I've been having this issue with several processes, starting with svchost (seemed to be related to the ReadyBoost service) and now with WmiPrvSE.exe too. The process starts up and is fine for a few minutes. At that point, a thread in the process spins up to 50% CPU usage (dual core CPU). The thread's entry point is ntdll.dll!RtlRegisterThreadWithCsrss+0x197. There is a second thread in all cases at ntdl.dll!RtlIsCriticalSectionLockedByThread+0x9a9 which uses around 1.5% CPU time, but may be related to the issue. Since I've seen this exact issue twice in two separate processes, I'm suspecting this is a problem with a particular common component and not a specific service. There are peaks and troughs in activity. The RtlRegisterThreadWithCsrss thread runs at 50% for 5 seconds, then 0% for 1 second, then 50% for 8 seconds, then 0% for another 1 second. For the 5 minutes I observed, this pattern continued without fail. My temporary solution has been to suspend the offending thread so that the process doesn't die but the CPU time problem goes away. Killing the thread causes the process to die after 15 to 20 seconds and then restart. Here's the stack of the offending thread: ntoskrnl.exe!KeSetEvent+0x2a1 ntoskrnl.exe!ExfAcquirePushLockExclusive+0x1b7 ntoskrnl.exe!NtQuerySecurityObject+0x723 ntoskrnl.exe!KiDeliverApc+0x111 ntoskrnl.exe!KeRemoveQueueEx+0x9a0 ntoskrnl.exe!KeDelayExecutionThread+0x5cc ntoskrnl.exe!KeWaitForMutexObject+0x393 ntoskrnl.exe!KeQueryHighestNodeNumber+0x264 halmacpi.dll!KfRaiseIrql+0xcb halmacpi.dll!KeRaiseIrqlToSynchLevel+0x8f halmacpi.dll!HalEndSystemInterrupt+0x67 halmacpi.dll!HalInitializeProcessor+0xae8 ntdll.dll!RtlFreeHeap+0x75 KERNELBASE.dll!LocalFree+0x2b msi.dll!MsiGetComponentPathW+0x640 msi.dll!MsiEnumProductsW+0x1b97 msi.dll!MsiEnumProductsW+0x1c4a msi.dll!MsiEnumProductsW+0x2413 msi.dll!MsiEnumProductsW+0x23ea msi.dll!MsiLoadStringW+0x2b89 msi.dll!MsiLoadStringW+0x2ac3 msi.dll!MsiLoadStringW+0x2c72 msi.dll!MsiGetProductCodeW+0x1137 msi.dll!MsiGetProductCodeW+0x157d5 msi.dll!MsiSetOfflineContextW+0x8f252 msi.dll!MsiSetOfflineContextW+0x8feed msi.dll!MsiSetOfflineContextW+0x82f21 msi.dll!MsiGetProductCodeW+0x5759f msi.dll!MsiProvideQualifiedComponentW+0x32dd msi.dll!MsiGetProductCodeW+0x70c16 msi.dll!MsiSetOfflineContextW+0x713e5 msi.dll!MsiSourceListEnumMediaDisksA+0x5f4 msi.dll!MsiSourceListEnumMediaDisksA+0x819 msi.dll!MsiOpenPackageExA+0x50 msi.dll!MsiOpenPackageA+0x4b msi.dll!MsiOpenProductW+0xd2 msiprov.dll+0x9a77 msiprov.dll!DllUnregisterServer+0x4b18 msiprov.dll!DllUnregisterServer+0x4c48 msiprov.dll!DllUnregisterServer+0x4d12 msiprov.dll!DllUnregisterServer+0x4db3 msiprov.dll!DllUnregisterServer+0xb88c msiprov.dll!DllUnregisterServer+0x3c84 msiprov.dll+0xaf5d wmiprvse.exe+0x14f3e wmiprvse.exe+0x14dab RPCRT4.dll!NdrServerInitialize+0x3a5 RPCRT4.dll!NdrStubCall2+0x22f ole32.dll!WdtpInterfacePointer_UserUnmarshal+0x2541 FastProx.dll!CUntypedArray::TranslateToNewHeap+0x10d ole32.dll!WdtpInterfacePointer_UserUnmarshal+0x25d1 ole32.dll!WdtpInterfacePointer_UserUnmarshal+0x2b2a ole32.dll!CoRevokeInitializeSpy+0x9f82 ole32.dll!CoRevokeInitializeSpy+0x9e77 ole32.dll!StgGetIFillLockBytesOnFile+0x17424 ole32.dll!WdtpInterfacePointer_UserUnmarshal+0x28c6 ole32.dll!StgGetIFillLockBytesOnFile+0x17443 RPCRT4.dll!I_RpcExceptionFilter+0x809 RPCRT4.dll!I_RpcExceptionFilter+0x999 RPCRT4.dll!I_RpcExceptionFilter+0x885 RPCRT4.dll!I_RpcBindingInqTransportType+0xb4 RPCRT4.dll!I_RpcExceptionFilter+0xd41 RPCRT4.dll!I_RpcExceptionFilter+0xc63 RPCRT4.dll!I_RpcExceptionFilter+0xc22 RPCRT4.dll!I_RpcExceptionFilter+0xabe RPCRT4.dll!I_RpcExceptionFilter+0xa32 RPCRT4.dll!I_RpcExceptionFilter+0x30e RPCRT4.dll!I_RpcExceptionFilter+0x1a6 RPCRT4.dll!RpcServerUnregisterIf+0x225 ntdll.dll!TpCallbackMayRunLong+0x1cf ntdll.dll!RtlIsTextUnicode+0x496 kernel32.dll!BaseThreadInitThunk+0x12 ntdll.dll!RtlInitializeExceptionChain+0x63 ntdll.dll!RtlInitializeExceptionChain+0x36 Just in case you want my system info: Windows 7 Home Premium 32-bit, Intel T4300 2.1GHz, 3GB RAM. Build: 7600.16617.x86fre.win7_gdr.100618-1621 Hopefully one of you can help me solve this issue :] P.S: You can download a small dump file of the process from http://www.sendspace.com/file/j67mb9

Hi, please make a xperf trace [1] to diagnostic the high CPU usage. Please upload the etl file to your SkyDrive [2] and post a link here. I'll take a look at it, maybe I can see more details. André [1] http://www.msfn.org/board/index.php?showtopic=140264 [2] http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/4fc10639-02db-4665-993a-08d865088d65"A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/

I've not used xperf before but I followed a tutorial on MSDN to do it, so I hope I've done it right. The process in question is WmiPrvSE (pID 6460) and the thread ID is 3544. Here's the trace: http://www.sendspace.com/file/kzwmeh This is the article I used: http://blogs.msdn.com/b/pigscanfly/archive/2008/02/16/using-xperf-to-take-a-trace.aspx If you need me to change the flags I used or run a longer trace, let me know.

run a new trace with the command I wrote in my guide."A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/

Ah, sorry, didn't notice that link. Updated: http://www.sendspace.com/file/4lj9rc

The shows me that the process reads MSI files from the Installer folder: What are you doing? Are you installing new software?"A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/

No. I've not installed anything since boot. I did, however, use the WMI Object Explorer. That still leaves me confused - why would the Windows Management Instrumentation process be installing anything? It seems rather unusual to say the least. And why would installing files cause RtlRegisterThreadWithCsrss to spin infinitely? Killing the process just brings it back, so that's not a solution. Update: I checked the MSI files, they all seem to have something to do with Microsoft Office. I've not used Office in months, and this just serves to confuse me further - why the ____ would the Windows Management Instrumentation be installing MS Office or updates to it? :s

You can run Process Monitor to see what the msiexec.exe/WmiPrvSE.exe is doing."A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/