powershell cpu spikes please help [solved]

Discussion in 'PC' started by panaman, Nov 26, 2023.

  1. panaman

    panaman Kapellmeister

    Joined:
    Jul 8, 2017
    Messages:
    249
    Likes Received:
    45
    7950x3d processor, win10 21h2 phoenix lite os. my setup is running so nicely @ zero to 1% cpu when idling, except ...

    every couple of minutes, irregularly, i get major cpu spikes: 100% on 2 cores, 30-50% on 2 or 3 more cores, and some rippƶes on many more, in task manager.
    in process hacker, an instance of powershell takes top spot when sorting by cpu, but gets terminated faster than i could click on it.

    how can i find out what is starting powershell, can i find a log or a script. can i just rename it and see what happens or is that bsod heaven? is the powershell a vital win component?
    not sure if it,s as bad as taskmanager makes it look, it sure is annoying even though latency monitor doesn,t show much disturbance from it.

    please help me out of this...

     
    • Interesting Interesting x 1
    • List
  2.  
  3. DoubleTake

    DoubleTake Audiosexual

    Joined:
    Jul 16, 2017
    Messages:
    2,318
    Likes Received:
    1,242
    I would check in Task Scheduler, from what I found so far...
    I would also look in startup programs, using this handy program:
    https://www.nirsoft.net/utils/what_run_in_startup.html
    (download link near the bottom of page).
    It is a "stand-alone" program or "portable", meaning you don't have to install it.
    It has all it needs to run in its own folder.

    It seems suspicious ..
     
  4. Soul1975

    Soul1975 Platinum Record

    Joined:
    May 13, 2015
    Messages:
    361
    Likes Received:
    183
    Location:
    Earth
    My system has been doing the same thing lately.
    I'm not sure why though because, like you, it closes out before I can catch where it's running from. I think it's from a recent plug-in but I still don't know which one. Even uninstalled powershell and downloaded the latest version. I read somewhere that it could be a hack attempt but I doubt it. Anyways, I'll be running through some recent installs, if I figure it out, I'll let you know.
     
  5. panaman

    panaman Kapellmeister

    Joined:
    Jul 8, 2017
    Messages:
    249
    Likes Received:
    45
    in my case not a vst, none installed. only reaper and kontakt, relatively newish install. has never been online
     
  6. Jacques Todd

    Jacques Todd Member

    Joined:
    Jun 11, 2022
    Messages:
    10
    Likes Received:
    9
    Try using Process Monitor. Start capturing your system activity and just sit and wait until your CPU spikes again. Then pause system capture and filter the logs with keywords like powershell.
     
  7. Soul1975

    Soul1975 Platinum Record

    Joined:
    May 13, 2015
    Messages:
    361
    Likes Received:
    183
    Location:
    Earth
    Which version of reaper and kontakt?
     
    • Interesting Interesting x 1
    • List
  8. Will Kweks

    Will Kweks Rock Star

    Joined:
    Oct 31, 2023
    Messages:
    565
    Likes Received:
    335
    Powershell is a scripting language/environment, used in many, many tasks. Updaters, maintenance jobs, installers etc. etc. If you try to get rid of it you'll do your system no favours. As in, you'll probably break it. Use Sysinternals' "Autoruns" from https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns to disable any updaters etc. that might run on system startup. Also check Task Scheduler to see if there are any errant tasks configured. Also see what @Jacques Todd recommendeded (also a fine Sysinternals tool).

    If it's just a task that pops up every now and then, but doesn't cause any dropouts, then there's nothing to worry about. It's probably running at low priority anyway and it just looks like it's eating extra CPU time. Those counters are not exact science anyway.
     
    • Like Like x 2
    • Agree Agree x 1
    • List
  9. Garamondo Furbish

    Garamondo Furbish Audiosexual

    Joined:
    Nov 13, 2023
    Messages:
    1,928
    Likes Received:
    933
    Location:
    North America
    you can use ProcessExplorer to quickly kill any task hogging CPU cycles, you can also use it to restict how many cores it can use and how high or low the task priority is. The restrictions aren't permanent, only affect the current itireation of the processes. but there are techniques that can make it permanent once you have ascertained it is the problem and what is the minimum cpu it can use without crashing or detrimentally slowing down your system.

    Just right click the offending process in ProcessExplorer, and your see "affinity" and "priority"
    you can also detach the visual graph so you watch how your cpu/ram etc is being banged on by programs and processes and
    if you mouse over the graph it will show the offenders.

    I have process explorer in my start up menu, couldn't run windows without it.

    Processexplorer is part of sysinternals utilities, so good Microsoft bought the company.
    there is an entire suite of utilites - all free suggest you get the whole package and learn to lean on it when trouble rears it head.

    start here:

    https://learn.microsoft.com/en-us/sysinternals/
     
  10. tzzsmk

    tzzsmk Audiosexual

    Joined:
    Sep 13, 2016
    Messages:
    3,711
    Likes Received:
    2,280
    Location:
    Heart of Europe
    I'd start with (free) Malwarebytes scan for viruses and malware,
    the fact you're using shady Windows image means you never know what's going on in the background,
    you can enable highest security on UAC which would eventually trigger annoying popup with user consent of powershell modifying system, but I'd also check Task Scheduler, Startup as well as startup and scheduled registry entries
    :chilling:
     
  11. panaman

    panaman Kapellmeister

    Joined:
    Jul 8, 2017
    Messages:
    249
    Likes Received:
    45
    ok, thank you all for contributing, seems i,m half way there...
    what i found:
    the powershell is called by svchost, not much help
    the parameter is: disableunusedsmb1.ps1 , a ms script.
    in it the line: ...get-windowsoptionalfeature -online ...
    (my pc is offline by design. )

    optionalfeatures.exe is not in my system32, must be one of those things stripped in phoenix os.
    i suspect the script cannot disable the smb protocol because
    it is offline or the optionalfeatures.exe is missing, or some setting i may have done in group policies... i never said it wasn,t my fault.

    so what can i do, any suggestions please? i have a rough idea what the lines in the script do, but not enough to actually modify it. could i replace it with one of the examples, one less complex and less cpu consuming?
     
    Last edited: Dec 3, 2023
  12. DoubleTake

    DoubleTake Audiosexual

    Joined:
    Jul 16, 2017
    Messages:
    2,318
    Likes Received:
    1,242
    When I Google "disableunusedsmb1.ps1" I get a LOT of hits, and it seems the hits are mostly not about any modified Windows, but normal installs. Same for "get-windowsoptionalfeature -online"

    I have not gone through any of the results yet as there are so many, and you'll likely pick from them better than I could..
     
  13. panaman

    panaman Kapellmeister

    Joined:
    Jul 8, 2017
    Messages:
    249
    Likes Received:
    45
    i read thru a few of them, seems smb protocol is a vulnerabiƶity, not applicable to my offline pc, so i don,t need it en-or disabled, just get rid of the ps script. the articles don,t explain that part though.
     
  14. xorome

    xorome Audiosexual

    Joined:
    Sep 28, 2021
    Messages:
    1,176
    Likes Received:
    860
    Best Answer
    Try what's been suggested in the first post. Go to Task Scheduler and disable:

    \Microsoft\Windows\SMB\UninstallSMB1ClientTask
    \Microsoft\Windows\SMB\UninstallSMB1ServerTask
     
  15. panaman

    panaman Kapellmeister

    Joined:
    Jul 8, 2017
    Messages:
    249
    Likes Received:
    45
    thank you so much, this did help. i was really suffering.
    i hadn,t realized that the task scheduler library is not just a collection of examples but a trove of lurking daemons waiting to bug me. so i,ll spend the rest of the weekend going thru all of them.

    now cpu is quietly @ 2%, 5GHz. hw monitor uses 1% alone.
    reaper is @ 0.3% with 4 asio ins+outs and a stock reverb on each. and of course i have also running 4x 31band eq, 4x psy.q channel strip, 4x compressor and stereo widener, plus some more running on my creamware cards,
    reaper says 2.9/2.9ms latency @ 44khz and 1.3/1.3ms @ 96khz which should be good enough for me.
     
  16. Garamondo Furbish

    Garamondo Furbish Audiosexual

    Joined:
    Nov 13, 2023
    Messages:
    1,928
    Likes Received:
    933
    Location:
    North America
    sometimes when windows wants a program and you don't want it to have it, you can create a textfile with whatever you want in it and rename it to the file windows wants, ie "myprogram.exe", instead of "Myprogram.txt"

    of course it will fail to do whatever microsoft is trying to do, but it will let you see whats up...
     
Loading...
Similar Threads - powershell spikes please Forum Date
appx Error in Powershell PC Jan 8, 2024
Huge spikes in traction waveform DAW Aug 18, 2024
Huge CPU spikes in Logic Pro X v10.8.1 on new Macbook M2 Mac / Hackintosh Aug 16, 2024
Studio One suddenly having huge CPU spikes after resetting some internet settings? Studio One Mar 30, 2024
Random CPU spikes in Logic Pro on Apple Silicon Logic Dec 10, 2023
Loading...