Services.exe at 30% CPU and high memory usage

Can someone help me with this.

Services.exe continues to use 30%+ CPU and lots of memory. The virtual memory will keep climbing until the computer is almost unusable and very slow. I have CIS 3.10. Run MBAM and SAS regularly and they find nothing. The screenshot is from being running 10 min from bootup.

I have tried uninstalling CIS and still the problem persists until I do a system recovery rollback to when I know it was OK. Then after a couple of days it will start to act up again.

I have XP Home 32bit.

Any suggestions or help will be appreciated.



[attachment deleted by admin]

Hi John. Services.exe encompasses a lot of separate child processes. To get a better idea of what’s causing the problem download Process Explorer

From the view menu select show process tree and Show lower Pane also select Lower Pane Views DLLs. Now in the lower pane right click on the columns and clicj Select Columns add WS Total Bytes.

Now you can see what’s really eating up your resources.

Thanks for the tips on how to set and read Process Explorer. I already have it but have not figured out how to use it until now. I will let you know the results in the morning, it is 9:PM here.


I cannot identify any particular item that is causing the problem. Maybe I am reading Proc. Explorer wrong.
Screenshot included. I am having a hard time even sending this. Everything takes so long to respond.


[attachment deleted by admin]

Hi there,

Thank god I’m not alone. I had the same services.exe problem (now living without any av 88))
Difference is: my story didn’t begin with cis. I uninstalled it to see if my lag in online gaming dissapeared (this was about a month ago) Things got better but not that much, anyway I wanted to try out something else before putting back CIS.

I installed Norton av 2010 beta, wich I used for aprox. 2 weeks when my demo subscription expired, but as a beta user I did a 1 click renewal, and after the reboot and some 10 minutes of running the pc everything started to slow down to a point where only a hard reset helped. On next boot I checked the process tab in task manager and found out that services.exe is gradually eating up all my ram and virtual memory. NAV uninstalled, problem solved.

But as I couldn’t live much without comodo ;D I reinstalled CIS, and after first reboot the problem reappeared >:(
CIS uninstalled again, ran the Norton cleanup utility, ccleaner, CSC…reinstalled cis again and everything was ok at first glance, but the next day services.exe started to eat up my memory again. I had some time to google around before it ate up my 2 gigs and found a wierd solution to a similar problem: in control panel/administrative tools/eventlogs clear the security log (I cleared all of them) and whoala the mem usage started to normalize. After a reboot everithing was still normal. ( !ot!: regardless of the low resource usage of NAV reported by task manager, with cis my whole computer was much more responsive 8))

But few days later it started again… >:( and now nothing helped but uninstall cis. ??? Not that I miss it that much as Im using linux for my everyday tasks only boot to windows when gaming, but as others may have the same problem I may be useful in diagnosing it.

A bit on the technical side:
I was not running any other security app in the background nor did I install new stuff.
My windows is genuine XP pro sp3.
only background apps running: tp-link wireless client, logitech quickcam software and related services, realtek soundman. Thats all.

Im clueless. As it happened with to different security apps (which are patching the kernel in one way) it could be related to some ■■■■■■ MS hotfix too. Just my 2 cents.

I think one of following items.


Uninstall them(comodo products and popfile) and check it again.

If it doesn’t work, show us your hijackthis log please.

John, in the main process explorer window, right click on the columns bar and choose select Columns. When you get the pop-up choose the Process memory tab and select Virtual size and Working set size.

I’d like to see if one of the child Svchost processes is at the heart of this. To gather more information on what each svchost entry is doing you can either hover the entry with the mouse. or better still, double click the entry and choose the services tab.

If, after observing the behaviour of these entities, there is still no plausible candidate, my next step would be to run services.msc from start/run and take a look through the list of, first, running sevices, and then manual services.

My goal here, would be to disable non essential services one by one and look for any differences in behaviour.


Here are two screen shots of Process Explorer with the two columns.
Blas and Creasy thanks for your suggestions. I will be trying them and reporting back.


[attachment deleted by admin]

Here is my hijackthis log. Uninstalling the apps made no difference. I will say that after 20 minutes of high CPU and memory usage it finally settled down, but that is too long to wait after every reboot.


[attachment deleted by admin]

Check this out.(try to uninstall or disable them)

D:\Programs\System Tools\Comodo\EasyVPN\Vpnservice.exe
D:\Programs\System Tools\Comodo\CBU-2\SynchronizationService.exe
O20 - Winlogon Notify: !SASWinLogon - D:\Programs\System Tools\Super Antispy\SASWINLO.dll
O23 - Service: COMODO Backup Console Service (ComodoBackup) - Unknown owner - D:\Programs\System Tools\Comodo\CBU-2\SynchronizationService.exe
O23 - Service: ComodoBackupService - COMODO - D:\Programs\System Tools\Comodo\BackUp\CmdBkSvc.exe
O23 - Service: COMODO EasyVPN VNC Service (CrdphService) - COMODO - D:\Programs\System Tools\Comodo\EasyVPN\crdphService.exe
O23 - Service: COMODO EasyVPN Service (EasyVpnAdpt) - Unknown owner - D:\Programs\System Tools\Comodo\EasyVPN\Vpnservice.exe

And is there anything in Windows Event?

Also can you show us all of your Startup programs?

Hi John, i see nothing particularly untoward in your screenshots or log.

It’s interesting that the problem seems to go away after a period of time, to me that indicates a potential boot time configuration issue. It’s possible there may be some sort of service contention issue or possible even a driver issue.

Did you take a look in services.msc and try to disable individual services?

Something else you can try is a little optimisation trick, do this;

Open a command prompt and type:

Rundll32.exe advapi32.dll,ProcessIdleTasks [Enter]

leave that to run for 10 minutes of so, you won’t get any feedback from this. After a short period of time type:

defrag c: -b

Restart and see if it makes any difference.

This did not help.

Here is what I did: With a reboot between each one, leaving the previous one disabled.

  1. Uninstalled CIS completely (should have saved the db…108mb download)

  2. Disabled - Service: COMODO Backup Console Service (ComodoBackup) D:\Programs\System Tools\Comodo\CBU-2\SynchronizationService.exe

  3. Disabled - Service: COMODO EasyVPN VNC Service (CrdphService) - COMODO - D:\Programs\System Tools\Comodo\EasyVPN\crdphService.exe
    and - Service: COMODO EasyVPN Service (EasyVpnAdpt) - D:\Programs\System Tools\Comodo\EasyVPN\Vpnservice.exe

  4. Disabled - Service: ComodoBackupService - COMODO - D:\Programs\System Tools\Comodo\BackUp\CmdBkSvc.exe

  5. Disabled startup - D:\Programs\Security Tools\Popfile\popfileb.exe

  6. Disabled - Service - Automatic updates.

  7. Uninstalled SAS to get rid of Logon notify.

None of this made any difference at all. I reinstalled CIS so I would have a firewall and AV, and re-enabled popfile so I can get my email, and automatic updates. The rest are still disabled.

I am posting some screenshots as well.


[attachment deleted by admin]

I have that problem too. See attached image. services.exe uses up to 2 GB RAM, and CPU usage is ~30 %, and finally over 50 %. After a few minutes it is normal. :-\

No problem in safe mode…

[attachment deleted by admin]

This sounds kind of familiar. ???

It looks like the problem described in this thread:

Especially when you have Windows XP.


Let’s make it sure for malwares.

Try Kaspersky, NOD32.

If nothing comes out, let’s think about other problems.(drivers, hardware etc)

If, after analysis, this is not a malware issue, we’ll have to track down the culprit by other means. My first suggestion would be to download BootlogXP from here:

It’s a fully functional 30 day trial. Extract the zip and install the program. When the program runs click on the ‘Test at Next Boot’ button and restart your system. After booting let the program do it’s thing and then we’ll have a clear picture of which services are loading and how long each takes. it’s possible we’ll get some clues from this.

If we still can’t pinpoint the problem exactly, then we can move on to Perfmon and do some analysis of the private bytes used by each process.

Edit: I forgot to mention, BootLogXP also create a log file in the root of C: you might post that here too.

Screenshot of Kaspersky and text of Esset. K forund nothing and Esset found 3 false positives.


[attachment deleted by admin]

John, one other thing, would you check your event logs please, start/run eventvwr and see if there’s anything strange going on.

Here is what I found in the event viewer. I can’t figure it out but maybe you can. The one is Super Antispy which I have since uninstalled.


[attachment deleted by admin]

The first problem can be overcome by using this utility from MS:

The missing entries you can probably remove easily enough. I’ve always found Autoruns for Windows useful for tracking down rogue dlls and drivers.