RE: High CPU usage by WMIPRVSE.EXE





"Steve S" wrote:

I'm running XP Pro w/sp2 My computer will lock up/ run real slow. it
will take over 2 hours to shut down after I request a restart ( has taken
over 1o hurs some times). it will run ok from 15 minutes to 3 hours then will
lock up again. Looking at the task manager the program wmiprvse.exe is
using about 100% of the cpu when the system locks up. i have applied the
hotfix to fix the memory leak problem, still have the real slow problem. Is
there a way to find out which program is running in wmiprvse that is causing
the system to run slow? or a way to remove WMI from my computer?


Steve

This can be a memory leak or a printer problem. Did you install any
hardware/software recently?.

Go through these cleaning steps:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Scan for malware from here:
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm

Scan for viruses with an up2date Anti-virus software (full scan).

the legit files for WMi located here:
C:\WINDOWS\system32\wbem\wmiprvse.exe

There a backup copy here
C:\WINDOWS\system32\dllcache
or here:
C:\WINDOWS\ServicePackFiles\i386

The Wmiprvse.exe process may experience a memory leak when WMI services and
RPC services are extensively used in Windows XP with Service Pack 2
http://support.microsoft.com/kb/925623


WMI search:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?query=WMI&cboDiscussionGroup=en_US_4fae9fed-da91-4a2a-9d2b-5dc71973d43c%3Amicrosoft.public.windowsxp.help_and_support%3Aen%3AUS%3A%3A%3A%3A&=Go&dg=microsoft.public.windowsxp.help_and_support&cat=en_US_4fae9fed-da91-4a2a-9d2b-5dc71973d43c&lang=en&cr=US&pt=&catlist=&dglist=&ptlist=&exp=&sloc=en-us
MS:: <Quote>
Stopping and Starting the WMI Service

If you are experiencing problems with the WMI service you might need to
manually stop and restart the service. Before doing so you should enable
WMI’s verbose logging option. This provides additional information in the WMI
error logs that might be useful in diagnosing the problem. To enable verbose
logging using the WMI control, do the following:
1.Open the Computer Management MMC snap-in and expand Services and
Applications.
2.Right-click WMI Control and click Properties.
3.In the WMI Control Properties dialog box, on the Logging tab, select
Verbose (includes extra information for Microsoft troubleshooting) and then
click OK.
Alternatively, you can modify the following registry values:
•Set HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\Logging to 2.
•Set HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\Logging File Max Size
to 4000000.
After enabling verbose logging try stopping the WMI service by typing the
following
Open a run command prompt:
net stop winmgmt

If the net stop command fails you can force the service to stop by typing
this:
winmgmt /kill

Important. If you are running Windows XP or Windows Server 2003 the WMI
service runs inside a process named Svchost; this process contains other
services as well as WMI. Because of that, you should not try to stop
Svchost;
if you succeed, you’ll stop all the other services running in that process
as
well. Instead, use net stop winmgmt or winmgmt /kill in order to stop just
the WMI service.

You can then restart the service by typing the following command:
net start winmgmt

If the service does not restart try rebooting the computer to see if that
corrects the problem.
If it does not, then continue reading.
MS:: </Quote>

"WMI Diagnosis Utility"
http://www.microsoft.com/technet/scriptcenter/topics/help/wmidiag.mspx

Systems that have changed the default Access Control List permissions on the
%windir%\registration directory may experience various problems after you
install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC
http://support.microsoft.com/kb/909444
Also you can download the DiagWMI from here and some good solutions on the
page:
http://windowsxp.mvps.org/repairwmi.htm.

= Open a run command and try to re-register these DLLs:
regsvr32 hnetcfg.dll
regsvr32 netcfgx.dll
regsvr32 netman.dll
regsvr32 atl.dll
regsvr32 netshell.dll
Also try repair the WMI as descriped here:
http://groups.google.com/group/microsoft.public.win32.programmer.wmi/msg/1da6ab3690bc75a0
What Firewall/Anti-Virus you have running on your machine?.
HTH.
Let us know.
nass
---------
http://www.nasstec.co.uk

.