MagicAndre1981

How to get the cause of high CPU usage by DPC / Interrupt

1,451 posts in this topic

I figured I would save some poor saps still on XP SP3 some time by posting what I just dealt with. Any time I run into some serious issues and find a fix from a web forum I usually register to post my fix and what I did.

I work as a laptop repair tech and through my troubleshooting narrowed down this exact problem to hardware interrupts and DPC's with a donor laptop for a customer.

Long story short, his laptop went the way of the dodo bird and we just so happened to have a nearly identical model in the boneyard. So instead of spending hours troubleshooting his machine (and running up a nice labor bill) I just swapped his drive with his permission. But of course, it was too good to be true and I noticed the lockups. I kind of had an idea it was a hardware issue, I've been doing this since the 98 days so I have a little experience under my belt but I ran his Kapersky and a rootkit tool anyway and found nothing, which is not surprising because it appears to be almost a fresh XP install with only 27-29 processes running in the background.

Unfortunately the poor guy is on an XP machine and NONE of the aformentioned fixes work in XP, unless I missed something. So, here's the rundown, so it turns up in a search engine.

Compaq Presario 2100 2178CL 2178cl

Athlon 2400 mobile, 512 ddr

XP SP3 with updates

I had tried re-installing ALL of the drivers to no avail. I used the ProcessExplorer tool to verify it was a hardware DPC issue of sorts. The old drive that was in this laptop did the exact same thing, and it would freeze every 5 seconds and the interrupt / DPC usage would spike to 18-25%. Through one measure or another, I tried installing the SDK tools mentioned earlier but of course those are for 8, it still wanted me to bump up to .NET framework 4.0, so I did. In the midst of grasping at straws I also did a BIOS flash in Windows from the HP website, rebooted and all seems to be well. So I think it's safe to say one of those things fixed the problem.

Also new friend. I do a bit of case modding and I'll be posting my current project here in a week or so, it's a server case I've cut up and I'm putting in a Xeon dualie.

0

Share this post


Link to post
Share on other sites

the SDK can't be instaleld on XP. Install a 32Bit Win7/8, run SDK there and copy the WPT folder to XP. Run the xperf command and copy the file back to Win7/8 and run the command to generate the TXT file.

0

Share this post


Link to post
Share on other sites

hello,

sorry for my bad english but here it goes...

e recently had a BSOD episode on my laptop when using internet sharing on my windows phone 8. Since then the CPU on my laptop sits at 100%. System process nt kernel 50%, explorer.exe 50% or sometimes System 50% svchost in all it's processes 50%. I have read the instructions on the first page off this thread, made my etl file, used windows performace analyzer and i narrowed it down to ntkrpamp.exe. But i don't have any clue what to do next, there are some functions i believe that are the culprits but i'm not shure.

I almost forgot, there is another process that has a high count but it's marked with a question mark. I had the SPTD driver, but i uninstalled it and then made my tpl file http://www.sendspace.com/file/pcb2k0

Pls MagicAndre can you take a look at the tpl file?

thank you

0

Share this post


Link to post
Share on other sites

you still have a lot of UNKNOWN calls. This is still dynamic code.

It looks like you have enabled driver verifier after you got the BSOD. Disable this.

0

Share this post


Link to post
Share on other sites

thanks andre for the fast reply

i disabled the driver verifier and made a new tpl file, still got the dynamic code software that's using my cpu

here's the tpl file http://www.sendspace.com/file/yrim7t, do you have any idea what king of software uses dynamic code besides daemon tools, and kasperky?

0

Share this post


Link to post
Share on other sites

DPCs are mostly gone, but you still have dynamic code in the SYSTEM process:

post-70718-0-66175500-1359140195_thumb.p

Stop all software until you found the software which causes it.

0

Share this post


Link to post
Share on other sites

sorry but i dont't exactly understand how to do that..... stop procesess in task manager, or using msconfig?

0

Share this post


Link to post
Share on other sites

Hello,

using Windows 8 on a HP z420 with GTX680 GFX. With the help of this Thread I was able to identify which Process filles up one of my CPU Cores with 100% of interrupt handling.

It's the ACPI.sys - but now I don't know how to investigate further and find our why ACPI.sys is eating up one Core of my System ...

Maybe someone here can help me on this? (And what Information do you need for helping me out here?)

Thank you, bye from snowy Austria

Andreas Schnederle-Wagner

0

Share this post


Link to post
Share on other sites

upload the ETL file.

ETL can be downloaded here: www.partynet.at/files/DPC_Interrupt.zip

0

Share this post


Link to post
Share on other sites

upload the ETL file.

ETL can be downloaded here: www.partynet.at/files/DPC_Interrupt.zip

problem solved!

Intel Raid was the source of the problem!

0

Share this post


Link to post
Share on other sites

I know. I saw you are the same user like on Technet. Really wired that this causes the ACPI issue.

0

Share this post


Link to post
Share on other sites

Very cool post MagicAndre !

It helped me a lot .. for me it was NIDS.sys too.

bye

0

Share this post


Link to post
Share on other sites

have you updated the network drivers? Did it fix the issues?

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.