There are several tools to do this, and there are several services.
There are also several scammers who will take your funds!
Be very careful who you trust, don't send your wallet.dat to anyone (1 million possibilities is very easy to brute-force), and ignore all "offers" you get through PM!
I second this.
I'd urge the op to do his own brute-forcing. This tool worked wonders for me in the past:
https://github.com/gurnec/btcrecoverI can't imagine it taking long to brute force a password that only consists of 6 numbers... I wouldn't risk getting scammed by using an external service.