I wrote most of my book on a little Dell Inspiron 700m, carrying it in my backpack all over creation. It’s a lightweight little thing with a great screen and 5 hours of run time on the extended battery. Delayed flights, no problem. Writing on the patio, no problem.

Sweet.

But sometimes when I’m pursuing a life outside the office, it spins into overdrive, cranking the disk and fan up into a frenzy. And when I return, the CPU Usage is pegged at 100%.

What the heck is it doing, I wonder? Is it more productive than *I* am? Well, could be when I’m surfing icanhascheezburger, but when I look away it may be stuck on the home shopping channel.

Does your computer misbehave behind your back? Today I decided see where my computer wanders, using a little deduction and some pretty simple tools.

Initial Admonition

For some problems, rushing to the internet can be profitable. If you can figure out the right search string. So, I’m not going to tell you what to type into Google to solve this problem. I’m actually going to ask you to think about the symptoms and learn a little bit. Trust me, you’ll not only fix this problem, but you’ll be armed with some neat tools and techniques to solve other problems as well.

(I know you wanna ask….svchost.exe. Root of evilness as it is. But what’s really going on?)

The Symptoms

The first step - you know - is to make a list of ALL the symptoms, even stuff that might not seem related.

  1. I am away from the computer. I hear the fan start running, or run louder/longer than normally. “Normally” means when I am actively using the computer - typing, driving the mouse. You know.
  2. When I return to the computer, I check the Task Manager (which is always running on my machine) and see that the CPU Usage History has been pegged at 100% for ages…
  3. …and it seems the computer has kept one eye out for my return, because at the very moment I touch the damn thing, CPU Usage immediately drops from 100% to something like 4%. And hovers there innocently as I scan the Process list to find the culprit. I’ve managed to grab the 100% shot. But the bad bad process has already made it’s grand escape.
  4. Finally (and a consequence of #1 above), the computer is very warm to the touch. (If the temperature is related to our current problem, then fixing this may also fix (for me) this mammal-induced thermal problem (but not the 4-leggers) as well.)

How do people debug problems like this?

The answer to this problem (and a zillion others) is on the internet. In several places. If you can figure out just the right search string, Google will Take You There. My problem here is rather common, with a handful of possible (real) solutions.

But, you protest, let’s search first anyway.

Okay….how about “CPU 100%.”

Top searches suggest a virus, antivirus software, firewall software, and “keyboard issues,” or explain what Task Manager is and that the System Idle Process is supposed to be around 99%.”

Hey - the explaining-the-Task-Manager info is decent. But the other stuff……

This is a perfect example if the wrong way to approach this:

Go to start>run>msconfig>startup>and uncheck everything. then reboot and see if it happens. you probably got allota adware and spyware on that comp from many years of internet usage.

Many folks, somewhat overwhelmed, may actually try this. After all, they think, these folks on the internet seem like experts. (Here’s a hint - avoid advice by people who believe capitalization, grammar, and complete words and sentences are optional.)

This debugging logic saddens me (and also scares the crap out of me). Please, if you start making changes, make sure the advice at least seems logical! (AND BACKUP STUFF FIRST. AND WRITE DOWN WHAT YOU “UNCHECK” OR CHANGE FIRST! Taking pre-alteration screen shots is particularly effective.)

Yeeesh. And another winner -

The main cause I have found is actually a problem with the way explorer handles avi files! Let me explain a bit, it you have an incomplete avi file, or a damaged avi file, explorer will read it frame by frame to determine it’s properties (such as video size, length etc..)

You can confirm this by starting the task manager next time it happens, I know it will takes ages to open but be patient! if you see that explorer.exe is the process using all your CPU do the following:

1. Open up regedit
2. Goto HKEY_CLASSES_ROOT\SystemFileAssociations\.avi\shellex\PropertyHandler
3. Delete the “Default” value which should be “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”

After restarting the problem should be solved. **note** You won’t have any video properties any more if you right-click and avi file, but I’m sure you never use it!

Yikes! (Dear Good Friend, With presumed reliance, let me introduce myself. I am MR. Mohammed audu, Manager of Universal Trust Bank. I discovered an abandoned sum of $8.4M USD, and I will share it with you and information will be relayed to you as soon as you indicate your interest and willingness to assist me and also benefit your self to this great business opportunity…)

I don’t mean to slam these folks - they are well-intentioned and have discovered their own local maxima (see way below). But none of these solutions is related to our problem.

Is this logical? DON’T MAKE RANDOM CHANGES!

If you write software, you’ve probably been advised (and have advised others) not to randomly change lines in the code, reboot, and see if that solves the problem. You’ll likely make things worse, adding OTHER bugs while not solving the original one. This is not an effective debugging technique, even though most people don’t know any other way to approach a solution. (”But the compilers are so fast these days, so lemmee just try something…”)

Grrr. Students are especially prone to this type of inanity because they haven’t been taught any differently. (’Nother post.)

We have exactly the same situation here.

The internet offers random advice and solutions that will likely change the state of your machine and you’ll probably never be able to restore its state to when you started. Baaaddddd. Danger Will Robinson!

Internet good and internet bad. Tweeking Google into revealing the answer by asking Just The Right Question is faulty logic. On the other hand, the person who ponders the symptoms, brainstorms by him/herself first and then uses the result of that brainstorming to cruise the internet more intelligently…now that’s a better plan.

Thou shalt think before google.

Okay, step down off the soap box and tell us how to approach this debugging thing.

Plan of Attack

Okay. We’re not gonna make random changes. Instead, we’re gonna follow a little formula:

  1. Explore around and brainstorm some approaches
  2. Gather more evidence, reproducing the problem if possible, and develop a hypothesis or two
  3. Validate the hypothesis(es)
  4. Fix the problem
  5. Validate that the fix does in fact, fix the problem!
  6. Check for larger/more generalized examples of the problem to make sure you got all the bugs

First let’s gather some information - The Task Manager

Control-Alt-Delete brings up the option to run Task Manager, which shows CPU utilization (that frustrating 100% scenario) and allows you to check the utilization of active processes. Most folks know about this nice little tool, and it is referenced all over the internet. That’s the pic I showed above.

Click the Processes tab and order by CPU (click twice to show highest utilizations at the top). Ideally, the System Idle Process should take nearly all the cycles, meaning that nothing else is happening. Because the system is, well, idle. (And should not be secretly downloading porn you will eventually be blamed for.)

The problem with Task Manager is that it’s impossible to rewind history to find out what process was taking 100% of the cycles 13 microseconds ago. Because as soon as we try to investigate the problem, it goes away.

So what do I know now?

  • At least one process sucks all the cycles then politely yields when I resume working.
  • I also know from experience that the fan runs when the processor (or some other component in the computer) runs at a high rate for a while, driving up the internal heat of the whole case.

But I have no idea how to nail that offending process to the wall and reveal its slivering little hide.

Gathering More Information - Process Explorer

Process Explorer is a neat little free program that gives more detailed information than Task Manager provides. You can still order processes by name, CPU Cycles, memory, etc., but you can also view the processes in a hierarchical view - services within processes. System processes and services are listed first, followed by Windows Explorer services (you know, “Explorer.exe has encountered a problem and needs to close. Error in instruction 0×0000008b. The referenced memory could not be “read.”) and other loaded programs.

Now - several awesomenesses about this program -

1) In the main view, add columns for many different parameters. I can quickly view the CPU utilization history (peeking backwards in time) for each process! Now I have the tool to identify the offending process.

2) Once I detect a problem has occurred, I can hit the SPACE bar and Process Explorer pauses data collection. Now you wander backwards in time (at your leisure) to figure out just who was doing what to whom.

3) By selecting any of these process entries, you can find the process ID, priority, the actual service itself, the path to the process and the command line to execute the service, parent service, performance graph, handles, etc.

Here’s a screenshot of mine (click for clear view):

If you’re looking for a particular service, hover the mouse over a process name, and the services are quickly identified.

Reproducing the problem - tempting the system into more Bad Behavior

We need evidence beyond our initial list of symptoms. Using this simple tool, we can learn a lot more before hitting the internet.

So now we lay in wait…. Frustrating thing is for this particular problem, I have to ignore my computer in order to actively debug it. So, I run Process Explorer and go away. Pay bills. Pet a cat. Take pictures of critters in the back yard.

Until I hear the offending symptom…AHA! The fan blowing like mad has resumed!

Roaring back to the computer, I kick the mouse and Task Manager shows an immediate drop from 100% CPU utilization, but this time I pause Process Explorer. It shows the same smoking gun - 100% to 4%. But now the fun begins.

Some Smoking Guns!

Of course, when I wrote this entry, I waited for days for this scenario to repeat itself matching the initial screen shot (above) exactly. Like a wayward child, my computer completely behaved, knowing it was under my watchful eye. I couldn’t trap it at full 100% for all times, but this situation is nearly the same.

So, I check out the Performance Graph of every process, and surprise, svchost.exe is the offending cycle-stealer. (Groan - many of you suspected that anyway - about 7 copies of svchost are running at the same time (ALL the time), doing lots of secret stuff we’re never sure about in the first place. Plus, svchost.exe is a frequent hiding place for viruses - but not in this situation.)

And you can see where I came back to see what was going on, and the svchost.exe released the CPU and the Idle process began to run more.

So, double-click on this copy of svchost.exe (Process ID 932) and here’s what I found looking at the properties of svchost.exe:932. Hmmm. Something with a command line argument “HPService.”

In more detail:
Service HPSLPSVC HP Network Devices Support (Generic Host Process for
Win32 Services)
C:\Program Files\HP\Digital Imaging\HPSLPSVC.DLL
C:\WINDOWS\system32\svchost.exe -k HPServices

Let’s learn more. Click on the Services tab. What’s the offending process? HP Network Devices Support.

(Soapbox Moment: Any process that indicates a company/service that is outside my originally installed software AND has the word “support” in it, is automatically suspect in my book. Ya see, “Support” often means, “we’re gonna establish and maintain nearly constant communication with the Mother Ship to make sure your computer is under complete control in our quest to make sure you have absolutely, positively, the latest version of any file we have installed on your machine, with or without your permission.”)

Sigh.

Understanding and Interpreting the Data

Armed with more useful information, I felt a sense of power and control to reveal the subterfuge of my “innocent” laptop. Finally heading to the internet, I search for “svchost.exe HPSLPSVC” and find that many others have experienced the same problem. Some have contacted HP with this information and received no satisfaction, but offer that alternative solutions are possible.

One supposition is the HP Auto Update functions from HP. I checked out my HP driver, but didn’t see a way to turn off auto updates. Grrr. But one individual suggested checking Services for this specific entry using Run>services.msc>HP Network Devices.

In other words, select START, then Run, then type in “services.msc”. You will see a list of Local Services - one is “HP Network Devices Support”.

Online, the function of this service is debated - some feel setting it to Manual turns off the offending auto updates. However, the service page indicates that it monitors HP devices connected over the internet on a regular basis. Setting the status to Manual has no effect unless the IP addresses change.

In either case, it’s logical that this service could suck cycles because it continuously polls devices on the network. It has a priority of 8, which most of the services and programs have. So, it’s possible for it to grab hold and not let go. It shouldn’t detract from normal working activities, but it’s somehow just free-running constantly when nothing else is going on.

Happily, like a child trapped in the car on a sugar high, pleading “Are we there yet? Are we there yet? Are we there yet?”

Sigh.

This info can be found here, and Microsoft support has svchost.exe info here.

A hypothesis in hand - so now what?

I buy into the whole “disable “HP Network Devices Support” in local services.

Hard to prove this one. I could wait for it to happen again. Or, I can try to fix it, and then be aware of how long before (if ever) the problem occurs again. As of today (3 weeks after I started this post), I have not had another instance of the problem.

The other thing to be wary of is any new inability to use my HP printer. I may have to re-enable the service in order to require the appropriate IP address, but now I know what to watch out for. So far, no problem.

I’ll update here if needed.

What would Google say (Or have said)?

I mentioned in the beginning that the answer to Life, the Universe, and Everything can be found on the internet, but constructing the right search string is key. But see, when we start debugging, we often don’t know what to ask. So random internet searching is like randomly changing lines of code.

Walk away from the browser window…

Knowing that auto update functions can cause this bug, the search string (without the enclosing quotes), “auto update taking all cpu cycles” confirms the problem with the very first hit. But in the beginning, we didn’t have enough information to construct a useful search string.

So is it worthless querying Google after the fact like this?

YES!

Remember math, perhaps it was Calculus, where you differentiate to find local and absolute maxima? How do you know that your solution to the problem is a comprehensive and complete one, or a solution that just happens to work for you? Is your solution a local, or an absolute maxima?

Asking the internet about automatic updates in general is extremely useful, because a large percentage of folks asking the 100% CPU question have been hamstrung by Windows Automatic Updates…NOT HP Network Devices Support Updates. We have identified a common source to the problem, but it behooves us to see if other common causes are floating around in our computers, and then decide if we’d like to investigate/fix those (potential) issues as well.

Changing from HP Automatic to Manual Updates - One individual reported that this solved his problem, and that he will just manually update drivers when needed. He hasn’t reported back if this solution worked for him or not. Others have reported joy and happiness when turning off Windows Auto Updates to fix the problem. I’ve disabled the HP Automatic Updates completely.

Takeaway

Thinking about a solution rather than random searching gave us insight into a whole host of CPU 100% causes. And after the fact, using some well-constructed queries, we were able to establish that the HP Automatic Updates is a common culprit. But it’s probably not the most common one.

So if we run into the same 100% CPU Usage problem again, we’ve already identified a number of possible culprits, and we can again avoid the random internet search since we already have a much better clue.

≈ ♦ ≈

See the comprehensive list of All the “Let’s Debug It” Mysteries

Let’s Debug It: A Rabid War between Technology and Nature (Jet Skis vs Mangroves)

Let’s Debug It: My Internet Security Software HATES me, TOLERATES me, REVILES me. Evil BitDefender

Let’s Debug It: Alaskan Scuba Stuff and iPods Don’t Exercise

Let’s Debug It: A Cat’s Plea to Microsoft - “Can You Hear Me Now?”

Let’s Debug It: “No Ma’am (Idiot), You’re Calling from Line 2″

Let’s Debug It: Keyboards and Endothermic Mammals

Let’s Debug It: Hacksaws are Your Friend

Let’s Debug It: My Computer Plays “I’m Ignoring You Now”