solonyinc
asked on
vmiprvse.exe is running my processor at 100% csrss will not shut down
I have an XXXXP pro sp2 fully patched machine (on a domain) that is running at 100% due to vmiprvse.exe and spoolsvc?. I can not disable it becasue it is a network service and keeps coming back. I do not have ran scans for viruses and malware to no avail. Every solution I find points me to server 2003 and I am having the problem with an XP machine.
If I can add one more issue I am having an error box pop up involving csrss.exe and I can not shut it down either.
I ran chkdsk/f and it is still running at an incredible speed, always 100%.
Any solutions will be appreciated
If I can add one more issue I am having an error box pop up involving csrss.exe and I can not shut it down either.
I ran chkdsk/f and it is still running at an incredible speed, always 100%.
Any solutions will be appreciated
here's a test i want u to try.
go to start-->run--services.msc
find the "print spooler" service and stop it. Does that bring any relief?
for wmiprvse, go to the command prompt try the following steps
cd %windir%\system32\wbem
for /f %s in ('dir /b *.dll') do regsvr32 /s %s
wmiprvse /regserver
winmgmt /regserver
and then reboot the machine.
Hope this helps!
go to start-->run--services.msc
find the "print spooler" service and stop it. Does that bring any relief?
for wmiprvse, go to the command prompt try the following steps
cd %windir%\system32\wbem
for /f %s in ('dir /b *.dll') do regsvr32 /s %s
wmiprvse /regserver
winmgmt /regserver
and then reboot the machine.
Hope this helps!
See the list below, and run at least the Hijackthis program.
malware - Leetutor list
Have you tried running virus scans and spyware scans This could be a problem with viruses/trojans/spyware or other malware. Some free online virus scanners:
http://housecall.antivirus.com
http://www.pcpitstop.com/antivirus/default.asp
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Also try these free programs to rid your system of spyware, trojans, and other malware:
http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Spybot - Search & Destroy
http://download.com.com/3000-2094-10045910.html?legacy=cnet
LavaSoft Ad-aware
I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches. Also make sure to download the most up-to-date data before you run the programs.
Another very good freeware program for ridding yourself of spyware is this:
http://www.superantispyware.com/
SuperAntiSpyware
You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:
http://www.spychecker.com/download/download_hijackthis.html
HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select. You must be careful in choosing what to remove, although the program can create a backup of your original settings. But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself. The program has an option to download online updates of the hijack data.
You should first post the log at this site:
http://www.hijackthis.de/index.php?langselect=english
and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed. You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.
If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this: right above the Analyze button you will see this message: "The following analyses has been stored temporarily", and there will be a link where the analysis file will be saved (for a period of three days). Click on it and then copy the link of that page from the address bar of your browser and paste it here, and experts can check it for you. (Please DON'T post the entire log itself in your question.)
In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:
http://www.tomcoyote.org/hjt/
HijackThis Quick Start
--------
I hope this helps !
malware - Leetutor list
Have you tried running virus scans and spyware scans This could be a problem with viruses/trojans/spyware or other malware. Some free online virus scanners:
http://housecall.antivirus.com
http://www.pcpitstop.com/antivirus/default.asp
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Also try these free programs to rid your system of spyware, trojans, and other malware:
http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Spybot - Search & Destroy
http://download.com.com/3000-2094-10045910.html?legacy=cnet
LavaSoft Ad-aware
I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches. Also make sure to download the most up-to-date data before you run the programs.
Another very good freeware program for ridding yourself of spyware is this:
http://www.superantispyware.com/
SuperAntiSpyware
You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:
http://www.spychecker.com/download/download_hijackthis.html
HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select. You must be careful in choosing what to remove, although the program can create a backup of your original settings. But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself. The program has an option to download online updates of the hijack data.
You should first post the log at this site:
http://www.hijackthis.de/index.php?langselect=english
and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed. You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.
If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this: right above the Analyze button you will see this message: "The following analyses has been stored temporarily", and there will be a link where the analysis file will be saved (for a period of three days). Click on it and then copy the link of that page from the address bar of your browser and paste it here, and experts can check it for you. (Please DON'T post the entire log itself in your question.)
In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:
http://www.tomcoyote.org/hjt/
HijackThis Quick Start
--------
I hope this helps !
ASKER
Thanks everyone. So far I ran the housecall colutioin and it did detect something and my processor suddenly slowed down dramatically but the scan did not finish becasue I got some dirty power and my UPS shut down my machine. :-(
I am going to delpoy the other solutions as well asn wee where it takes me. Thanks to all and I will get back to everyone and let you know what happened. The microsoft technical community could no thelp me but I got an answer here in 5 minutes. This seems to be well worth the investment.
I am always looking for solutions for my company and for my customers so I'll be back.
I am going to delpoy the other solutions as well asn wee where it takes me. Thanks to all and I will get back to everyone and let you know what happened. The microsoft technical community could no thelp me but I got an answer here in 5 minutes. This seems to be well worth the investment.
I am always looking for solutions for my company and for my customers so I'll be back.
:)
ASKER
Here is the file from HiJackThis. I have beene running housecall ALL day and it is not done yet. About 6 hours so far. Suddenly I can not access the task manager to see what the performance is. I get an error saying "the administrator disabled taskmanager" but that ain't so.
I am gonna try other solutions as well. This computer is runnig VERY sluggish.
2GB memory and a pentium 4 processor
I am gonna try other solutions as well. This computer is runnig VERY sluggish.
2GB memory and a pentium 4 processor
Have you tried safe mode.
yeps, run the scan under safemdoe with networking if you can access insternet from there
ASKER
Thanks yall. That is exactly what I am doing right now
ASKER
My fellow colleagues:
I went to the services comsole and stopped the "Windows Management Instrumentation" service and my processor is now running at 25% maximum. Maybe this is it and maybe it ain't. I will keep everyone abreast but I KNOW I need to reformat. it has been over a 2 years.
BTW I tried the housecall.trendmisro solution and it did not run becasue the processor was so busy. I went into safe mode with networking and ran it and it DID find monitoring cookies and atrojan. It did NOT auto delete/clean the file but it gave me a clue as I deleted the infected files manually. Superspy sotware found different cookies to delete but that was about it. I am not touching registry cleaner due to a really bad experience I had so I will not thouch them.
I will keep you posted. I hope I found my solution!
I went to the services comsole and stopped the "Windows Management Instrumentation" service and my processor is now running at 25% maximum. Maybe this is it and maybe it ain't. I will keep everyone abreast but I KNOW I need to reformat. it has been over a 2 years.
BTW I tried the housecall.trendmisro solution and it did not run becasue the processor was so busy. I went into safe mode with networking and ran it and it DID find monitoring cookies and atrojan. It did NOT auto delete/clean the file but it gave me a clue as I deleted the infected files manually. Superspy sotware found different cookies to delete but that was about it. I am not touching registry cleaner due to a really bad experience I had so I will not thouch them.
I will keep you posted. I hope I found my solution!
good! i dont trust reg cleaners too :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
the ones which you have listed above can be related to trojans/worms/viruses
Please run this online virus scanner
http://housecall.trendmicro.com/
if still the problem persisits, download hijackthis
http://www.softpedia.com/get/Antivirus/Trend-Micro-HijackThis.shtml
scan and save a log file, post the log here