WmiPrvSE.exe what the heck is it doing

Thanks Alex I've already seen it. It doesn't help me or apply to my situation. I already tried restarting WmiPrvSE.exe and it did nothing it did not "restart the services in order" the way RED said it would. All that happened is WmiPrvSE.exe just restarted and continued reading Something nonstop while utilizing about 12% cpu cycles. I even tried killing the process in task manager but again it just restarts itself and continues reading away. Something.

Some new information I've found out is that my 4770K machine also runs at 25% CPU usage at boot it does so until svchost is finished whatever it does at boot and WmiPrvSE also stops soon after boot. At this point the CPU utilization drops to 2-3%. However on my 3770K WmiPrvSE does not stop utilizing 10-12 % CPU utilization. What it appears to be doing is READING. I have no idea what it is reading and I don't know how to figure out what is being read. There are 18 Hard Drives available to both of these systems so I have no idea what is being accessed or even which drive is being read from (I would REALLY like to know this). Before I rebooted the 3770K last WmiPrvSE had read 130GB of data from somewhere in the hour and a half it was running. It never stopped reading. It was reading something from the time the system came online till it was rebooted. This is where the behavior of my 2 systems diverges. On the 4770K WmiPrvSE.exe does not engage in this constant reading behavior. It reads maybe 4GB and then stops this reading behavior. Does anyone know of an app that will let me find out what WmiPrvSE is reading. It seems like a virus like behavior because SOMETHING is reading all this information and I'm pretty sure it's not windows since the 4770K is not doing that and like I said the software configuration of the machines is very close to identical. I don't know how it could be a virus though since Norton 360 and malwarebytes find nothing so I have no idea how to explain the behavior of WmiPrvSE.exe. Anyone ever seen anything like this?

I rebooted the machine between each of these steps. I tried removing all of the drives the 3770K has access to except the boot drive but WmiPrvSE is still reading information from somewhere so I can assume it is the SSD that windows is on and not the drives that I disconnected. I then disconnected the network including the internet and the reading activity no longer occured. I reconnected some of the local drives to the machine and still the reading activity did not occur. I reconnected the network and blocked WmiPrvSE from accessing the internet via my firewall but the reading activity still occurs when it is connected to the network so it appears that someone is not accessing my information via WmiPrvSE which is what it looked like when no activity occured when the machine was disconnected from the internet. I then tried disconnecting JUST my other machine but the reading activity still occurs. I tried the steps listed in the second link you provided closing each non microsoft service to see if the reading activity was caused by a 3rd party startup but the reading activity did not stop even after stopping all non MS startup processes. I also checked the size of the WmiPrvSE file against my other machine that doesn't have the problem and it is the exact file size so in addition to the norton 360 scan and the malwarebytes scan I verified it is not likely a virus.

So I'm stumped.

The reading activity is related to being connected to the internet but WmiPrvSE should not be able to send information across the internet since it's blocked from accessing anything outside my machine by a firewall rule. BTW once WmiPrvSE starts this reading activity it continues even if I then disconnect it from the internet. The activity is only prevented if there is no internet available when the machine boots up.

lol I have no idea what starts the reading activity but it is only started if there is internet available when the system boots up even though WmiPrvSE is blocked from accessing the internet.....

The only way I'm going to be able to figure this out is if someone knows an app that I can use to find out what is being read. I thought process explorer would be able to do this but I can't find it there.

So you're never going to believe what the issue was. It was Speccy itself. The very tool I was using to try to get to the bottom of the issue I was dealing with which initially was the fact that my 3770K CPU was overheating which turned out to be a dead pump on the Corsair H80 water cooler and then I just started to notice the temps of my CPU which I never really paid any attention to. It turned out that the temps I thought were excessively high are the same temps my 4770K exhibits on bootup with the same CPU load. 60 degrees Celsius at 25% CPU load. Which seems high to me but I guess not.

Anyway I killed Speccy and restarted it a bunch of times just to make sure and it's definately Speccy. When I saw this morning that WmnPrvSE.exe had read over 550GB overnight I thought something is majorly wrong here and now I find out it was nothing. But what I don't understand is that Speccy does not do that on my 4770K machine at all. There's no special settings in Speccy that could cause this and I'm running Windows 7 Ultimate on both machines and as I mentioned they are essentially mirror images of each other software wise. So I have no idea what the difference is but it's definitely a load off my mind to know the cause of the weird behavior.

Thanks Hellfire for your help I appreciate you taking the time to help a total stranger it says a lot about you. Have a great day.

If it was a rootkit it would be effecting both of my systems because they were both installed with the same download so I'm pretty sure that's not the case. I think I will try uninstalling it and reinstalling it though just to try something since it is such a weird issue. I don't download my software from anyplace sketchy so I'm certain it's not a virus anyway. Thanks for the suggestion.

So I just downloaded the latest version (v1.29 instead of v1.28.709) right from the Piriform site and after installation I'm running it and sure enough The bloody reading behavior is present. So it's using 10-12% of my CPU cycles adding an extra 10 degrees to my CPU and since the behavior is nonstop this heat and CPU drain is also nonstop. It's so weird I've never seen anything like it actually. I really wish I know what the heck it's doing. I think I'm going to send an email to Piriform and ask them what's up maybe they can provide some insight into their app's behavior.

Not really I am using it for temperatures actually neither of the windows tools you mentioned are useful for that. Any suggestions as to a good alternate for monitoring temperatures for all the system components?