Services.exe takes up 30% of my CPU

B

buddy gath

Hello
I have Lenovo T500 that's about 3 years old with Windows XP Prof. on it. As of a few months ago I noticed that a process called services.exe has been taking up about 25% to 30% of my CPU non-stop. It's not so much that I can't use my laptop but it definitely is not as responsive as before.

I have been very miticulous with keeping antivirus on my computer at all times (currently Kaspersky) and it doesn't report any virus or malware. I tried to disable any services that I don't need, but still this process is there.

Please help
Thanks
Buddy
 
Kaspersly has been causing those problems on MS server 2008 etc. more usually in taskmgr.exe The solution is a re-install of the latest version of Kaspersky, where the problem is cured.

ALSO see http://www.neuber.com/taskmanager/process/services.exe.html where heavy loading of services.exe can also be a malware infection. Check if is is running services.exe or Services.exe and look for services.exe on your c:\ drive (search for hidden,system files, and tick 'ignore case'). If there is one in c:\windows, it is dangerous trojan malware.

The 'correct' services.exe is in c:\windows\system32 and is 110,592 bytes version 5.1.2600.5755 dated 14 April 2008 on XP SP3 pro
 
Thanks gbhall.
I took your advice and uninstalled Kaspersky. Then watched the task manager for services.exe. Although its load went down somewhat, it was still hovering around 15-20%. Before installing the latest version of Kaspersky, I played with rebooting the system and watching the task manager for when services.exe starts to take up a lot of CPU time. At the beginning of each reboot, when windows was starting, there was no sign of services.exe in the top CPU loaders. Towards the end of Windows' coming up, it looked like all of a sudded services.exe jumped up (around 15-20%). I went into Windows Defender and disabled as many startup programs as I could to see if any of them is the culprit. Didn't make a difference!

Then I installed the latest Kaspersky. The CPU load of services.exe went up a bit to about 25%, a bit less than when old Kaspersky was running but certainly more than wihtout Kaspersky altogether.

I did search for the location of services.exe file in my C: drive. Attached is an image of what the search result window shows. Looks like I do have one such file in the right location (slightly different size and a different date), but there are several others in other subfolders that seem benign, but not sure.

Thank you in advance for your help.
Buddy
 

Attachments

  • Search Result for services.exe.jpg
    Search Result for services.exe.jpg
    68.7 KB · Views: 11
1) Services.exe will always appear as a process but it shouldn’t be using up all that CPU.

2) You can use Process Explorer (PE) to see more detail about all process running. (It's a very cool tool! PE is like Task Manager on steroids!)

3) Hover the mouse over services.exe, PE will show you the directory it’s launched from. Should be C:\Windows\system32\services.exe as gbhall explained

4) Also, if you click the + next services.exe, PE will expand it to show all the child processes it starts and their CPU as well

5) As gbhall also noted, you may want to go the the malware forum as well to be checked out For malware help, follow the 6 steps provided HERE. Create a new thread in the Malware removal forum. Be sure you PASTE all your logs (do not attach them)

/* edit */
p.s. my own XP SP3 services.exe is also in C:\Windows\system32 with same size and version # as gbhall posted. my date is slightly different tho.... mine shows created April 25, 2008
 
Buddy - Your services.exe results from a hotfix http://support.microsoft.com/kb/956572 which mentions that independant software vendors have to check for vulnerability to a certain COM issue with that hotfix. In other words it is the usual mess - a hotfix requires hotfixes afterwards, else it may conflict with other software.

This seems a likely scenario for your problem. It may be a reason to uninstall hotfix KB956572. Alternatively, ensure your entire system has all the latest versions of what you have installed. An excellent program Secunia PSI is great for that purpose - recommended.
 
Thanks LookinAround,
I installed and ran Process Explorer. As you mentioned, it was chuck full of good info about the probelm I was having.
First of all, the directory from which services.exe was running is C:\Windows\system32 which is good.
Secondly, I notice that among all the children of this process (and there are a whole lot of them), there are a couple that are have the most load:
1) avp.exe, which is a Kaspersky antivirus process, taking about 5-10% of the CPU. Is this normal CPU usage for an antivirus program? Note that I have recently upgraded Kaspersky to the latest version 2012.
2) AppServ.exe, which is WiMAX SDK service for Intel ProSet/wireless WiMAX software, taking up another 5-10% of CPU. Is this normal? do I need this software even? (I have an Intel Wireless WiFi Link 5300 adapter in my laptop.)

Besides, the questions above, I have one more question. Does this mean that I can feel relieved that the CPU loading due to services.exe is not due to any viruses?

I am attaching a screenshot of the PE window and the ascii log of the PE, in case they are helpful. I pasted the ascii text below also but the formatting is all lost and makes it hard to read.

Thank you again for your help.
Buddy
------------------
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 58.46 0 K 28 K
System 4 0.77 0 K 1,084 K
Interrupts n/a 1.54 0 K 0 K Hardware Interrupts and DPCs
smss.exe 1796 176 K 476 K Windows NT Session Manager Microsoft Corporation
csrss.exe 1844 2,112 K 11,572 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 1876 8,772 K 6,212 K Windows NT Logon Application Microsoft Corporation
services.exe 1920 20.00 2,340 K 4,644 K Services and Controller app Microsoft Corporation
ibmpmsvc.exe 296 580 K 1,804 K ThinkPad Power Management Service Lenovo.
ati2evxx.exe 368 2,168 K 4,324 K ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 380 3,420 K 6,008 K Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 4616 2,224 K 6,312 K WMI Microsoft Corporation
klwtblfs.exe 1176 1,304 K 4,700 K WebToolBar component Kaspersky Lab ZAO
svchost.exe 456 2,312 K 5,660 K Generic Host Process for Win32 Services Microsoft Corporation
MsMpEng.exe 660 75,700 K 45,604 K Service Executable Microsoft Corporation
RapportMgmtService.exe 700 17,624 K 12,608 K RapportMgmtService Trusteer Ltd.
svchost.exe 836 30,668 K 46,000 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 864 2,520 K 3,936 K Generic Host Process for Win32 Services Microsoft Corporation
S24EvMon.exe 1124 10,196 K 16,100 K Intel(R) Wireless Management Service Intel(R) Corporation
svchost.exe 1352 2,052 K 4,772 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1428 2,872 K 6,132 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1484 6,696 K 8,500 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1532 2,652 K 7,496 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 616 8,788 K 14,176 K Spooler SubSystem App Microsoft Corporation
UMVPFSrv.exe 728 1,752 K 2,576 K Logitech User mode UMVPF service Logitech Inc.
svchost.exe 1772 2,316 K 5,788 K Generic Host Process for Win32 Services Microsoft Corporation
tphkload.exe 2056 1,932 K 3,188 K ThinkPad Message Client Loader Lenovo Group Limited
TPOSDSVC.exe 1724 2,484 K 5,760 K On screen display message generator for ThinkPad Lenovo Group Limited
TPONSCR.exe 3040 868 K 3,484 K On screen display drawer Lenovo Group Limited
TpScrex.exe 3064 1,984 K 3,352 K ThinkPad UltraZoom Lenovo Group Limited
TPHKSVC.exe 2068 2,840 K 5,176 K On screen display Fn+Fx handler Lenovo Group Limited
svchost.exe 2080 6,576 K 11,280 K Generic Host Process for Win32 Services Microsoft Corporation
AppleMobileDeviceService.exe 2100 5,004 K 8,640 K MobileDeviceService Apple Inc.
MemeoService.exe 2484 2.31 26,912 K 32,888 K AutoBackup Service Memeo
mDNSResponder.exe 3260 1,416 K 4,444 K Bonjour Service Apple Inc.
svchost.exe 3332 2,312 K 3,908 K Generic Host Process for Win32 Services Microsoft Corporation
INSTAL~1.EXE 3516 560 K 2,156 K
msiexec.exe 3548 1,220 K 4,396 K Windows® installer Microsoft Corporation
cisvc.exe 3728 2,640 K 248 K Content Index service Microsoft Corporation
cidaemon.exe 6108 1,436 K 276 K Indexing Service filter daemon Microsoft Corporation
cidaemon.exe 1584 1,272 K 1,436 K Indexing Service filter daemon Microsoft Corporation
EvtEng.exe 3796 10,608 K 14,864 K Intel(R) PROSet/Wireless Event Log Service Intel(R) Corporation
PresentationFontCache.exe 4056 13,688 K 12,172 K PresentationFontCache.exe Microsoft Corporation
jqs.exe 2252 2,328 K 1,904 K Java(TM) Quick Starter Service Sun Microsystems, Inc.
CamMute.exe 2416 2,032 K 3,580 K Camera Mute Control Service for ThinkPad Lenovo Group Limited
IoctlSvc.exe 2944 612 K 2,140 K PLFlash DeviceIoControl Service Prolific Technology Inc.
RegSrvc.exe 2996 1,060 K 4,024 K Intel(R) PROSet/Wireless Registry Service Intel(R) Corporation
SeaPort.exe 3004 5,692 K 9,088 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
svchost.exe 3192 3,468 K 7,248 K Generic Host Process for Win32 Services Microsoft Corporation
tvt_reg_monitor_svc.exe 3236 1,212 K 3,868 K ThinkVantage Registry Monitor Service Lenovo Group Limited
tvtsched.exe 3300 3,396 K 6,704 K ThinkVantage Scheduler Lenovo Group Limited
AppSrv.exe 3376 6.15 17,016 K 15,804 K WiMAX SDK service for Intel(R) PROSet/Wireless WiMAX Software Intel(R) Corporation
PWMDBSVC.exe 3440 1,148 K 4,076 K PWMDBSVC Module
DMAgent.exe 3532 4,932 K 7,024 K Red Bend Device Management Service for Intel(R) PROSet/Wireless WiMAX Software Red Bend Ltd.
CALMAIN.exe 3640 1,192 K 3,504 K Canon Camera Access Library 8 Canon Inc.
btwdins.exe 3944 2,532 K 4,148 K Bluetooth Support Server Broadcom Corporation.
alg.exe 5068 1,328 K 4,232 K Application Layer Gateway Service Microsoft Corporation
svchost.exe 3072 1,744 K 4,088 K Generic Host Process for Win32 Services Microsoft Corporation
avp.exe 6584 3.08 235,796 K 265,260 K Kaspersky Anti-Virus Kaspersky Lab ZAO
FNPLicensingService.exe 2172 856 K 2,740 K Activation Licensing Service Macrovision Europe Ltd.
lsass.exe 1932 0.77 4,412 K 2,744 K LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 904 2,588 K 5,616 K ATI External Event Utility EXE Module ATI Technologies Inc.
 

Attachments

  • PE screenshot.jpg
    PE screenshot.jpg
    195 KB · Views: 11
  • spoolsv.exe.txt
    8.3 KB · Views: 7
What is the version # and size in bytes of your services.exe?

In PE, right click services.exe->Properties->Image
> Click the Verify button. Does PE say (Verfied) Microsoft? (you can see on my machine, my version of services.exe is Verified)
> Re: gbhall’s post about that hotfix: Have you checked if you might have the Microsoft hotfix installed that gbhall pointed out?
As to other questions, I don’t really know about those other processes but I can google and take a further look at those processes when I can. (you might also try posting in the Kapersky forums about the Kap process.) Even though it looks like those processes are legit (albeit with too much CPU) it couldn’t hurt to still get checked out in the malware forum as “malware free”

/* edit */
p.s. Also, when you hover the mouse over a services.exe it tells you the services running within the process. I only have two running in my services.exe: Event Log and Plug and Play

/* edit 2 */
fyi.. an alternate method to view services is the Services tab on Properties. I think only svchost.exe and services.exe run services within the process
 
OH. One more very handy feature of PE. If you minimize it (not close it) note the icon in your notification tray. You can use it to keep a graphic view of CPU usage. That sometimes makes it easier to spot any cause and affect between what you're doing and spikes in CPU. Hover the mouse to see:
> Current % CPU
> The process currently using up most of the CPU

 
LookinAround said:
> Re: gbhall’s post about that hotfix: Have you checked if you might have the Microsoft hotfix installed that gbhall pointed out?
Click to expand...

There is no doubt about it - it shows up in the snapshot provided in the search results for post#3.
I suggest it might well be worth uninstalling it if we cannot find any other way to cut the wasted 25% CPU on services.exe

Buddy - you should check you have the right driver for your wireless network. Look in system, hardware, device manager and look at 'network adapters'. Any yellow or red flags, odd extra entries or what?

Right-click, select properties, click the 'driver' panel and view driver details. If you are brave enough, click the 'update driver' button so XP looks for another driver on MS site (often does surprisingly well).
 
Thanks guys,
you've been most helpful. I am happy to announce that the problem is resolved. The culprit was (as gbhall predicted) the driver for my Intel WiFi driver+software. I uninstalled it and installed the latest version from Intel, this time without the software (just driver). And the extra CPU load via services.exe disappeared. I haven't seen my computer run so unburdened in such along time. Feels good.

Thanks again.
Buddy
 
Thanks for the info and glad to have helped. :) Mods: you could mark this thread completed.
 
You must log in or register to reply here.

Similar threads

C
Services.exe spikes up every so often
Replies
1
Views
1K
cpeach
C
midian182
Self-taught programmer creates shovelware games in under 30 minutes, earns over $350,000
Replies
15
Views
324
SethDedun
S
A
Windows UI for disk formatting was a temporary solution that stuck for 30 years
Replies
14
Views
323
VariableSpike
VariableSpike

Latest posts

Back