What does registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\ThrottleDrege do?
Solution 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\ThrottleDrege is an undocumented registry value, so you won't find any info about it. Since this is the case, I cannot give you any source for you to confirm this, thus it's entirely up to you to give any credence to it.
ThrottleDrege defines the throttling of the Windows Management Instrumentation internal state refresh, during which events are registered and consequently made available (namely via Common Information Model Object Model). Since the information collected inculdes, but is not limited to, the USB Driver Stack state, the query you see is absolutely normal if you are using a USB connection. The reason you don't see this behavior in your own machine is probably due to the fact that you do not make use of the Windows Management Instrumentation for remote management and your user does and/or their machine is configured to do so.
The default value for ThrottleDrege is 1. In any case, I wouldn't worry about it, since it probably is not the cause you are looking for.
Solution 2
According to Virus Profile: W32/Fujacks.be!2E2621BE4056 it could be a symptom of a W32/Fujacks.be infection.
Virus Characteristics
...
The following registry elements have been changed:
...
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WBEM\CIMOM\THROTTLEDREGE = 1Removal Instructions
Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:
1.Disable System Restore .
2.Update to current engine and DAT files for detection and removal.
3.Run a complete system scan.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
- Please go to the Microsoft Recovery Console and restore a clean MBR.
On windows XP:
- Insert the Windows XP CD into the CD-ROM drive and restart the computer.
- When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
- Select the Windows installation that is compromised and provide the administrator password
- Issue 'fixmbr' command to restore the Master Boot Record
- Follow onscreen instructions
- Reset and remove the CD from CD-ROM drive.
On Windows Vista and 7:
- Insert the Windows CD into the CD-ROM drive and restart the computer.
- Click on "Repair Your Computer"
- When the System Recovery Options dialog comes up, choose the Command Prompt.
- Issue 'bootrec /fixmbr' command to restore the Master Boot Record
- Follow onscreen instructions
- Reset and remove the CD from CD-ROM drive.
Related videos on Youtube
05 : 45
![Fix, Clean And Repair Windows 10/8/7 Registry [Tutorial]](https://i.ytimg.com/vi/QmhvRcHbUKQ/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBgV8PWtT8R_xfc6LaPYynsSs2KnQ)
06 : 10
05 : 49
![How to Take Full Control of Windows Registry Key [Tutorial]](https://i.ytimg.com/vi/G7r_nbCFgUk/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCIIShNwcjo9-DQ7r7WH7_6kUSD0w)
02 : 19
20 : 19
user319647
Updated on September 18, 2022Comments
-
user319647 almost 2 years
What does registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\ThrottleDregedo?
Background to this is that one of our users is experiencing abnormally slow copy of files on his Windows 8 Dell E6230 machine. This problem is intermittent and of course doesn't happen when I'm there.I did capture a Process Monitor trace on his machine while copying a file from a usb key on to his machine. I noticed the appearance of the above registry key being queried straight reading the file on the usb key. I did the same test from my own machine (Windows 8 and E6230) yet I didn't see the above key. Anyone can shed light on that key please, thanks.
-
Psycogeek over 9 yearsI want to know What shows up in the event log? or what is possibly repeated over and over again, in short time intervals, in one of the many event items in the array of event log things? Like you could clear them all, then see if any are going wild. -
user319647 over 9 yearsNothing in Event viewer for Application, System or Setup events. In Procmon, you can see every ten or twenty events explorer.exe reading a bit of the file to be copied. The event straight after the read is the query to the reg key in the title above. The process invoking that is wmiadap.exe which upon further research is a Microsoft utility in one of the System32 subfolders. My understanding of wmi isn't great so hopefully someone could elaborate as well as the registry key above. Thanks
-
-
user319647 over 9 yearsSo I've given an upvote on this as this is driving towards the answer I'm looking for. I wanted to get some elaboration on your answer Ryanka for myself and others who are not familiar with WMI terminology. From some quick research, I see that WMI is about pulling data from a machine about things it might have like its hard disks, processors and so on? I assume that when you say "internal state refresh" this means the frequency with which WMI checks the machine's components like its hard disk, processors, etc? Therefore "ThrottleDrege" would determine how frequently it does it?
-
user319647 over 9 yearsI liked the answer and after-comments and so have awarded the bounty as it has shed light on a registry key that's not even documented. After a bit more testing this key turned out to be a red hearing in the intermittent slow performance issue described earlier and which I'll address seperately. Still, was good to understand more about they key and a bit about WMI.