Upon entering msconfig and making the mistake of disabling services, all services are not stopped except logging for instance. Enabling all in msconfig in safe mode or not does not fix the problem.
Cannot move files, print services no longer available, network is offline, RPC for Roxio restore is disabled, microsoft restore is down. How can I renable all services? I have tried enable all and selected normal startup in the system config utility but nothing renables the services.
Also in trying to remove svchost thinking it might be a virus, i made the mistake possibly of removing SvcHOST.exe and blastcln.exe from the registry. Not sure if the following commands corrupted the registry, or removing these executables were a mistake. I did an attrib -H -R -S scvhost.exe and the same on blastcln.exe. Restored the files having backed them up, but the registry is likely corrupt or simply no longer have th entries required if these two execs are required. I was having problems with scvhost.exe consuming considerable resources on the system and from various posts it sounds like these were potential viruses.
"Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started."
Keep this quote in mind !
Ok, let's see...
Since you can't access your desktop anymore(then use your windows cd and the recovery console--the cmd will appear), or maybe you can with safe mode or last good known config...
Either way, you have to copy the svchost.exe from your C:\Windows\System32\Dllcache or from C:\WINDOWS\ServicePackFiles\i386 (depending on your sp version) to the System 32 directory.
And you can try a regsvr32 svchost.exe command line also.
If you can access safe mode see in computer management under services, maybe you can start them manually and put them on automatic,etc.
The good news is that I backed up the original files, knowing my ignorance and knowing I shouldn't touch these files inspite of posting saying they might be contaminated with a virus.
I went into single user mode and copied over the backup files, this fixed the problem.
After reading more documentation on this file, svchost.exe, I notice this file takes up 90% CPU usage and I have to kill the process to free the resources. Killing the process doesn't seem to cause any obvious problems.
I have also checked the services associated with the process and even stopped these or entirely disabled them. But it still takes 90% of the CPU usage until I kill the process. Why is this happening?
If the services are disabled, svchost.exe should have no work to do. Correct? It should not take up 90% CPU utilization if the services it manages are disabled, correct?
How can I find out what is taking place, threads executing and why for this particular process on XP to see if there is another service I might be missing or to see if some virus is attaching itself to svchost.exe via a DLL or shared library?
I also notice if I suspend the process, everything essentially locks up on the system. Browsers for instance will not pop up. It seems as though the system blocks waiting for this process to wake up even when the services are disabled, why is that?
Also, before messing with the registry, you should save the portion of the registry you are changing (as a .reg file) so that it is easy to restore those settings by just double clicking the .reg file.