vmiprvse.exe is running my processor at 100%  csrss will not shut down

Posted on 2007-10-10
Last Modified: 2013-12-10
I have an XXXXP pro sp2 fully patched machine (on a domain) that is running at 100% due to vmiprvse.exe and spoolsvc?.  I can not disable it becasue it is a network service and keeps coming back.  I do not have ran scans for viruses and malware to no avail.  Every solution I find points me to server 2003 and I am having the problem with an XP machine.

If I can add one more issue I am having an error box pop up involving csrss.exe and I can not shut it down either.

I ran chkdsk/f and it is still running at an incredible speed, always 100%.

Any solutions will be appreciated
Question by:solonyinc
    LVL 65

    Expert Comment

    the genuine windows processes are wmiprvse.exe and spoolsv.exe
    the ones which you have listed above can be related to trojans/worms/viruses

    Please run this online virus scanner

    if still the problem persisits, download hijackthis

    scan and save a log file, post the log here
    LVL 9

    Expert Comment

    here's a test i want u to try.
    go to start-->run--services.msc

    find the "print spooler" service and stop it. Does that bring any relief?
    for wmiprvse, go to the command prompt try the following steps

    cd %windir%\system32\wbem
    for /f %s in ('dir /b *.dll') do regsvr32 /s %s
    wmiprvse /regserver
    winmgmt /regserver

    and then reboot the machine.

    Hope this helps!
    LVL 63

    Expert Comment

    See the list below, and run at least the Hijackthis program.

    malware - Leetutor list
    Have you tried running virus scans and spyware scans  This could be a problem with viruses/trojans/spyware or other malware. Some free online virus scanners:

    Also try these free programs to rid your system of spyware, trojans, and other malware:
    Spybot - Search & Destroy
    LavaSoft Ad-aware  

    I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.

    Another very good freeware program for ridding yourself of spyware is this:

    You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:

    HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

    You should first post the log at this site:

    and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

    If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  right above the Analyze button you will see this message: "The following analyses has been stored temporarily", and there will be a link where the analysis file will be saved (for a period of three days). Click on it and then copy the link of that page from the address bar of your browser and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

    In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:
    HijackThis Quick Start

    I hope this helps !

    Author Comment

    Thanks everyone.  So far I ran the housecall colutioin and it did detect something and my processor suddenly slowed down dramatically but the scan did not finish becasue I got some dirty power and my UPS shut down my machine. :-(

    I am going to delpoy the other solutions as well asn wee where it takes me.  Thanks to all and I will get back to everyone and let you know what happened.  The microsoft technical community could no thelp me but I got an answer here in 5 minutes.  This seems to be well worth the investment.

    I am always looking for solutions for my company and for my customers so I'll be back.
    LVL 65

    Expert Comment


    Author Comment

    Here is the file from HiJackThis.  I have beene running housecall ALL day and it is not done yet.  About 6 hours so far.  Suddenly I can not access the task manager to see what the performance is.  I get an error saying "the administrator disabled taskmanager" but that ain't so.

    I am gonna try other solutions as well.  This computer is runnig VERY sluggish.
    2GB memory and a pentium 4 processor
    LVL 22

    Expert Comment

    Have you tried safe mode.
    LVL 65

    Expert Comment

    yeps, run the scan under safemdoe with networking if you can access insternet from there

    Author Comment

    Thanks yall.  That is exactly what I am doing right now

    Author Comment

    My fellow colleagues:

    I went to the services comsole and stopped the "Windows  Management Instrumentation" service and my processor is now running at 25% maximum.  Maybe this is it and maybe it ain't.  I will keep everyone abreast but I KNOW I need to reformat.  it has been over a 2 years.

    BTW I tried the housecall.trendmisro solution and it did not run becasue the processor was so busy.  I went into safe mode with networking and ran it and it DID find monitoring cookies and  atrojan.  It did NOT auto delete/clean the file but it gave me a clue as I deleted the infected files manually.  Superspy sotware found different cookies to delete but that was about it.  I am not touching registry cleaner due to a really bad experience I had so I will not thouch them.

    I will keep you posted. I hope I found my solution!
    LVL 9

    Expert Comment

    good! i dont trust reg cleaners too :)
    LVL 1

    Accepted Solution

    PAQed with points refunded (500)

    EE Admin

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    Title # Comments Views Activity
    Valere unit 6 46
    IBM X3650 M3 - Status light 6 35
    COM Port 37 55
    question about DDR3 memory in a DELL Inspiron 2 34
    I have purchased two new systems and both are now Universal Extensible Firmware Interface (UEFI) based. UEFI is replacing BIOS for the desktop PC. It is a Linux based firmware with enough robustness it can communicate with a website without loading …
    I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now