Saw online that the WmiPrvSE.exe could be the culprit and that you should not see more than one running in task manager or it could be a virus if you do. I see 2 different version each running 2 copies simultaneously. (see attached screen cap) Avast has not found a virus and Malware bytes found nothing. I am afraid I am headed for a crash! Could this be a virus or is there some other FIX for this issue?
hey if you want a checkup of your computer go to this guide and attach a frst log plus addation
https://forum.avast.com/index.php?topic=53253.0
could you also provide some more information on what did avast find name of the file?
can you also attach the malwarebyt even if it was empty
second are you running windows server 2008 or windows server 2008 sp 2?
if so i did found some information about it here that could be related to your problem:
This is weird. Well, first Avast has not found any virus, even with a full scan. So nothing there. But I ran a Malwarebytes scan just the other day. However, there is no log for it. There is only a protection log, no mbam scan log. The next scan log is from April. Why would this be?
here are the logs
System looks fairly clean but some adware present:
FIRST >>>>
Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):
Coupon Printer for Windows
Digital Coupon Printer
QponsPrinter 1.0.1
To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.
Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.
SECOND >>>>
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
I ,know what those are. I use them to print coupons. If I remove them I will just have to reinstall them when I try to print them again.
And THEY use “them” to track what you search for and shop for. Your choice …
You could download Process Explorer (from Microsoft / Sysinternals) from here and install it. This would actually show you more details of what is calling / starting processes, etc. You may be able to track down the CPU hog that way.
I knolw it 
I will try that download. thanks!
Can you explain to me what these things do on the fix list? I am considering it.
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
This is a standard OS command to clear the internal DNS cache. If malware has written a bad DNS record here, this is the first place the OS looks to find the IP address to direct HTML traffic to.
cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on
Again, standard OS commands to reset the internal firewall rules to a default state and then make sure that all default network profiles (Public, Private, Work, etc.) are enabled.
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
If malware has changed the IP Security settings at all, these two lines reset the policy to a default state.
CMD: bitsadmin /reset /allusers
BITSAdmin is a command-line tool that you can use to create download or upload jobs and monitor their progress. Some malware will start jobs in this area. Once started, the malware could be removed (bad files deleted) but the BITS job will remain until deleted / cleared.
RemoveProxy: EmptyTemp: Reboot: end
These are standard commands used in FRST. You can read about them here at GeeksToGo - FRST Tutorial.
I include some of these as a “just-in-case” measure as the cleaning / resetting does not harm the system.
OK, I probably totally botched this up, but I am terrified of all those commands in your fixlist. I uninstalled the coupon printers through the programs list. I know that probably doesn’t get rid of all the baggage. So I am going to run FRST again and see if it still shows them. Meanwhile, I neglected to tell you that I get an error message (see attached pic) when I first open the program. Yes, i am right clicking and running as administrator. Could this effect the program’s functionality?
I give up. The coupon things are still showing in FRST. I looked up the commands you listed and I think I understand them. I am no techy at all. But I think i get it. I am just concerned about my current programs not working. I also have not upgraded to Windows 10 (tried it and it completely froze up my system! Had to go back to 8.1) I have updates set for me to choose what to dl & install. Could that be a problem? Here is the latest FRST logs. Do you still want me to run your original fixlist?
The error is just a problem with the registry backup routine that FRST uses; this does not affect the program’s ability to clean your system.
Please run the Fixlist.txt routine I provided previously. It is still valid. Thank you.
ok. here ya go. still shows over 100% cpu usage though.
Here is my CPU usage in resource monitor. Maybe this is normal???
I would say that is not expected but could be correct. Let’s make sure this is not a glitch in MS monitoring somewhere:
Please download Process Explorer from here. Extract all the files in the downloaded ProcessExplorer.zip and then right click on procexp.exe; select Run as Administrator. Once the program loads, go to View > System Information (or press CTRL + I). Does this panel / charts seem to agree with the one from Task Manager?
Well, huh. Looks like it is different with Process Explorer in that it shows system idle as being the big hog, but that is the way it should be, right> I mean I have Firefox, Process Explorer and an Avast Full System Scan open at the same time. What started all this was my laptop would freeze up periodically, particularly for Firefox, and I would have to open Taskmanager to kill it. That’s when I saw the high CPU usage.
Oh and here is what Process explorer is showing.
Well, FireFox was a little resource hungry recently but I believe that was fixed in the latest update.
Let’s see what AdwCleaner finds and then decide from there.
AdwCleaner by Xplode
Download AdwCleaner from here or from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
- [b]Vista/7/8 users:[/b] Right click the [b]AdwCleaner[/b] icon on the desktop, click [b]Run as administrator[/b] and accept the UAC prompt to run AdwCleaner.
You will see the following console:
- Click the [b]Scan[/b] button and wait for the scan to finish.
- After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: [b]Waiting for action. Please uncheck elements you don't want to remove.[/b]
- Click the [b]Clean[/b] button.
- [b]Everything checked[/b] will be deleted.
- When the program has finished cleaning a report appears.
- Once done it will ask to reboot, allow this
- On reboot a log will be produced; please attach that in your next reply. This report is also saved to [b]C:\AdwCleaner\AdwCleaner[C0].txt[/b]
Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here’s Why and Here. You can always Reinstall it.
It came up with a registry entry for ‘distromatic’ I am in a holding pattern here not knowing if I should remove it. Do you know what it is?