Services.exe continues to use 30%+ CPU and lots of memory. The virtual memory will keep climbing until the computer is almost unusable and very slow. I have CIS 3.10. Run MBAM and SAS regularly and they find nothing. The screenshot is from being running 10 min from bootup.
I have tried uninstalling CIS and still the problem persists until I do a system recovery rollback to when I know it was OK. Then after a couple of days it will start to act up again.
Hi John. Services.exe encompasses a lot of separate child processes. To get a better idea of what’s causing the problem download Process Explorer
From the view menu select show process tree and Show lower Pane also select Lower Pane Views DLLs. Now in the lower pane right click on the columns and clicj Select Columns add WS Total Bytes.
Now you can see what’s really eating up your resources.
Thanks for the tips on how to set and read Process Explorer. I already have it but have not figured out how to use it until now. I will let you know the results in the morning, it is 9:PM here.
I cannot identify any particular item that is causing the problem. Maybe I am reading Proc. Explorer wrong.
Screenshot included. I am having a hard time even sending this. Everything takes so long to respond.
Thank god I’m not alone. I had the same services.exe problem (now living without any av 88))
Difference is: my story didn’t begin with cis. I uninstalled it to see if my lag in online gaming dissapeared (this was about a month ago) Things got better but not that much, anyway I wanted to try out something else before putting back CIS.
I installed Norton av 2010 beta, wich I used for aprox. 2 weeks when my demo subscription expired, but as a beta user I did a 1 click renewal, and after the reboot and some 10 minutes of running the pc everything started to slow down to a point where only a hard reset helped. On next boot I checked the process tab in task manager and found out that services.exe is gradually eating up all my ram and virtual memory. NAV uninstalled, problem solved.
But as I couldn’t live much without comodo ;D I reinstalled CIS, and after first reboot the problem reappeared >:(
CIS uninstalled again, ran the Norton cleanup utility, ccleaner, CSC…reinstalled cis again and everything was ok at first glance, but the next day services.exe started to eat up my memory again. I had some time to google around before it ate up my 2 gigs and found a wierd solution to a similar problem: in control panel/administrative tools/eventlogs clear the security log (I cleared all of them) and whoala the mem usage started to normalize. After a reboot everithing was still normal. ( !ot!: regardless of the low resource usage of NAV reported by task manager, with cis my whole computer was much more responsive 8))
But few days later it started again… >:( and now nothing helped but uninstall cis. ??? Not that I miss it that much as Im using linux for my everyday tasks only boot to windows when gaming, but as others may have the same problem I may be useful in diagnosing it.
A bit on the technical side:
I was not running any other security app in the background nor did I install new stuff.
My windows is genuine XP pro sp3.
only background apps running: tp-link wireless client, logitech quickcam software and related services, realtek soundman. Thats all.
Im clueless. As it happened with to different security apps (which are patching the kernel in one way) it could be related to some ■■■■■■ MS hotfix too. Just my 2 cents.
John, in the main process explorer window, right click on the columns bar and choose select Columns. When you get the pop-up choose the Process memory tab and select Virtual size and Working set size.
I’d like to see if one of the child Svchost processes is at the heart of this. To gather more information on what each svchost entry is doing you can either hover the entry with the mouse. or better still, double click the entry and choose the services tab.
If, after observing the behaviour of these entities, there is still no plausible candidate, my next step would be to run services.msc from start/run and take a look through the list of, first, running sevices, and then manual services.
My goal here, would be to disable non essential services one by one and look for any differences in behaviour.
Here are two screen shots of Process Explorer with the two columns.
Blas and Creasy thanks for your suggestions. I will be trying them and reporting back.
Here is my hijackthis log. Uninstalling the apps made no difference. I will say that after 20 minutes of high CPU and memory usage it finally settled down, but that is too long to wait after every reboot.
Hi John, i see nothing particularly untoward in your screenshots or log.
It’s interesting that the problem seems to go away after a period of time, to me that indicates a potential boot time configuration issue. It’s possible there may be some sort of service contention issue or possible even a driver issue.
Did you take a look in services.msc and try to disable individual services?
Something else you can try is a little optimisation trick, do this;
None of this made any difference at all. I reinstalled CIS so I would have a firewall and AV, and re-enabled popfile so I can get my email, and automatic updates. The rest are still disabled.
I have that problem too. See attached image. services.exe uses up to 2 GB RAM, and CPU usage is ~30 %, and finally over 50 %. After a few minutes it is normal. :-\
If, after analysis, this is not a malware issue, we’ll have to track down the culprit by other means. My first suggestion would be to download BootlogXP from here:
It’s a fully functional 30 day trial. Extract the zip and install the program. When the program runs click on the ‘Test at Next Boot’ button and restart your system. After booting let the program do it’s thing and then we’ll have a clear picture of which services are loading and how long each takes. it’s possible we’ll get some clues from this.
If we still can’t pinpoint the problem exactly, then we can move on to Perfmon and do some analysis of the private bytes used by each process.
Edit: I forgot to mention, BootLogXP also create a log file in the root of C: you might post that here too.