Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > services.exe (x2) sucking cpu time

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

services.exe (x2) sucking cpu time

Reply to Message Icon

Name: doofus
Date: March 1, 2004 at 08:17:49 Pacific
OS: w2k pro
CPU/Ram: xp2400 / 500 meg pc320
Comment:

Oddly enuf, something I d/led on Kazaa got me. It first changed my home page...fixed that. Ran Trojan Hunter, Ad Aware, Spy Bot, CWShredder, and Norton Anti Virus. I found and removed (?) cws.xmlmimefilter, and remnants of Win32n netsky B (sp). Every program comes back clean now, but task manager shows two instances of services.exe running, which takes up 99 - 100 % of CPU resources. This problem does not show in safe mode. I have enclosed copy of the hijack this log in the hope someone can point me in the right direction to solve this. Thanks all.....

Logfile of HijackThis v1.97.5
Scan saved at 11:08:40 AM, on 3/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINNT\ServicePackFiles\i386\services.exe
C:\WINNT\ServicePackFiles\i386\services.exe
C:\WINNT\system32\RUNDLL32.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [service] C:\WINNT\ServicePackFiles\i386\services.exe -serv
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38029.4817824074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab




Sponsored Link
Ads by Google

Response Number 1
Name: Abnormal
Date: March 1, 2004 at 13:19:35 Pacific
Reply:

Hi,

O4 - HKLM\..\Run: [service] C:\WINNT\ServicePackFiles\i386\services.exe -serv

Added as the result of the NETSKY or NETSKY.B VIRUSES! Note - not to be confused with the valid Windows "services.exe" which resides in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K) or C:\Windows\System32 (WinXP) as this resides in C:\Windows or C:\Winnt

Info and removal tool;

http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.b@mm.html

Good luck

There is no reason for any individual to have a computer in his home.
Ken Olsen (1926 - ), President, Digital Equipment, 1977


0

Response Number 2
Name: Martin Crandall
Date: March 1, 2004 at 14:53:16 Pacific
Reply:

PS: Get rid of KaZaa, it includes GATOR! Probably, about the worst spyware ever developed. If you want to DL music, use WinMX instead.


0

Response Number 3
Name: doofus
Date: March 1, 2004 at 19:59:44 Pacific
Reply:

I used the Symanted tool and it solved my problem. Thanks all...

Actually, I use KazaaLite++, but this nasty was included in what was supposed to be a crack. I know, I know.........


0

Response Number 4
Name: TheKMACian
Date: March 1, 2004 at 21:35:54 Pacific
Reply:

I think KazzaLite K++ Edition says it doesnt have anything (Adware/Spyware), but my "n-Case" Adware came from it I am sure, I am diverting to WinMX as specified, I dont download illegal music but I download music made by non-copyright artists as a form of mixing for my own music, I download free distribution samples so does speak...

Oh and Gator is the dirty little bitch in teh world, I am glad someone feels the same way, I wish there headqaurters would burn down and everyone with it, or the point of origin, God, you have a prayer, any God at all, I honor all religions for this request, make thier knuckles bleed!

hehe



0

Response Number 5
Name: gforever
Date: March 7, 2004 at 16:09:19 Pacific
Reply:

No luck... i tried everything listed above and everytime i start my computer, it takes awhile to load b/c services.exe is taking up 99% of the CPU..... This happened after my friend told me to reinstall Kazaa Lite....

Any help is greatly appreciated! Thanks!


---------------------
The Legend Continues
GODZILLA FOREVER
http://go.to/gforever/
----------------------


0

Related Posts

See More



Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: services.exe (x2) sucking cpu time
wauclt.exe takes 99% of CPU time www.computing.net/answers/security/waucltexe-takes-99-of-cpu-time/19959.html

services.exe CPU Spike www.computing.net/answers/security/servicesexe-cpu-spike/24410.html

c:\windows\services.exe and port 80 www.computing.net/answers/security/cwindowsservicesexe-and-port-80/12575.html