XP PROGRAM HANGS AND FREEZES AFTER INSTALLING SP

G

Guest

The XOFTSPY program found this file and identified it as a worm threat that
should be removed but after I do the removal my Windows Event Viewer shows
that the file is protected and restored by Windows because to remove it would
compromise system stability. My question is: Is this a legitimate Windows XP
file that is mis-identified as a threat by XOFTSPY program or is it a WORM
that truly has infected my computer?

C:\WINDOWS\system32\wbem\winmgmt.exe
Type: WORM

Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64002
Date: 10/24/2004
Time: 1:25:42 PM
User: N/A
Computer: I
Description:
File replacement was attempted on the protected system file
c:\windows\system32\wbem\winmgmt.exe. This file was restored to the original
version to maintain system stability. The file version of the system file is
5.1.2600.0.

I am also getting a lot of system temporary hangs and lockups and
afterwards one or more of these messages appear as an error in Windows Event
Viewer. I do not have any parallel port devices on my computer at all.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/22/2004
Time: 11:46:40 PM
User: N/A
Computer:
Description:
The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it
has no enabled devices associated with it.

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 10/21/2004
Time: 2:42:18 AM
User: N/A
Computer:
Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module
unknown, version 0.0.0.0, fault address 0x014433b8.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 30 31 34 fset 014
0050: 34 33 33 62 38 433b8


Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 5603
Date: 10/20/2004
Time: 2:50:11 AM
User:
Computer:
Description:
A provider, Rsop Logging Mode Provider, has been registered in the WMI
namespace, root\RSOP, but did not specify the HostingModel property. This
provider will be run using the LocalSystem account. This account is
privileged and the provider may cause a security violation if it does not
correctly impersonate user requests. Ensure that provider has been reviewed
for security behavior and update the HostingModel property of the provider
registration to an account with the least privileges possible for the
required functionality.

Even more weird is the fact that the computer can be unhanged or unlocked if
I open or close my DVD rom drive tray (TDK 880N). All of my device drivers
are current and Windows System indicates that all devices are configured and
working properly. None of these problems ever occurred before installing
SP2. This is becoming a nightmare as I never know when a program will hang
or the computer will lock up as it is random. Microsoft has no record of
this problem or any solutions offered.
 
J

Jone Doe

henricampo said:
The XOFTSPY program found this file and identified it as a worm threat
that
should be removed but after I do the removal my Windows Event Viewer shows
that the file is protected and restored by Windows because to remove it
would
compromise system stability. My question is: Is this a legitimate Windows
XP
file that is mis-identified as a threat by XOFTSPY program or is it a WORM
that truly has infected my computer?
Click to expand...

winmgmt.exe is a legitimate windows XP program. It should be in
C:\windows\system32\wbem and is 13 KB.
 
R

Ron Bogart

In
henricampo said:
The XOFTSPY program found this file and identified it as a worm
threat that should be removed but after I do the removal my Windows
Event Viewer shows that the file is protected and restored by Windows
because to remove it would compromise system stability. My question
is: Is this a legitimate Windows XP file that is mis-identified as a
threat by XOFTSPY program or is it a WORM that truly has infected my
computer?

C:\WINDOWS\system32\wbem\winmgmt.exe
Type: WORM

Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64002
Date: 10/24/2004
Time: 1:25:42 PM
User: N/A
Computer: I
Description:
File replacement was attempted on the protected system file
c:\windows\system32\wbem\winmgmt.exe. This file was restored to the
original version to maintain system stability. The file version of
the system file is
5.1.2600.0.

I am also getting a lot of system temporary hangs and lockups and
afterwards one or more of these messages appear as an error in
Windows Event Viewer. I do not have any parallel port devices on my
computer at all.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 10/22/2004
Time: 11:46:40 PM
User: N/A
Computer:
Description:
The Parallel port driver service failed to start due to the following
error: The service cannot be started, either because it is disabled
or because it has no enabled devices associated with it.

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 10/21/2004
Time: 2:42:18 AM
User: N/A
Computer:
Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x014433b8.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180
0030: 69 6e 20 75 6e 6b 6e 6f in unkno
0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0
0040: 2e 30 20 61 74 20 6f 66 .0 at of
0048: 66 73 65 74 20 30 31 34 fset 014
0050: 34 33 33 62 38 433b8


Event Type: Warning
Event Source: WinMgmt
Event Category: None
Event ID: 5603
Date: 10/20/2004
Time: 2:50:11 AM
User:
Computer:
Description:
A provider, Rsop Logging Mode Provider, has been registered in the WMI
namespace, root\RSOP, but did not specify the HostingModel property.
This provider will be run using the LocalSystem account. This
account is privileged and the provider may cause a security violation
if it does not correctly impersonate user requests. Ensure that
provider has been reviewed for security behavior and update the
HostingModel property of the provider registration to an account with
the least privileges possible for the required functionality.

Even more weird is the fact that the computer can be unhanged or
unlocked if I open or close my DVD rom drive tray (TDK 880N). All of
my device drivers are current and Windows System indicates that all
devices are configured and working properly. None of these problems
ever occurred before installing SP2. This is becoming a nightmare as
I never know when a program will hang or the computer will lock up as
it is random. Microsoft has no record of this problem or any
solutions offered.
Click to expand...

Dont know why it would be marked as a worm - it is a valid file and should
reside in C:\Windows\System32\WBEM folder
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Getting DEP errors with IE8 and nhl.com 10
drwtsn32.exe errors 0x0001295d 12
Explorer crash - Network connections 1
iExplore.exe faulting everytime it is closed (ntdll.dll) 2
explorer.exe crashes when trying to open mp3 files 0
Windows explorer keeps crashing 5
Faulting application explorer.exe, version 6.0.2900.3156 0
windows error 4

Top