Couple of Problems (WTF Happened to All My CPU?, I'm the Admin and

[anathematized1]

Alright, the first and major problem. Let me tell you first what was happening. Actually, let me tell you my machine.

Machine: Gateway DX4300-03

HDD: 1 TB Hitachi Internal SATA HDD

Graphics Card: ATI Radeon HD 4600 Series, ATI Radeon HD 3200 Graphics (one of these is chipset, by the way, I need to know how to figure out which one is chipset so I can disable that one)

Network Adapters: Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller, Realtek 8185 Extensible 802.11b/g Wireless Device

Processor: AMD Phenom 9750 Quad-core Processor (2.4 GHz)

Total Ram (Virtual and Physical): 8 GB (7.75 Usable)

OS: Windows 7 Home Premium 64-Bit

Alright, now back to the problem. I had never used my wireless networking card before, ever, until a month ago. I was getting an average of one BSOD every day thanks to that stupid card. So, I went into device manager, checked for updates and there were none, so I go to the manufacturer's (Realetk) website and find my card on the site. It's not my exact card but it has the same model number (I guess my card was made specifically for Gateway and whatever). I download the software for the card and I see that the driver is older than the one that I have currently. I click the setup.exe in the folder and everything pops up. Now, before I updated this driver, I thought it a good idea to make a system restore point. So I hit start, type in System Restore in the search and hit enter without even letting it find it first. My CPU fan starts whirring like crazy and everything slows to a crawl. I was like, "what the f***? I know this computer isn't the best in the world, but it shouldn't be having this much trouble right now." I wait for a time and System Restore never pops up and my CPU is still almost maxed out, so I manually go into System Restore and create a restore point, which takes FOREVER. I install the driver, which again, takes FOREVER. I restart my computer. It takes forever to start up.

I look at my Task Manager and my CPU is hovering around 50%. Nothing is running, nothing is loading, my computer is (apparently) idle. I look in the task manager and nothing is really taking up any CPU except System Idle Processes (which is hovering around 50%). So, to rectify the problem, somebody suggested I get my hands on the GeekSquad MRI, which I did. I ran it, and it found some viruses, cleaned them out and deleted one file. No change to the system. Then I thought "duh, why don't I do a system restore to the point just before I f***ed everything up." So I attempt a system restore, to the one just before the one I created. This fails miserably (because it can't restore to that point without the file that MRI deleted).

I started searching for a way to figure out what was causing my high CPU usage when I stumbled upon this, http://www.msfn.org/board/topic/140263-how-to-get-the-cause-of-high-cpu-usage-by-dpc-interrupt/. I followed this word for word. Now I don't know if my command prompt was elevated or not (as all the examples I saw said it started with C:\Windows\system32; yet mine, even though I followed like 20 different directions on how to start an elevated command prompt, still said C:\Users\User ID), but I did it anyway.

The only thing that was really all that high was a file related to the Windows Search function. So I turned that off, restarted the computer. Still the CPU is hovering around 50%.

I don't know what to do. Any ideas?

Second problem.

So I got this folder (it's updates for the MRI), and there is only one account on my computer, my account, which is the administrator. I go to delete this file that I downloaded (through MRI, which saved it to my desktop). Whenever I try to delete it, it says I need special permission from me, the account I am on. I tried renaming the folder (won't let me do that, same thing), I tried changing it so that none of it is read-only (it works, but then when I look at it again, parts of it are read only). I tried changing the sharing options and everything. I can't delete the **** folder. Now if I can't get my computer fixed, I'm going to have to take it into a shop, and I really don't want them seeing that I have that on here. Also, it's a fairly large folder and I want it gone anyway, even though I have a 1 TB HDD, it's about 3/4 full already (and I'm about to install something to it that is almost 100 GB when it comes in the mail - it's all music related stuff (my music, not stolen music)).

[cluberti]

#1 - disable UAC in the control panel while we're troubleshooting (as long as you know your computer is clean, of course - don't want to give any malware or viruses a chance to get worse). Then, gather a trace using xperf and post the contents back (as per that thread).

#2 - Again, even though you're in the Administrators group, you have a filtered token (by default) and you're also not using the local Administrator account (this account is disabled and hidden unless you're in safe mode). You need to go to the permissions of the folder or file, click the Security tab, click the Advanced button, and then click the Owner tab. If you're not the owner, take ownership by clicking the Edit button and selecting your account from the list, click OK (you have to close the properties dialog - you'll get a message pop up telling you so), then go back into the properties of the folder, click the Security tab, click Advanced, click Change Permissions, and add (or edit) your account to have full control (all allow permissions). Make sure the checkbox for "Replace all child object permissions..." is checked, then click OK. You should now be the owner of the folder itself, and any files inside, and have full rights to all of them, including the ability to delete them.

[anathematized1]

#1 - disable UAC in the control panel while we're troubleshooting (as long as you know your computer is clean, of course - don't want to give any malware or viruses a chance to get worse). Then, gather a trace using xperf and post the contents back (as per that thread).

#2 - Again, even though you're in the Administrators group, you have a filtered token (by default) and you're also not using the local Administrator account (this account is disabled and hidden unless you're in safe mode). You need to go to the permissions of the folder or file, click the Security tab, click the Advanced button, and then click the Owner tab. If you're not the owner, take ownership by clicking the Edit button and selecting your account from the list, click OK (you have to close the properties dialog - you'll get a message pop up telling you so), then go back into the properties of the folder, click the Security tab, click Advanced, click Change Permissions, and add (or edit) your account to have full control (all allow permissions). Make sure the checkbox for "Replace all child object permissions..." is checked, then click OK. You should now be the owner of the folder itself, and any files inside, and have full rights to all of them, including the ability to delete them.

1 - Here's the trace. http://www.fileden.com/files/2009/9/22/2582736/trace.ETL

2 - I did everything exactly as you said (two or three times even) and it's still telling me the same thing, that I need permission (from the only account I have on here, the one I'm on now). Whenever I do this, I look and it says I have all permissions except "Special Permissions" and no matter what I do, it won't give me the special permissions.

FML

[cluberti]

#1 - You have an svchost process consuming CPU that appears to be a virus infection (svchost PID 1980). It's loading a binary called rswin_3725.dll, which is not an MS binary but appears to be some sort of Akamai service .dll. That's pretty suspicious, honestly.

#2 - Run the command powershell -command "Get-ChildItem <path to folder> -recurse | Get-Acl | format-table -wrap" (replacing <path to folder> with the actual folder path on your machine) and paste the screen output here.

[anathematized1]

#1 - You have an svchost process consuming CPU that appears to be a virus infection (svchost PID 1980). It's loading a binary called rswin_3725.dll, which is not an MS binary but appears to be some sort of Akamai service .dll. That's pretty suspicious, honestly.

#2 - Run the command powershell -command "Get-ChildItem <path to folder> -recurse | Get-Acl | format-table -wrap" (replacing <path to folder> with the actual folder path on your machine) and paste the screen output here.

1 - How can I find and eliminate this problem - I have Pandacloud Antivirus and it didn't find anything, nor did the MRI scan, though I do trust you on this. I tried to do a search on my computer for that .dll and couldn't find it. Also, how significant is the CPU consumption of this suspected virus infection? Enough to cause my CPU to be running at 50% constantly?

2 -

• Path: Kyle
  
• Owner: BUILTIN\Administrators
  
• Access: NT AUTHORITY\Allow FullControl
  BUILTIN\Users Allow Read AndExecute, Synchronize Everyone Allow ReadAndExecute, Synchronize
  

[cluberti]

#1 - yes, it's possible. Just do a search for that .dll name on Google to get some results. I am going to suggest at this point you scan that system offline, with an offline virus scanner, rather than online, just to be safe.

#2 - So Admins own the folder, SYSTEM has full control, and everyone else has read. It's no wonder you can't delete it!

[anathematized1]

2 - So what do I do about that? Do I need to learn how to be come an 3l337 h4x0rZ and teleport into the computer all Tron style and nuke it?

On a side note, "teleport" wasn't in my dictionary for Mozilla Firefox. Seriously? I can see things like jizz and some other obscure words nobody today has even heard of (except for me, but I masturbate to the dictionary/thesaurus), but not teleport?

I must admit, that made me chuckle.

No, all you have to do is go into the properties of the folder, add your user account (or group) to the permissions list with full control.

[anathematized1]

1 - Still working on this problem. I can't really afford to buy an Antivirus and for some reason, I can't get the updated MRI to boot from the disk (I had to burn it to a DVD-R because the size was 706 MB, just 6 MB too big for a CDR). I have Panda Cloud Antivirus, but for some reason there was an "error" and it couldn't start up. I restarted the computer twice now and it won't start up. I'm going to uninstall and reinstall.

2 - That worked, at least we have one problem solved so far today.

[anathematized1]

Well, I took further action on the main problem with no positive results.

I booted the computer up in safe mode and did a virus scan, which found 11 viruses (non of them in the previously mentioned file) and got rid of them. I also did research into this Akamai (sp?) crap and I can't really find any information on it. However, I know I didn't [knowingly] download it, so while I was still in safe mode, and since it was in the programs list in the control panel, I uninstalled it and then deleted the folder for it that was left behind ("...Program Files (x86)\Common Files\Akamai").

I'm not sure what to do now, short of taking it in to a Geek Squad location or computer repair shop and having them work on it. This however, I cannot afford right now.

Any other suggestions?

EDIT: I lied. When my computer is idling, it hovers between 30-40% usage, as opposed to 50-70%. I'm not sure if this is what was normal for my computer before, but I've just been sitting here playing spider solitaire (with Firefox being the only other thing open, though it's not actually being used) and I noticed that I couldn't hear my CPU fan, so I decided to check the task manager and see. Now on a side note, when I did restart my computer (after being in safe mode) and come back to regular mode, it did take a little longer than normal to boot up. I will keep yous posted about the situation. Before, I wasn't able to run SecondLife at all (yeah, I know, I'm a loser), so tonight when I would normally get on there, I'll see if my machine can run it the way it usually does.

RE EDIT: Yeah, it's still not running like it should be. It's a lot better than before though. A lot of things are having a hard time running though. I have to do some stuff but when I get back, I will do another trace analysis.

Edited July 30, 2010 by anathematized1

[cluberti]

Yes, get an xperf, and run it for a few minutes while the CPU is under load like that. Now that you've cleaned it up, I'd do simple things like defrag the disk to make sure all of that is OK as well before gathering the trace, of course.

Please don't go to geek squad - this is not something they're going to be able to fix for you unless you get really lucky and find a tech who a. knows what he's doing and b. hates himself enough to be working for geek squad. Otherwise, you're going to find a salesman (or woman) in a tie who can boot a CD and run some utilities (most of which you have already done, I believe).

[anathematized1]

I have the new xperf trace file, but it's 1.5 GB in size (I accidentally let xperf run for like, 10-20 minutes...)

So, here it is, split into 200 MB .rar files.

1. http://www.mediafire.com/file/5f5f2ea4z5qj142/Trace_2.part01.rar
   
2. http://www.mediafire.com/file/mm78p02lp5h8om7/Trace_2.part02.rar

The only thing I see that is doing any noticeable damage right now is under System (total almost 10%) and most of that (9%) is ntoskrnl.exe, but I don't know if that's a normal range for that. Another thing interesting of note is the same file (under the next biggest entry, audiodg.exe) is contributing another 5% usage there. I'm not even counting how much it is using under Firefox or anything else that's running. I know this is a Microsoft file from what I've searched, but I don't really know what it does or even what a normal CPU usage range is for it. It is strange though that it's eating up 15% of my CPU's 30% usage (if I am reading this correctly), and that doesn't seem right. Everything else (like Firefox) seems to be in a normal range. I wouldn't think a system file would take up that much CPU (I mean it's more than FF right now).

Am I correct in thinking this, or am I way off base?

Then again, I'm not talking about Idle Processes. I don't exactly know what that means either, but that's eating up like 40-60% of my CPU, most of which is amdppm.sys (like 90% of idle process) and I know that is tied to Windows Search, which an attempted Windows Search is what originally caused this mess (I think). It doesn't make any sense though that this would be it because I disabled it and restarted my computer (though I didn't do an xperf trace with Search disabled) and it didn't run any better. Since I didn't do a trace, I don't know if amdppm.sys was still running or not, which I can try again, but honestly, if I'm wrong about this too, just let me know.

On another note, I didn't defrag the computer before I ran the trace, I didn't think to, but I am going to have the computer defrag when I get back tonight.

Edited July 31, 2010 by anathematized1

[anathematized1]

I also wanted to say that I did have one other problem, but it's only a minor problem, but it would be sweet to fix that too since, well, you guys actually know what you're talking about and can provide real help.

I have a Microsoft Cinecam HD webcam. When I first got it, it worked with everything (Skype, it's own program, Windows Live Messenger, etc). I don't remember when this happened, but now anytime I try to use it with anything, it says "Error, webcam may already be in use." To try and fix this problem, I completely uninstalled the webcam and all it's software and then restarted the computer and reinstalled it (properly). This did not change a thing. I also make sure that any program that could be using the webcam is closed before I attempt to run it. There is ONE thing it works with - Yahoo! Messenger. I found that to be a bit odd.

Also, one more problem. I don't know how to turn my computer off. Whenever I want to turn it off, I just pull the plug out of the wall. How do I turn off my computer!?

[anathematized1]

Actually, I was doing some more research into my problem.

Apparently amdppm.sys is the driver for AMD processors. I thought that if I reinstalled this driver (which seems to be corrupt), then my problem might be solved.

Well I went looking and AMD (and pretty much everyone else) don't have a driver install that works on Windows 7. Hell, they don't even have one for Vista.

Then I decided that I needed to search for the actual driver itself and manually install it (I.E. copy it to the windows\system32 folder and then use the Start > Run to register it. The problem is, I can't even find just that for download!

What am I going to do now?

[dannylill1981]

Actually, I was doing some more research into my problem.

Apparently amdppm.sys is the driver for AMD processors. I thought that if I reinstalled this driver (which seems to be corrupt), then my problem might be solved.

Well I went looking and AMD (and pretty much everyone else) don't have a driver install that works on Windows 7. Hell, they don't even have one for Vista.

Then I decided that I needed to search for the actual driver itself and manually install it (I.E. copy it to the windows\system32 folder and then use the Start > Run to register it. The problem is, I can't even find just that for download!

What am I going to do now?

there is no amd cpu driver for windows 7 or vista its built into the os

[MagicAndre1981]

Well I went looking and AMD (and pretty much everyone else) don't have a driver install that works on Windows 7. Hell, they don't even have one for Vista.

Then I decided that I needed to search for the actual driver itself and manually install it (I.E. copy it to the windows\system32 folder and then use the Start > Run to register it. The problem is, I can't even find just that for download!

starting with Vista, the AMD power management driver is included in Windows. So you can't install a new one.

The trace is incomplete. From what I see is that you have a issue with your USBport driver. Which USB devices do you use? Do you have a nForce chipset?