I finally got the bottom of what was causing System Restore Service running under SVCHOST to saturate the CPU at 100%. I'll document it here for any unlucky soles who may encounter the same problem.
Svchost runs a whole slew of services on behalf of the system – so the trick was to find which one was running away. I downloaded a tool called Process Explorer from http://www.sysinternals.com/ntw2k/fr.../procexp.shtml. It will report the process ID of each process in memory, and in the case of the svchost process, all services attached to it. At Control Panel - Admin Tools – Services, I selectively stopped each service to see which one was causing the load (then later started it again if stopping had no effect). In my case, I found that the System Restore Service (srservice – srsvc.dll) was running away at 99%.
Next I opened a support case with Microsoft. We used numerous tools to troubleshoot the service. One of the more valuable tools was FILEMON, available at http://www.sysinternals.com/ntw2k/source/filemon.shtml. It shows all files that are touched during the monitor period. We also used the proprietary USERDUMP tool from Microsoft, which is not available for download, and for which I had no tool to analyze the results.
Microsoft determined that the latest restore point in the SRService database was corrupt, and the service was getting hung when it tried to delete one of its files. The restore points comprising the SRService database are stored on my machine at the following location: C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}
The solution was to manually remove all restore points in the SRService database, using Windows Explorer. Here are the steps to accomplish this.
1. Boot the machine with SRService disabled (Select Start / Control Panel / Administrative Tools / Services. Double click System Restore Service, and set Startup Type to Disabled, then click OK. Re-boot. You may have to rename srsvc.dll, even in the DLL cache, to keep it from starting - it's fairly persistent.)
2. You must grant access to the System Volume Information folder on C: (Article 309531).
2a. Get a command prompt and type the following, including quotes:
cacls "C:\System Volume Information" /E /G username:F
2b. (To undo these permissions later when finished, type the follwing)
cacls "C:\System Volume Information" /E /R username
3. Move the offending folder, in my case C:\System Volume Information\_restore{2EDE8FBE-CD64-4AC6-BB82-21229910E44C}\RP140", to a temporary location
4. reboot
5. Right click My Computer, and select Properties. This automatically starts SRService and changes its startup from disabled to automatic
6. Click the System Restore tab
7. Select “Turn Off System Restore” and click apply. Notice the _restore… folder disappears in the System Volume Information folder. Warning: all restore points are deleted.
8. Go back and uncheck “Turn Off System Restore” then click apply. Notice the _restore… folder appears in the System Volume Information folder (No, the previous restore points don’t re-appear.)
9. SRService should no longer hog the CPU!