A
area51
x-no-archive: yes
It seems everyday at 1:22 my XP Pro machine hangs for a few second because
something is starting up. It turned out to be a network service called
Wimprvse.exe. According to Process Explorer it says the following about it:
Process: wmiprvse.exe Pid: 1868
Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
Event \BaseNamedObjects\userenv: User Profile setup event
Event \BaseNamedObjects\crypt32LogoffEvent
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM
File \Device\WMIDataDevice
File \Device\NamedPipe\ntsvcs
File \Device\Tcp
File \Device\Tcp
File \Device\Ip
File \Device\Ip
File \Device\Ip
File \Device\Gpc
File \Device\WMIDataDevice
File
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0
..10.0_x-ww_f7fb5805
File \Device\KsecDD
File C:\WINDOWS\system32
Key HKCR
Key HKLM
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
Key HKU
Key HKU\.DEFAULT
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKCR
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Port \RPC Control\OLE1e
Process wmiprvse.exe(1868)
Section \BaseNamedObjects\__R_000000000007_SMem__
Section \BaseNamedObjects\Wmi Provider Sub System Counters
Thread wmiprvse.exe(1868): 1972
Thread wmiprvse.exe(1868): 1384
Thread wmiprvse.exe(1868): 1964
Thread wmiprvse.exe(1868): 1212
Thread wmiprvse.exe(1868): 1344
Thread wmiprvse.exe(1868): 1344
Thread wmiprvse.exe(1868): 1972
Thread wmiprvse.exe(1868): 1800
Thread wmiprvse.exe(1868): 1280
Thread wmiprvse.exe(1868): 1800
Thread wmiprvse.exe(1868): 1972
Thread wmiprvse.exe(1868): 1384
Thread wmiprvse.exe(1868): 556
Token NT AUTHORITY\NETWORK SERVICE
Token NT AUTHORITY\SYSTEM
Token NT AUTHORITY\SYSTEM
WindowStation \Windows\WindowStations\Service-0x0-3e4$
WindowStation \Windows\WindowStations\Service-0x0-3e4$
What is this? Do I need it? May I disable it? If so, how? The service runs
for about 2 minutes. I have a stand alone PC connected to the internet via
cable modem. Spybot, adaware, and NAV all say my system is clean
Thanks
It seems everyday at 1:22 my XP Pro machine hangs for a few second because
something is starting up. It turned out to be a network service called
Wimprvse.exe. According to Process Explorer it says the following about it:
Process: wmiprvse.exe Pid: 1868
Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
Event \BaseNamedObjects\userenv: User Profile setup event
Event \BaseNamedObjects\crypt32LogoffEvent
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM
File \Device\WMIDataDevice
File \Device\NamedPipe\ntsvcs
File \Device\Tcp
File \Device\Tcp
File \Device\Ip
File \Device\Ip
File \Device\Ip
File \Device\Gpc
File \Device\WMIDataDevice
File
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0
..10.0_x-ww_f7fb5805
File \Device\KsecDD
File C:\WINDOWS\system32
Key HKCR
Key HKLM
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
Key HKU
Key HKU\.DEFAULT
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKCR
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Port \RPC Control\OLE1e
Process wmiprvse.exe(1868)
Section \BaseNamedObjects\__R_000000000007_SMem__
Section \BaseNamedObjects\Wmi Provider Sub System Counters
Thread wmiprvse.exe(1868): 1972
Thread wmiprvse.exe(1868): 1384
Thread wmiprvse.exe(1868): 1964
Thread wmiprvse.exe(1868): 1212
Thread wmiprvse.exe(1868): 1344
Thread wmiprvse.exe(1868): 1344
Thread wmiprvse.exe(1868): 1972
Thread wmiprvse.exe(1868): 1800
Thread wmiprvse.exe(1868): 1280
Thread wmiprvse.exe(1868): 1800
Thread wmiprvse.exe(1868): 1972
Thread wmiprvse.exe(1868): 1384
Thread wmiprvse.exe(1868): 556
Token NT AUTHORITY\NETWORK SERVICE
Token NT AUTHORITY\SYSTEM
Token NT AUTHORITY\SYSTEM
WindowStation \Windows\WindowStations\Service-0x0-3e4$
WindowStation \Windows\WindowStations\Service-0x0-3e4$
What is this? Do I need it? May I disable it? If so, how? The service runs
for about 2 minutes. I have a stand alone PC connected to the internet via
cable modem. Spybot, adaware, and NAV all say my system is clean
Thanks
)