# Solved: What is using most of my CPU capacity? (moved from SW)



## oserdavid (Aug 5, 2006)

My laptop's fan has been working loudly continuously recently. Never stops. Along with this, I sometimes have difficulty shutting down - having to resort to a hard switch-off. And... some icons do not always appear in my system tray (hot hiding unused icons), even though the programs are running (eg F-Prot AV - yes it is running, & HP Imaging Device Functions 8.0)). An svchost.exe process is taking between 95%-99% of CPU although only 5960k RAM. I have a suspicion that HP Imaging Device Functions 8.0 - part of the 'necessary' software/drivers that came with my recently acquired HP Officejet Pro L7780 all-in-one device (fax, scanner, copier, printer) is not initialising properly - since even when it does appear, it always claims to be 'initializing' and tryng to turn it off makes it claim it is turning off - but it never seems to get there.

I've tried reinstalling the suspected offending software, to no avail. Anyone got any ideas, experienced anything similar and resolved their issue?
David


----------



## JohnWill (Oct 19, 2002)

Please post a HijackThis 2.00.2 Log here.


----------



## oserdavid (Aug 5, 2006)

Thanks John - you are truly a glutton for punishment. I will do so when I've got some urgent work out of the way....
David


----------



## JohnWill (Oct 19, 2002)

That's me!


----------



## oserdavid (Aug 5, 2006)

Herewith - as requested - HijackThis log.

At the time of running the scan (and still, now) I had at least 3 normal icons missing from my taskbar - Bluetooth, SuperAntispywarePro, and F-Prot Win 6.x AV. This was after the usual difficult shutdown and fresh restart....

Good luck to us both!!  
David

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:39, on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\P1370Mon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [P1370Mon.exe] C:\WINDOWS\P1370Mon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1186217343875
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.7.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


----------



## JohnWill (Oct 19, 2002)

Nothing really jumps out at me. What happens if you terminate the SVCHOST that is chewing up all the processor time?

If you want to find out what processes are being controlled using this SVCHOST, download Process Explorer, it may help narrow it down.


----------



## oserdavid (Aug 5, 2006)

Thanks John
Shutting down hpqtra08 etc - which I suspected to be the problem, is not helping.

Terminating the Svchost gives me a quiet life(no fan). I'll see if I can find out what is being controlled with it and report back. However, some domestic chores have intervened!! (she who must be obeyed...)
David


----------



## oserdavid (Aug 5, 2006)

Mmm - No clues in the bottom pane of Process Explorer that I can understand. No evidence it relates to my new HP printeretc. But curiously - right clicking and selecting restart on the svchost process duly gives the warning that it may not be able to restart, which it doesn't, so it's now stopped - but apart from quieting the fan, it seems, in its absence, to have allowed HP Digital Imaging Monitor (in system tray) to fully initialize.

What can I do to find out if I really need this particular svchost process? Although I'd rather have it working properly...


----------



## JohnWill (Oct 19, 2002)

I think it's time for a security person to run some more sophisticated scans. 

I'll move this over to the HJT forum.


----------



## oserdavid (Aug 5, 2006)

Don't think it's a security issue. Famous last words - but I think I'm pretty well covered there. Process Explorer, on further perusal, indicates that it's a buggy piece of HP software that is supposed to keep track of where HP devices networked to my computer actually are. Thus if my printer/scanner gets allotted a new IP address, I could lose track of it without this mini-app. I think I'll take that risk. Now all I need to check is how to stop it loading, which I guess I can do via My Computer (right click) - Manage - Services. I'll let you know how I've got(ten - for you Americans) on with that. And let's hope HP discovers they've got a problem with this - 'cos I, for one, have not got the patience to track down a way of reporting bugs back to them...
David


----------



## oserdavid (Aug 5, 2006)

Solved!

Thank you John - you've been an enormous help - simply by pointing me at Process Explorer - and once I'd learnt how to use it I discovered the problem lay with HPSLPSVC32.DLL service with came with my all singing all dancing HP Officejet Pro L7780 All-in-one (ecstatically reviewed in one of the better computer mags - except they forgot to mention how flimsily it is made - and they obviously did not install or if they did - did not notice buggy software - still on the website, exactly same as on the CD ROM). I stopped the service and set it to manual (not sure why I did that rather than disable it, but there you go) and - hey presto - the HP Digital Image Monitor finishes its initialization and all my 'essential' loaded programs show themselves reassuringly in the taskbar. And there is blessed peace and quiet from my processor's cooling fan.

So -all's well once more. Shame about HP's software - it's certainly a nice idea to be able to keep track of your network printer should it be allotted a new IP address by the wireless router - and - hey - they might get it right in a subsequent iteration.

Thanks once more. And if anyone you know happens to know the appropriate URL for reporting bugs to HP - I might just tell them.


----------



## JohnWill (Oct 19, 2002)

Glad you figured it out. Once you see a process chewing up the CPU time, Process Explorer is handy to find out what it really is. 

*You can mark your own threads solved using the thread tools at the top of the page in the upper right corner.©*


----------

