none
Services 69c72 RRS feed

  • Question

  • Hiya all,

    Today found many services with _69c72 at the end of their names: Windows Push Notifications User Service (WpnUserService_69c72), User Data Storage (UnistoreSvc_69c72), User Data Access (UserDataSvc_69c72), Sync Host (OneSyncSvc_69c72), MessagingService (MessagingService_69c72) and CDPUserSvc (CDPUserSvc_69c72, no description). In another Win10 box found the same services but there with _168708 at the end. What are they and are they reliable? Thanks for any enlightenment. Kind regards, Marcel


    • Edited by Snx1 Tuesday, August 23, 2016 9:43 AM Addendum
    Tuesday, August 23, 2016 9:32 AM

Answers

  • Well the numbers at the end of the names for descriptions are present from me in 1607 machines. Not clear if that is intentional by MS linked to profiles or something or an oversight.

    What is the CDPUsersvc for ? a previous thread on that service from that my response;

    CDPUserSvc_3e64b is svchost.exe -k UnistackSvcGroup. Looking at that with Process Explorer, under the Services tab of the Properties of that process;

    OneSyncSvc_3e64b Sync Host_3e64b

    This service synchronizes mail, contacts, calendar and various other user data.
    Mail and other application dependent on this functionality will not work
    properly when this service is not running.

    PimIndexMaintenanceSvc_3e64b Contact Data_3e64b

    Indexes contact date for fast contact searching. If you stop or disable this
    serice, contacts might be missing from you search results.

    UnistoreSvc_3e64b User Data Storage_3e64b

    Handles storage of structed user data, including contact info, calendars,
    messages and other content. If you stop or disable this service, apps that use
    this data might work correctly.

    UserDataSvc_3e64b User Data Access_3e64b

    Provides apps with access to structured user data, including contact info,
    calendars, messages and other content. If you stop of disable this service,
    apps that use this data might not work correctly

    Also has a https connection MS server, so looking it is OneDrive \ contacts related. Properly could do with some finishing touches on the service...

    • Marked as answer by Snx1 Monday, August 29, 2016 1:57 PM
    Tuesday, August 23, 2016 1:00 PM
  • Well I am seeing them on clean installed Windows 10 1607 so no other software, so intentional or otherwise they appear as Microsoft services to me.
    • Marked as answer by Snx1 Tuesday, August 23, 2016 7:16 PM
    Tuesday, August 23, 2016 2:32 PM

All replies

  • Well the numbers at the end of the names for descriptions are present from me in 1607 machines. Not clear if that is intentional by MS linked to profiles or something or an oversight.

    What is the CDPUsersvc for ? a previous thread on that service from that my response;

    CDPUserSvc_3e64b is svchost.exe -k UnistackSvcGroup. Looking at that with Process Explorer, under the Services tab of the Properties of that process;

    OneSyncSvc_3e64b Sync Host_3e64b

    This service synchronizes mail, contacts, calendar and various other user data.
    Mail and other application dependent on this functionality will not work
    properly when this service is not running.

    PimIndexMaintenanceSvc_3e64b Contact Data_3e64b

    Indexes contact date for fast contact searching. If you stop or disable this
    serice, contacts might be missing from you search results.

    UnistoreSvc_3e64b User Data Storage_3e64b

    Handles storage of structed user data, including contact info, calendars,
    messages and other content. If you stop or disable this service, apps that use
    this data might work correctly.

    UserDataSvc_3e64b User Data Access_3e64b

    Provides apps with access to structured user data, including contact info,
    calendars, messages and other content. If you stop of disable this service,
    apps that use this data might not work correctly

    Also has a https connection MS server, so looking it is OneDrive \ contacts related. Properly could do with some finishing touches on the service...

    • Marked as answer by Snx1 Monday, August 29, 2016 1:57 PM
    Tuesday, August 23, 2016 1:00 PM
  • Dear Mr. Happy, Thank you. Saw these descriptions too. So all these strange looking processes are legitimate, intentional and invented by Microsoft? Would have been nice to learn more about which apps rely on these processes and as you wrote "some finishing touches". Also strange that some cannot be disabled or otherwise changed. Marcel
    Tuesday, August 23, 2016 1:38 PM
  • Well I am seeing them on clean installed Windows 10 1607 so no other software, so intentional or otherwise they appear as Microsoft services to me.
    • Marked as answer by Snx1 Tuesday, August 23, 2016 7:16 PM
    Tuesday, August 23, 2016 2:32 PM
  • 1st thing - naming convention! sloppy. also crud descriptions.

    2nd thing- name changes after every reboot! atypical of MS and safe programming practices.

    #3 - how it functions. Try enumerating running services via PowerShell, instead of Services.msc or TaskMgr.exe. Try enumerating the list of services scheduled to start. You'll see that it disappeared from these actual lists.

    When Windows processes a list of services to launch, that list gets modified in memory as it's loaded from the registry or whereever. basically, the svchost.exe takes a link to code, I think even in the form a of a DLL, and hosts it's process as an executable. The list either gets modified to point to some file on the disk containing valid function code, though malicious in intent, or to actual code already in memory loaded earlier by some other process not detected by Windows. Effectively, it chain loads an old fashion TSR. The processes for the hosting services can be terminated, and malicious code is already loaded into memory. it just uses the running services to touch down into user space if it needs to. In the old days, virus scanners used to scan all memory for this. they can't do that anymore I think because of new Windows memory security model. So when svchost.exe get's scanned by antivirus, it passes as only the signature of the executable on disk is validated. Antivirus doesn't know what DLL it has opened and loaded as a program cause no memory scan performed (I think). Antivirus didn't notice the file on the disk, because it's compressed or encrypted, or signature not cataloged.

    I actually don't have access to the full internet. The same group of people who think it's OK for MS and the industry (antivirus vendors also) to turn a blind eye on Illuminati virus mass beta testing, run our internets with fake search results.  With latest build, it seems there has to be 3 hosting processes running instead of just one for the underware suite to still provide all its functionality.

    I have seen many different ignorant responses to this question, and a super limited set of search results returned, some results in Russian and Chinese.  A secret agent tech school is being run online, publicly.  It's all being logged and being used for employment consideration at your next tech job. There are two parts- the technical - do you understand it's not legitimate services and how it works, and loyalty points - will you be intimidated to post after reading socially engineered misleading forum posts full of purposeful disinformation, or lie replying to a post you that don't know what it is.  Also, I guess, what are your politics- is this ok to do or talk about. Again, my internet is censored so that I can only make partially informed risky comments.

    So if not the disc, where is it coming from?

    As limited in definition, public response from MS; its' impossible to terminate nature - I almost hope UnistackSvcGroup is good guys technology.


    • Edited by jrazor247 Sunday, February 26, 2017 12:06 PM spelling (its') added & the industry (antivirus vendors also)
    Sunday, February 26, 2017 11:59 AM
  • You can use Resource Monitor to suspend the instances of svchost.exe associated with UniStackSvcGroup.

    On my computer, this workaround stopped some obstructive dysfunction of the OS and some apps.

    Recently, suspending the processes associated with UniStackSvcGroup locks up the desktop and explorer interface.  So I must leave it running if I want to use my computer easily. I currently have 6/7 UniStackSvcGroup services running on 3 PIDs.

    It is interesting that the responses on forums to inquiries about UniStackSvcGroup do not include any information aside from what is visible via the OS.  Where is the Microsoft page describing these services?  More importantly, what intelligence level are these forum tactics targeting? A bunch of smart enthusiastic young people who don't know their entire digital world is virtualized, beta testing everything from music to games to chips to what news and technical excuses are believable.

    Again, I am on a filtered internet relatively isolated from public.  So my reply might be awkward.  I have come to accept that my computer and the internet is under the control of a militant organization.  They go as far as switching out my computer peripherals from my dwelling. So I live in a world where I pretty much have no rights, property, civil, or human. I am linking those that have turned my life into the Truman Show, with these computer tactics. I try to focus on computers, because it's an easily solvable technical problem representative of the politics that govern our lives. If I were able to think to write about reality, you would all revolt. If computers get fixed, then the next generation of our culture will use them to communicate, socialize, and grow their minds more freely.  Also, chips control everything these days, and through hacking every social opportunity is controlled.

    Monday, May 22, 2017 3:17 AM