom772, Oct 30, 2005.

Thread Status:
Not open for further replies.
  1. Tom772

    Tom772 Guest

    Hi, Today i turned on my PC and ProcessGuard alerted me that ''c:\windows\system32\wbem\wmiadap.exe'', which i disabled as i have never seen this before. Then I went to taskmanager and there were 5 instances of wmiprvse.exe for system and network, so i stoppd them and searched for it on my system. I found it C:\WINDOWS\System32\Wbem and there was a large Prefetch file 116KB(I deleted this one).

    I had a look in my event logs and found this;

    Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.<--(anybody know waht this means, as i havnt deleted anything lately??)

    I did have alook at Event id.net, but there wasnt really anything i found helpful, so i was wondering if any one has any ideas as to what has happened inregards to all the instances of 'Wmiprvse.exe'?

    I will be really greatflull for any help and
    advice,

    Regards

    Tom
     
  2. Tom772

    Tom772 Guest

    Hey again, I was wondering could this having some to do with Rootkit Revealer creating a service while dumping its hive, before scanning. Then not deleting it once it was shut down, so when I next restarted windows this temp service would try to load this service, hench the many extra wmiprvse.exeo_O?

    I am not sure but as i have never seen this before, but this is what a friend said it might have been!

    Thanks again

    T
     
  3. T772

    T772 Guest

    No ideas!! Oh well, not too worried, T
     
Loading...
Thread Status:
Not open for further replies.