Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

services.exe


  • Please log in to reply

#1
imafool4u

imafool4u

    Member

  • Member
  • PipPip
  • 95 posts
I asked a few people how much memory their services.exe was using in task manager and they gave me ranges of 1,000 to 6,000 kb...Mine's definitely using 60,000 to 80,000 kb of memory, which is reflective of the moderate lag :whistling:

Any ideas what's wrong?
  • 0

Advertisements


#2
imafool4u

imafool4u

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Would a Hijack this log help? :whistling:
  • 0

#3
imafool4u

imafool4u

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:06:49 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\DAEMON Tools\daemon.exe
H:\WINDOWS\Mixer.exe
H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
H:\Program Files\CursorXP\CursorXP.exe
H:\Program Files\AIM\aim.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\msn messenger\msnmsgr.exe
H:\Program Files\LimeWire\LimeWire.exe
H:\Documents and Settings\Fool\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [MSConfig] H:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [kav] "H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CursorXP] H:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [AIM] H:\Program Files\AIM\aim.exe -cnetwait.odl
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\WINDOWS\system32\msjava.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - H:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - H:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://uproar.com/ap...pside_web18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29B39846-0902-49E5-B96A-2F1FC54E9A72}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E1F1AB6-CB49-4439-992E-614E2D98C4B0}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E6B83FF-7D89-4F9D-84BF-177F3F3D029B}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F8434A1-FBD0-4387-AF18-9E48552D25E7}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C063327-B8C5-44AD-8A6E-429B3C7E345A}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DF48417-8F9B-4887-B03E-54725AE054FE}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{97EB9257-3A92-48F0-880D-6FA5C3697DC4}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{B12CE733-24EF-4459-ADEE-FC4A03431044}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB6F1781-8F9B-48E1-8685-66E61E10C7EC}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF3359EA-4E47-4E1F-A0CB-1953CB319DB4}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.26 85.255.112.104
O17 - HKLM\System\CS1\Services\Tcpip\..\{29B39846-0902-49E5-B96A-2F1FC54E9A72}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.26 85.255.112.104
O17 - HKLM\System\CS2\Services\Tcpip\..\{29B39846-0902-49E5-B96A-2F1FC54E9A72}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.26 85.255.112.104
O17 - HKLM\System\CS3\Services\Tcpip\..\{29B39846-0902-49E5-B96A-2F1FC54E9A72}: NameServer = 85.255.116.26,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.26 85.255.112.104
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - H:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "H:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll,wbsys.dll
O20 - Winlogon Notify: klogon - H:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - H:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - H:\WINDOWS\system32\UAService7.exe (file missing)
  • 0

#4
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Hi imafool4u...

Yup...attach a HiJackThis log for me so I can see where that particular exe is running from. Usually Services.exe is legit, but it can also be malware...the difference is in which directory they run from.

wannabe1
  • 0

#5
imafool4u

imafool4u

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
I have the most boring HijackThis! log in the history of HijackThis! logs :whistling:
  • 0

#6
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
There are quite a few suspicious entries in your log.

Click Start, then Run, type regedit and click "Ok". Does the registry editor open?
  • 0

#7
imafool4u

imafool4u

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
True.
  • 0

#8
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
True? Does this mean registry editor opened?

Something has tried to disable it...O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Did you change that value?
  • 0

#9
imafool4u

imafool4u

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
I see the DisableRegistryTools being set equal to 1, but it still opens fine :/
  • 0

#10
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
Hmmm

Let's let the malware folks have a look at your log. There are a few remnants of infection and some entries that I don't recognize as legit...that's not saying it's an infection, but I can't rule that out, either.

Please go to the Malware Forum and follow the instructions found there.

That will give you several steps that will help you clean up 70 percent of all problems by yourself...then post a hijackthis log in THAT forum. Be patient, the Malware Forum is a very busy place and a two or three day wait is not unusual. DO NOT REPLY TO OR BUMP YOUR OWN LOG. If it shows a reply it may be overlooked as one that is being worked on.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

wannabe1
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP