The legit services.exe runs from C:\Windows\system32 NOT C:\Windows.
Go to jotti.org
Browse to the location of that file and submit [upload] it for scanning/analysis. You should get back results that will identify what your dealing with.
You can also try performing a couple of these online Virus scans
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component
]Trend Micro Housecall ScanTrend Micro Housecall Scan for FirefoxPanda ActiveScan
[ActiveScan Panda does not remove adware/spyware but will autoclean for viruses & worms.]a-squared Web Malware ScannerThere are three options
: Quick Scan, Smart Scan, Deep Scan and Custom Scan
. The default
selection is Smart Scan
which is fast and scans the most important folders.
If this does not resolve the problem, I suggest you read and follow all instructions
in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log.
When you have done that, post a log
in the HijackThis Logs and Analysis Forum
, not here
, for assistance by the HJT Team Experts.