TechSpot

Services.exe using up tons of CPU

Inactive
By daniel2002
Feb 2, 2013
  1. DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by victoria at 10:25:17 on 2013-02-02
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.468 [GMT -8:00]
    .
    AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
    FW: Lavasoft Ad-Aware *Disabled*
    .
    ============== Running Processes ================
    .
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
    C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
    C:\PROGRA~1\AD-AWA~1\AdAware.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - LocalServer32 - <no file>
    BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
    TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
    mRun: [VX3000] c:\windows\vVX3000.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
    mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351823897281
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{80C12AFE-0B0C-4A90-8184-BBA67C3CCEB0} : DHCPNameServer = 192.168.1.254
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-25 13560]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2013-1-26 22064]
    R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-12-14 1236968]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-2 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-2 682344]
    R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2013-1-26 66344]
    R2 WLANBelkinService;Belkin WLAN service;c:\program files\belkin\f7d4101\v1\wlansrv.exe [2009-12-28 36864]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-2 21104]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-6-8 913792]
    S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2011-5-8 25856]
    S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2012-5-10 642432]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2011-5-8 6016]
    S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2012-12-25 33616]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-5-8 19712]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-5-8 8320]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2011-5-8 23424]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2011-5-8 23936]
    S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-5-8 9472]
    S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-12-25 724736]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 594048]
    .
    =============== Created Last 30 ================
    .
    2013-02-02 18:14:23 6991832 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{10bebfc1-2cf0-48e6-9f48-3c59e18bf27f}\mpengine.dll
    2013-02-02 17:45:27 -------- dc----w- c:\documents and settings\victoria\application data\Malwarebytes
    2013-02-02 17:45:11 -------- dc----w- c:\documents and settings\all users\application data\Malwarebytes
    2013-02-02 17:45:09 21104 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2013-02-02 17:45:09 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-26 10:33:17 6991832 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-01-26 09:45:10 66344 -c--a-w- c:\windows\system32\drivers\sbapifs.sys
    2013-01-26 09:45:09 22064 -c--a-w- c:\windows\system32\drivers\sbaphd.sys
    2013-01-26 09:44:58 -------- dc----w- c:\windows\system32\drivers\VDD
    2013-01-25 20:15:35 -------- dc----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus
    2013-01-25 10:05:53 -------- dc----w- c:\program files\Ad-Aware Antivirus
    2013-01-25 10:04:37 -------- dc----w- c:\documents and settings\all users\application data\blekko toolbars
    2013-01-25 10:04:36 -------- dc----w- c:\documents and settings\victoria\local settings\application data\adawarebp
    2013-01-25 10:04:33 -------- dc----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
    2013-01-25 10:04:13 -------- dc----w- c:\program files\Toolbar Cleaner
    2013-01-25 10:04:04 -------- dc----w- c:\documents and settings\victoria\application data\adawaretb
    2013-01-25 10:03:55 -------- dc----w- c:\program files\adawaretb
    2013-01-25 03:58:18 -------- dc----w- c:\windows\system32\wbem\repository\FS
    2013-01-25 03:58:18 -------- dc----w- c:\windows\system32\wbem\Repository
    2013-01-17 07:36:50 -------- dc----w- C:\7137d442ef9f68f54d2c
    2013-01-16 04:14:06 -------- dc----w- c:\documents and settings\victoria\application data\Windows Search
    2013-01-05 16:36:04 -------- dc----w- c:\documents and settings\victoria\local settings\application data\PCHealth
    2013-01-05 15:44:01 -------- dc----w- c:\windows\system32\XPSViewer
    2013-01-05 15:42:33 89088 -c--a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2013-01-05 15:41:44 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2013-01-05 15:41:44 117760 -c----w- c:\windows\system32\prntvpt.dll
    2013-01-05 15:41:43 597504 -c----w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2013-01-05 15:41:43 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2013-01-05 15:41:41 575488 -c----w- c:\windows\system32\xpsshhdr.dll
    2013-01-05 15:41:41 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2013-01-05 15:41:41 1676288 -c----w- c:\windows\system32\xpssvcs.dll
    2013-01-05 15:41:41 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2013-01-05 15:41:38 -------- dc----w- C:\050cfc66eafa98cd4d5f8a42cbad
    2013-01-05 15:29:56 -------- dc----w- c:\program files\Windows Desktop Search
    2013-01-05 15:29:55 -------- dc----w- c:\windows\system32\GroupPolicy
    2013-01-05 14:56:37 -------- dc----w- c:\documents and settings\victoria\application data\FixCleaner
    2013-01-05 14:55:55 -------- dc----w- c:\program files\FixCleaner
    2013-01-05 10:39:23 232336 -c----w- c:\windows\system32\MpSigStub.exe
    2013-01-05 10:36:11 -------- dc----w- c:\program files\Microsoft Security Client
    2013-01-04 01:27:55 -------- dc----w- c:\documents and settings\all users\application data\AVAST Software
    .
    ==================== Find3M ====================
    .
    2013-01-25 10:04:54 13560 -c--a-w- c:\windows\system32\drivers\gfibto.sys
    2013-01-12 21:58:47 697864 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-12 21:58:46 74248 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-17 14:43:06 33616 -c--a-w- c:\windows\system32\drivers\gfiark.sys
    2012-12-16 12:23:59 290560 -c--a-w- c:\windows\system32\atmfd.dll
    2012-11-26 16:43:46 4584760 -c--a-w- c:\windows\uninst.exe
    2012-11-13 20:29:04 354216 -c--a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 -c----w- c:\windows\system32\msxml6.dll
    2010-12-26 13:16:11 10980832 -c--a-w- c:\program files\FCTBSetup.exe
    .
    ============= FINISH: 10:26:12.75 ===============
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    OTLPE + Farbar Recovery Scan Tool

    • Download OTLPENet.exe to your desktop
    • Download Farbar Recovery Scan Tool and save it to a flash drive.
    • Ensure that you have a blank CD in the drive
    • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
    • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
    • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads [​IMG]
    • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
    • Insert the flash drive with FRST on it
    • Locate the flash drive and run FSRT
    • The tool will start to run.
    [​IMG]
    • When the tool opens click Yes to disclaimer.
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How is this working for you?
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, are you still with us? Please update us with the state of your situation, so we know how to continue from here.

    We'd still like to help. Topic marked inactive, until your return.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.