View Full Version : Laptop Fan and Processor Running All The time

02-09-2004, 11:03 AM
I'm not sure what to do. Using XP Pro. Since the weekend my laptop has the fan running almost all the time and Task Manager shows 100% CPU usage.

I've run Spybot, Adaware, and AVG virus scan. Nothing found. Use Zonealarm but maybe I have allowed a connection I shouldn't. Got svchost running for at least 4 different processes under Processes. Only application open is Opera.

Went to Blackviper.com but got a headache. Can I print the process list somehow from Task Manager? Any suggestions for where to look to see what is making the processor work?


02-09-2004, 11:22 AM
Can you post us a list of items in startup?

Easist way is to crank open spybot,dropkick her into advanced mode,Drop a flying elbow onto the system start-up tab,Then body slam the Export button.....

02-09-2004, 11:32 AM
In the task manager, you can sort processes by %CPU Usage. Do this and it'll tell you what process is churning through your CPU.


02-09-2004, 11:54 AM
Thanks Metla. I always said you were a fine fellow ;)

And Chill, I looked at the processes running but they didn't seem to be using a lot of memory. Mind you, I'm not sure how to read the info........

Located: HK_LM:Run, AVG_CC
command: C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
size: 345661
MD5: a21829ad1ff2db8b77f3d6e42d76b9e1

Located: HK_LM:Run, BrowserBrand
command: C:\Program Files\ONLINE~1\XTRA\brand.exe
file: C:\Program Files\ONLINE~1\XTRA\brand.exe
size: 113408
MD5: 94112e4ec5fac432f4e072bc1ee87560

Located: HK_LM:Run, CARPService
command: carpserv.exe
file: C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: ea3be7f5cdef0fe4df1bf6dbfe7abde0

Located: HK_LM:Run, FastUser
command: C:\WINDOWS\System32\fast.exe
file: C:\WINDOWS\System32\fast.exe
size: 49216
MD5: 1be84e434200cbcc51da6b3aae5f2330

Located: HK_LM:Run, InvalidDelete
command: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KYE\Setup.exe /Delete C:\Program Files\Genius NetScroll+ Mini Traveler Mouse
file: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KYE\Setup.exe
size: 200704
MD5: 1cc3874617c40d447ee5f47e8b2e6443

Located: HK_LM:Run, PreloadApp
command: c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
file: c:\hp\drivers\printers\photosmart\hphprld.exe
size: 36864
MD5: 18575be35bb3312614c035352496f841

Located: HK_LM:Run, QT4HPOT
command: C:\Program Files\HPQ\One-Touch\OneTouch.EXE
file: C:\Program Files\HPQ\One-Touch\OneTouch.EXE
size: 106496
MD5: ccd883f2ca796c3e050457d74dbf4962

Located: HK_LM:Run, srmclean
command: C:\Cpqs\Scom\srmclean.exe
file: C:\Cpqs\Scom\srmclean.exe
size: 36864
MD5: 787b8ad5fef1a68d3ed00e4e393b9d18

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 634880
MD5: 7bc86f172bb5d9cdbdf76495df944242

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 110592
MD5: 36dc858d4f83059ddaf0d885bdbc2734

Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 705808
MD5: a0ce57a58dcc1572374b583837a0fc79

Located: Startup (common), Device Detector 2.lnk
command: C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
file: C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
size: 106496
MD5: eaa708b50b32c9ded8dea839e57d39cf

Located: Startup (common), WordWeb.lnk
command: C:\Program Files\WordWeb\wweb32.exe
file: C:\Program Files\WordWeb\wweb32.exe
size: 18432
MD5: b8fb9aa4191a8bcb3a7cb387bd34cc60

Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~4\Office\OSA9.EXE -b -l
file: C:\PROGRA~1\MICROS~4\Office\OSA9.EXE
size: 65588
MD5: f2020569df0e5cdf0ccedb3406d15cb3

Located: Startup (disabled), Microsoft Works Calendar Reminders (DISABLED)
command: C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.ex e
file: C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.ex e
size: 24633
MD5: 7084b58a098d2f83b304832251a8c6a8

Located: Startup (disabled), WinZip Quick Pick (DISABLED)
command: C:\PROGRA~1\WinZip\WZQKPICK.EXE

02-09-2004, 12:15 PM
CPU Usage... Not memory.... ;-) Have another look. You may have to click it again if it shows the highest-use processes down the bottom, this will make them display up the top :-)

02-09-2004, 12:38 PM
Ok, thanks.

System is the Image

SYSTEM is the User Name

CPU usage is about 94%

Ended the process but it arrived back instantly. ?:|

Susan B
02-09-2004, 02:07 PM
I can't see it in that list you posted but I am wondering if the Indexing service might be the problem? Seems unlikely but you could disable it anyway (Black Viper's site will tell you how to).

If you want to post a list of what is running you can download HijackThis, do a scan with it then click on the Config button down the bottom right then Miscellaneous Tools. On the next page click on "Open process manager" and see what is listed in there.

02-09-2004, 03:08 PM
Thanks Susan. Indexer is off so must be something else.

Here is what Hijackthis found

Logfile of HijackThis v1.98.2
Scan saved at 2:05:51 p.m., on 2/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Opera75\opera.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtP DF.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtP DF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [BrowserBrand] C:\Program Files\ONLINE~1\XTRA\brand.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [InvalidDelete] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KYE\Setup.exe /Delete C:\Program Files\Genius NetScroll+ Mini Traveler Mouse
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {9329D8E0-FDB5-4708-A306-5D8C20FB5984} (AutoDetect.AutoDetectCtrl) - https://secure2.landonline.govt.nz/lol/AutoDetect.CAB

I'm totally bewildered!

02-09-2004, 03:59 PM
Out of desperation, also here is the list provided by Open Process Manager in Hijackthis. The only significant change to my system was at the weekend when I edited the Registry (based on MS advice) to enable my password to be retained in OE. It worked.

Process list saved on 2:59:15 p.m., on 2/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)

[full path to filename] [file version] [company name]
C:\WINDOWS\System32\smss.exe 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\winlogon.exe 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\services.exe 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\system32\lsass.exe 5.1.2600.1106 Microsoft Corporation
C:\WINDOWS\system32\svchost.exe 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\System32\svchost.exe 5.1.2600.0 Microsoft Corporation
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe 5.1.2600.0 Microsoft Corporation
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe GRISOFT s.r.o
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe OLYMPUS Corporation
C:\WINDOWS\system32\HPConfig.exe Hewlett-Packard
C:\WINDOWS\System32\svchost.exe 5.1.2600.0 Microsoft Corporation
C:\WINDOWS\Explorer.EXE 6.0.2800.1221 Microsoft Corporation
C:\WINDOWS\system32\ZoneLabs\vsmon.exe Zone Labs Inc.
C:\WINDOWS\System32\Fast.exe 5.1.3564.0 Microsoft Corporation
C:\Program Files\HPQ\One-Touch\OneTouch.EXE Dritek System Inc.
C:\WINDOWS\System32\fast.exe 5.1.3564.0 Microsoft Corporation
C:\WINDOWS\System32\carpserv.exe Conexant Systems, Inc.
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe GRISOFT s.r.o.
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe Zone Labs Inc.
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe OLYMPUS Corporation.
C:\Program Files\WordWeb\wweb32.exe Antony Lewis
C:\WINDOWS\System32\wuauclt.exe 5.4.3790.2182 Microsoft Corporation
C:\Program Files\Opera75\opera.exe 7.0.3778.0 Opera Software
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe Soeperman Enterprises Ltd.
C:\Program Files\Outlook Express\msimn.exe 6.0.2800.1123 Microsoft Corporation

02-09-2004, 04:06 PM
Havent got a lot of time to do a complete rundown on the data provided,so just as an experiment can u disable everything under start up(via spybot start-up panel) reboot and see if the problem has disapeared?

If it has then re-enable them one by one untill the culpret is identified.

And that xtra browser branding has no need to be run.

Graham L
02-09-2004, 04:26 PM
There's a lot of suspicious stuiff there. "Microsoft Corporation" is notorious for loading packages which are security threats, and they often do it without asking. Some of this malware even loads any time the computer is on, not even connected to the Internet. :D

02-09-2004, 04:36 PM
Hi Winston, have you loaded service pack 2 for XP yet?

02-09-2004, 04:37 PM
D'Oh! Consider my question revoked :)

02-09-2004, 05:38 PM
Not yet Andrew. One problem at a time :D

Thanks Metla. I realise this takes peoples time so I am trying to do what I can myself.

Disabled Startup items using Spybot (I assume the same result through msconfig if I used that?)

No change.

I'll try Diagnostic Startup and see what happens.

Currently I have to force my PC to shutdown by holding the power button down for 10 seconds.

02-09-2004, 05:46 PM
>> Disabled Startup items using Spybot (I assume the
> same result through msconfig if I used that?)

msconfig does indeed do the same thing,i have on occasion had entries in msconfig disapear after being disabled,and as such it wasn't quite so easy to re-enable them.

If you do want to look in msconfig,have a look under the services tab and then click hide all ms services,this will then display services created by other programs (norton for instance drops about seven of them babies in there and doesn't remove them when uninstalled)

Having said all that,i do believe your current problems are futher under the hood then the basic stuff i have just covered.

I presume you have made back-ups of your data,if not then now is a good time to do so.....

02-09-2004, 07:47 PM
That fast.exe if its still in your system isnt part of XP (well its not on mine XP SP2). It maybe spyware as below.


02-09-2004, 07:52 PM
Oops unless u use something like powertoys, which also uses fast.exe by the looks of it.

BUT wouldnt that run from a program folder not system32?

Susan B
02-09-2004, 08:56 PM
> Oops unless u use something like powertoys, which also uses fast.exe by the looks of it.
> BUT wouldnt that run from a program folder not system32?

No, it looks like it belongs in System32. It might pay for Winston to check that he does actually have Fast User Switching enabled though, just in case. If there is only one user on his computer it would be better turned off.

Susan B
02-09-2004, 08:59 PM
> The only significant change to my system was at the weekend when I edited the Registry (based on MS advice) to enable my password to be retained in OE. It worked.

Out of interest, if it were me, I would be be undoing that registry edit to see if it is the cause of your problem.

02-09-2004, 09:14 PM
> C:\Program Files\Citrix\ICA Client\ssonsvr.exe

What's this entry Winston? Are you on a thin client set-up?

02-09-2004, 09:20 PM
Well I did go back to an earlier restore point which undid the change (OE promptly forgot my password) but it is worth another try.

I've now run Spy Sweeper and partly run About Buster. SS did find Coolweb and a couple of other pieces of spyware. But Task Manager still shows "System" using anywhere from 60 - 96% of the CPU.

Searched for "System" but lots of files found and I'm an amateur.

Thanks everyone for your input.

Will now try another restore point.

03-09-2004, 12:10 PM
The saga continues. Last night I lost my sound but it is back this morning.

I notice that the fan seems to be working less some of the time.

When I open Task Manager - Performance, the CPU usage immediately jumps from the bottom of the graph to the top ie 100%. So it must be the task manager which is using the CPU at that moment.

So why is the fan running all the time?

The most telling sign that there is a problem is that the PC will not shutdown. After 5 or 10 minutes I hold down the power button for about 10 seconds and it switches off.

03-09-2004, 12:40 PM
The CPU running at 100% is what will cause the fan to run, the CPU gets very hot under circumstances of high acvtivity. Just like some humans.

My guess is that the PC has recently become aware of the number of hours you actually charge out, and has become very guilty about it, feeling like it really should be actually working on something to justify it?

But, thats only my guess ....

08-09-2004, 07:26 PM
Time for an update.

I've been so distressed by this problem that I can't even summon up a fitting reply to GF!

Sad news. My beloved laptop has to go into an HP hospital (sob). I finally ran a hard drive analysis (an XP feature) and got a "Read test failed. Refer to Warranty"

So I have.

Thanks again for all your help.

01-10-2004, 11:10 AM
Yes! Back in business. HP replaced the HD under warranty and also installed a new CD drive. Now I just have to find my way through the backup of the old HD and reactivate my programs. Not as simple as I thought - it seems I have to reinstall some stuff.

So the good news is the problem was not of my doing. For that I have to thank all the many helpful members of PF1 for advice and good ideas over the past 18 months.

Have a great day y'all. :D