Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.2.9200.16384 (win8_rtm.120725-1247) 0.67%
6.2.9200.16384 (win8_rtm.120725-1247) 0.71%
6.2.9200.16384 (win8_rtm.120725-1247) 1.35%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.08%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.08%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.04%
6.1.7600.16385 (win7_rtm.090713-1255) 20.13%
6.1.7600.16385 (win7_rtm.090713-1255) 36.27%
6.0.6000.16386 (vista_rtm.061101-2205) 5.47%
6.0.6000.16386 (vista_rtm.061101-2205) 0.04%
6.0.6000.16386 (vista_rtm.061101-2205) 0.36%
6.0.6000.16386 (vista_rtm.061101-2205) 1.23%
6.0.6000.16386 (vista_rtm.061101-2205) 0.36%
5.2.3790.4455 (srv03_sp2_gdr.090203-1205) 0.04%
5.1.2600.5922 (xpsp_sp3_qfe.091223-1723) 1.39%
5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) 23.90%
5.1.2600.5512 (xpsp.080413-2111) 1.82%
5.1.2600.3520 (xpsp_sp2_qfe.090206-1239) 0.24%
5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) 1.23%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) 4.60%

Relationships

Parent process
Child processes

PE structurePE file structure

Show functions
Import table
advapi32.dll
TraceMessage, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, ConvertSidToStringSidW, RevertToSelf, CreateProcessAsUserW, ImpersonateLoggedOnUser, InitiateSystemShutdownExW, OpenThreadToken, LsaClose, LsaFreeMemory, LsaLookupSids, LsaOpenPolicy, OpenProcessToken, EqualSid, AdjustTokenPrivileges, SetSecurityDescriptorDacl, AddAce, InitializeAcl, CopySid, GetLengthSid, GetSecurityDescriptorDacl, RegGetKeySecurity, RegSetKeySecurity, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, RegLoadMUIStringW, LsaManageSidNameMapping, LookupPrivilegeValueW, RegNotifyChangeKeyValue, LsaQueryInformationPolicy, SetTokenInformation, AddAccessAllowedAce, LsaEnumeratePrivileges, LsaLookupNames, FreeSid, AllocateAndInitializeSid, AllocateLocallyUniqueId, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSecurityDescriptorToStringSecurityDescriptorW, GetKernelObjectSecurity, LsaStorePrivateData, EventWrite, EventRegister, RegOpenKeyW, SystemFunction005, SystemFunction029, StartServiceCtrlDispatcherW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, ControlTraceW, EnableTrace, StartTraceW, CheckTokenMembership, LogonUserExExW
api-ms-win-core-crt-l1-1-0.dll
memcpy, wcschr, _wcslwr_s, wcsrchr, wcscat_s, memset, memcmp, _vsnwprintf_s, _wcsnicmp, wcstoul, _ltow_s, wcscspn, wcsstr, _wcsicmp, _wtol, wcsncmp, _ultow_s, _except_handler4_common
api-ms-win-core-crt-l2-1-0.dll
exit, _initterm, _initterm_e
api-ms-win-core-errorhandling-l1-1-0.dll
SetLastError, GetLastError, SetErrorMode, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll
SetLastError, GetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetErrorMode
api-ms-win-core-file-l1-1-0.dll
CreateFileW, SetFileInformationByHandle, FindNextFileW, FindClose, CreateDirectoryW, FindFirstFileW
api-ms-win-core-file-l1-2-0.dll
CreateDirectoryW, FindFirstFileW, SetFileInformationByHandle, FindClose, FindNextFileW, CreateFileW
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapFree, HeapCreate, HeapAlloc, HeapSetInformation
api-ms-win-core-heap-l1-2-0.dll
HeapAlloc, HeapSetInformation, HeapFree
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalAlloc, LocalFree
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange, InterlockedCompareExchange64
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedCompareExchange64, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-io-l1-1-0.dll
DeviceIoControl
api-ms-win-core-io-l1-1-1.dll
DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0.dll
GetModuleHandleW, GetProcAddress, FreeLibrary, LoadLibraryExW, GetModuleHandleA, LoadStringW
api-ms-win-core-libraryloader-l1-1-1.dll
LoadStringW, GetModuleHandleW, GetProcAddress, LoadLibraryExW, FreeLibrary
api-ms-win-core-localregistry-l1-1-0.dll
RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegGetKeySecurity, RegSetKeySecurity, RegNotifyChangeKeyValue, RegLoadMUIStringW, RegSetValueExW, RegCreateKeyExW
api-ms-win-core-misc-l1-1-0.dll
LocalFree, Sleep, lstrlenW, LocalAlloc
api-ms-win-core-processenvironment-l1-1-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-2-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0.dll
CreateProcessW, CreateThread, TerminateProcess, GetCurrentThreadId, OpenThreadToken, GetCurrentThread, GetProcessId, GetCurrentProcess, CreateProcessAsUserW, DeleteProcThreadAttributeList, UpdateProcThreadAttribute, InitializeProcThreadAttributeList, OpenProcessToken, ResumeThread, SetThreadPriority, ExitThread, SetProcessShutdownParameters, GetCurrentProcessId, GetProcessTimes
api-ms-win-core-processthreads-l1-1-1.dll
CreateThread, CreateProcessW, SetThreadPriority, GetCurrentThread, GetCurrentThreadId, TerminateProcess, GetProcessId, OpenThreadToken, GetCurrentProcess, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, DeleteProcThreadAttributeList, CreateProcessAsUserW, ResumeThread, OpenProcessToken, OpenProcess, GetProcessTimes, ExitThread, SetProcessShutdownParameters, GetCurrentProcessId
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegDeleteTreeW, RegNotifyChangeKeyValue, RegSetKeySecurity, RegGetKeySecurity, RegLoadMUIStringW, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW
api-ms-win-core-string-l1-1-0.dll
CompareStringW
api-ms-win-core-synch-l1-1-0.dll
LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, WaitForSingleObject, SetEvent, CreateEventW, ResetEvent, WaitForMultipleObjectsEx, OpenEventW, OpenProcess
api-ms-win-core-synch-l1-2-0.dll
AcquireSRWLockExclusive, OpenEventW, ResetEvent, WaitForMultipleObjectsEx, CreateEventW, SetEvent, WaitForSingleObject, Sleep, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, ReleaseSRWLockExclusive
api-ms-win-core-sysinfo-l1-1-0.dll
GetTickCount, GetSystemTimeAsFileTime, GetComputerNameExW, GetSystemTime, GetVersionExW
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount64, GetSystemTimeAsFileTime, GetComputerNameExW, GetVersionExW, GetSystemTime, GetTickCount
api-ms-win-core-threadpool-l1-2-0.dll
CreateThreadpoolCleanupGroup, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolCleanupGroupMembers, CloseThreadpoolCleanupGroup, CallbackMayRunLong, CloseThreadpoolWork
api-ms-win-security-base-l1-1-0.dll
SetSecurityDescriptorDacl, AdjustTokenPrivileges, EqualSid, ImpersonateLoggedOnUser, RevertToSelf, GetLengthSid, CopySid, CheckTokenMembership, GetTokenInformation, AddAce, InitializeAcl, GetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, SetTokenInformation, AddAccessAllowedAce, AllocateAndInitializeSid, AllocateLocallyUniqueId, FreeSid, SetKernelObjectSecurity, GetKernelObjectSecurity
api-ms-win-security-base-l1-2-0.dll
AddAccessAllowedAce, SetKernelObjectSecurity, GetKernelObjectSecurity, FreeSid, AllocateAndInitializeSid, AllocateLocallyUniqueId, SetSecurityDescriptorDacl, AddAce, InitializeAcl, GetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, EqualSid, AdjustTokenPrivileges, RevertToSelf, ImpersonateLoggedOnUser, CopySid, GetLengthSid, CheckTokenMembership, GetTokenInformation, SetTokenInformation
api-ms-win-security-lsalookup-l1-1-0.dll
LsaLookupFreeMemory, LsaLookupTranslateSids, LsaLookupOpenLocalPolicy, LsaLookupManageSidNameMapping, LsaLookupGetDomainInfo, LsaLookupTranslateNames, LsaLookupClose
api-ms-win-security-lsalookup-l1-1-1.dll
LsaLookupOpenLocalPolicy, LsaLookupFreeMemory, LsaLookupClose, LsaLookupManageSidNameMapping, LsaLookupGetDomainInfo, LsaLookupTranslateNames, LsaLookupTranslateSids
api-ms-win-security-sddl-l1-1-0.dll
ConvertSecurityDescriptorToStringSecurityDescriptorW, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW
cryptbase.dll
SystemFunction005, SystemFunction029
kernel32.dll
InterlockedCompareExchange64, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, HeapAlloc, FreeLibrary, GetProcAddress, LoadLibraryW, GetModuleHandleW, TransactNamedPipe, WriteFile, GetTickCount, DuplicateHandle, GetCurrentProcess, GetSystemTimeAsFileTime, CreateEventW, SetEvent, GetCurrentThread, ResetEvent, DeviceIoControl, CreateFileW, GetProcessId, ResumeThread, GetCurrentProcessId, GetDriveTypeW, OpenEventW, GetComputerNameW, CompareStringW, SetThreadPriority, ExitThread, SetProcessShutdownParameters, SetConsoleCtrlHandler, HeapSetInformation, SetErrorMode, SetUnhandledExceptionFilter, GetProcessTimes, OpenProcess, InterlockedCompareExchange, LoadLibraryA, HeapCreate, WaitForSingleObject, TerminateProcess, HeapFree, InitializeCriticalSection, CreateThread, ExpandEnvironmentStringsW, CreateProcessW, GetLastError, CloseHandle, SetLastError, EnterCriticalSection, LeaveCriticalSection, Sleep, LocalFree, LocalAlloc, GetEnvironmentVariableW, CreateDirectoryW, FindFirstFileW, FindClose, lstrlenW, FindNextFileW, MoveFileExW, GetVersionExW, GetSystemTime, GetExitCodeThread, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, InterlockedExchange, DelayLoadFailureHook, ConnectNamedPipe
msvcrt.dll
DllMain
ncobjapi.dll
WmiCreateObjectWithFormat, WmiEventSourceConnect, WmiSetAndCommitObject
ntdll.dll
DllMain, EtwRegisterTraceGuidsW, RtlUnicodeStringToInteger, RtlSetLastWin32Error, NtTraceControl, RtlInitializeCriticalSection, NtQueueApcThread, NtOpenThread, EvtIntReportEventAndSourceAsync, RtlSetProcessIsCritical, NtOpenProcessToken, NtSetInformationProcess, NtSetEvent, EtwEventRegister, EtwEventWrite, RtlFreeHeap, NtDeleteFile, NtQueryDirectoryFile, NtWaitForSingleObject, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, NtQueryInformationFile, NtSetInformationFile, NtFilterToken, RtlCopyUnicodeString, RtlMapGenericMask, RtlValidRelativeSecurityDescriptor, RtlSetSecurityObject, RtlQuerySecurityObject, NtQueryInformationToken, NtDuplicateToken, NtAdjustPrivilegesToken, NtSetInformationThread, NtAccessCheckAndAuditAlarm, NtAccessCheck, NtOpenThreadToken, NtPrivilegeCheck, NtPrivilegeObjectAuditAlarm, WinSqmAddToStream, RtlSetEnvironmentVariable, RtlLengthSecurityDescriptor, RtlValidSecurityDescriptor, RtlSetControlSecurityDescriptor, NtDeleteKey, RtlSubAuthoritySid, NtOpenKey, NtEnumerateKey, NtDeleteValueKey, NtSetValueKey, NtQueryValueKey, NtCreateKey, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlCreateServiceSid, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, NtLoadDriver, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlCompareUnicodeString, NtUnloadDriver, DbgPrintEx, RtlAdjustPrivilege, RtlExpandEnvironmentStrings_U, RtlInitializeSRWLock, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAcquireSRWLockShared, NtDeleteObjectAuditAlarm, RtlReleaseSRWLockShared, RtlAreAllAccessesGranted, NtCloseObjectAuditAlarm, RtlDeregisterWait, RtlQueueWorkItem, RtlCopyLuid, RtlDeleteSecurityObject, RtlAcquireSRWLockExclusive, RtlReleaseSRWLockExclusive, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, EtwTraceMessage, RtlUnhandledExceptionFilter, NtQuerySystemInformation, RtlNtStatusToDosErrorNoTeb, RtlInitializeSid, RtlAllocateHeap, RtlLengthRequiredSid, RtlSubAuthorityCountSid, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNewSecurityObject, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlUnicodeStringToAnsiString, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, RtlAddAccessAllowedAce, RtlEqualSid, RtlGetOwnerSecurityDescriptor, NtDisplayString, TpReleaseWait, RtlInitUnicodeStringEx, TpAllocWait, NtDeleteWnfStateName, RtlPublishWnfStateData, NtCreateWnfStateName, TpSetWait, RtlAbsoluteToSelfRelativeSD, RtlAddAccessDeniedAce, RtlGetAce, RtlGetDaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, NtDelayExecution, NtRaiseHardError, RtlConnectToSm, RtlSendMsgToSm
rpcrt4.dll
UuidCreate, RpcAsyncAbortCall, RpcServerUnsubscribeForNotification, UuidEqual, RpcServerUseProtseqEpW, RpcServerRegisterIfEx, RpcServerUseProtseqW, RpcServerInqBindings, RpcBindingToStringBindingW, RpcStringBindingParseW, RpcStringFreeW, RpcEpRegisterW, RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, UuidCreateNil, I_RpcMapWin32Status, RpcServerInqCallAttributesW, RpcAsyncCompleteCall, RpcServerInqBindingHandle, RpcImpersonateClient, RpcRevertToSelf, I_RpcBindingInqLocalClientPID, I_RpcBindingIsClientLocal, I_RpcSessionStrictContextHandle, NdrServerCall2, NdrAsyncServerCall, RpcSsGetContextBinding, RpcServerInqCallAttributesA, RpcBindingServerFromClient, RpcBindingFree, RpcBindingVectorFree, RpcServerSubscribeForNotification, UuidFromStringW, RpcServerUnregisterIf, RpcMgmtWaitServerListen, RpcMgmtStopServerListening, RpcServerUnregisterIfEx, RpcServerRegisterIf, RpcServerListen, I_RpcExceptionFilter, NdrAsyncClientCall, RpcAsyncInitializeHandle, NdrClientCall2, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcEpResolveBinding, RpcServerRegisterIf3, RpcEpUnregister
scesrv.dll
ScesrvTerminateServer, ScesrvInitializeServer
sspicli.dll
LogonUserExExW
user32.dll
BroadcastSystemMessageW, LoadStringW, RegisterServicesProcess
userenv.dll
UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock

services.exe

Services and Controller app by Microsoft

Remove services.exe
Version:   6.2.8400.0 (winmain_win8rc.120518-1423)
MD5:   b5643cd44ef5f7514d1c6ba2fbbd5e7e
SHA1:   e4f8e812d9468347615dc3e6af3cdf71dabe45ad
SHA256:   b0ac6880246380f7afaf44607fefe0270cca568c9d39d1874394137d24ba25ec
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is services.exe?

Service Control Manager (SCM) is a special system process which starts, stops and interacts with Windows service processes. The SCM executable, Services.exe, runs as a Windows console program, and is launched by the Wininit process early during the system startup.

Overview

services.exe executes as a process with the local user's privileges typically within the context of its parent wininit.exe (Windows Start-Up Application by Microsoft). This is the Service Service Control Manager for Windows wich is responsible for controlling most Windows services. This version is installed on Windows 8 and is compiled as a 64 bit program.

DetailsDetails

File name:services.exe
Publisher:Microsoft Corporation
Product name:Services and Controller app
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\services.exe
Original name:services.exe.mui
File version:6.2.8400.0 (winmain_win8rc.120518-1423)
Product version:6.2.8400.0
Size:398.5 KB (408,064 bytes)
Digital DNA
Entropy:6.449338
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00629156%
0.028634%
Kernel CPU:0.00355211%
0.013761%
User CPU:0.00273946%
0.014873%
Kernel CPU time:51,168,718 ms/min
100,923,805ms/min
Context switches:162/sec
284/sec
Memory
Private memory:4.23 MB
21.59 MB
Private (maximum):8.88 MB
Private (minimum):8.33 MB
Non-paged memory:4.23 MB
21.59 MB
Virtual memory:43.73 MB
140.96 MB
Virtual memory (peak):54.14 MB
169.69 MB
Working set:8.83 MB
18.61 MB
Working set (peak):14.35 MB
37.95 MB
Resource allocations
Threads:12
12
Handles:263
600

BehaviorsProcess properties

Integrety level:Undefined
Platform:64-bit
Command line:C:\Windows\System32\services.exe
Owner:User
Parent process:wininit.exe (Windows Start-Up Application by Microsoft)

ResourcesThreads

Averages
 
ntdll.dll
Total CPU:0.01338057%
0.272967%
Kernel CPU:0.01158286%
0.107585%
User CPU:0.00179772%
0.165382%
CPU cycles:223,170/sec
5,741,424/sec
Context switches:3/sec
79/sec
Memory:1.75 MB
1.16 MB
UBPM.dll
Total CPU:0.00056089%
Kernel CPU:0.00000000%
User CPU:0.00056089%
CPU cycles:14,324/sec
Memory:328 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 56.00%
Windows 7 Ultimate 26.50%
Windows 7 Professional 8.50%
Windows 7 Home Basic 3.50%
Windows Vista Home Premium 3.50%
Windows 7 Starter 1.00%
Windows Seven Black Edition 0.50%
Windows Vista Home Basic 0.50%

Distribution by countryDistribution by country

United States installs about 46.73% of Services and Controller app.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 26.22%
Hewlett-Packard 18.73%
ASUS 13.48%
Acer 12.73%
Toshiba 11.99%
Sony 3.75%
Lenovo 3.75%
Samsung 2.25%
GIGABYTE 2.25%
MSI 1.50%
Alienware 0.75%
Medion 0.75%
Intel 0.75%
Gateway 0.75%
Sahara 0.37%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE