Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.2.9200.16384 (win8_rtm.120725-1247) 0.57%
6.2.9200.16384 (win8_rtm.120725-1247) 0.60%
6.2.9200.16384 (win8_rtm.120725-1247) 1.14%
6.2.9200.16384 (win8_rtm.120725-1247) 9.23%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.07%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.07%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.03%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.07%
6.1.7600.16385 (win7_rtm.090713-1255) 17.05%
6.1.7600.16385 (win7_rtm.090713-1255) 30.70%
6.0.6000.16386 (vista_rtm.061101-2205) 4.63%
6.0.6000.16386 (vista_rtm.061101-2205) 0.03%
6.0.6000.16386 (vista_rtm.061101-2205) 0.30%
6.0.6000.16386 (vista_rtm.061101-2205) 1.04%
6.0.6000.16386 (vista_rtm.061101-2205) 0.30%
6.0.6000.16386 (vista_rtm.061101-2205) 0.03%
5.2.3790.4455 (srv03_sp2_gdr.090203-1205) 0.03%
5.2.3790.4455 (srv03_sp2_gdr.090203-1205) 0.03%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710) 0.03%
5.1.2600.5922 (xpsp_sp3_qfe.091223-1723) 1.17%
5.1.2600.5755 (xpsp_sp3_qfe.090206-1316) 0.13%
5.1.2600.5755 (xpsp_sp3_qfe.090206-1316) 1.34%
5.1.2600.5755 (xpsp_sp3_qfe.090206-1316) 0.23%
5.1.2600.5755 (xpsp_sp3_qfe.090206-1316) 0.44%
5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) 20.23%
View more

Relationships

Parent process
Child processes

PE structurePE file structure

Show functions
Import table
advapi32.dll
TraceMessage, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, ConvertSidToStringSidW, RevertToSelf, CreateProcessAsUserW, ImpersonateLoggedOnUser, InitiateSystemShutdownExW, OpenThreadToken, LsaClose, LsaFreeMemory, LsaLookupSids, LsaOpenPolicy, OpenProcessToken, EqualSid, AdjustTokenPrivileges, SetSecurityDescriptorDacl, AddAce, InitializeAcl, CopySid, GetLengthSid, GetSecurityDescriptorDacl, RegGetKeySecurity, RegSetKeySecurity, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, RegLoadMUIStringW, LsaManageSidNameMapping, LookupPrivilegeValueW, RegNotifyChangeKeyValue, LsaQueryInformationPolicy, SetTokenInformation, AddAccessAllowedAce, LsaEnumeratePrivileges, LsaLookupNames, FreeSid, AllocateAndInitializeSid, AllocateLocallyUniqueId, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSecurityDescriptorToStringSecurityDescriptorW, GetKernelObjectSecurity, LsaStorePrivateData, EventWrite, EventRegister, RegOpenKeyW, SystemFunction005, SystemFunction029, StartServiceCtrlDispatcherW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, ControlTraceW, EnableTrace, StartTraceW, CheckTokenMembership, LogonUserExExW
api-ms-win-core-crt-l1-1-0.dll
memcpy, wcschr, _wcslwr_s, wcsrchr, wcscat_s, memset, memcmp, _vsnwprintf_s, _wcsnicmp, wcstoul, _ltow_s, wcscspn, wcsstr, _wcsicmp, _wtol, wcsncmp, _ultow_s, _except_handler4_common
api-ms-win-core-crt-l2-1-0.dll
exit, _initterm, _initterm_e
api-ms-win-core-errorhandling-l1-1-0.dll
SetLastError, GetLastError, SetErrorMode, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll
SetLastError, GetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetErrorMode
api-ms-win-core-file-l1-1-0.dll
CreateFileW, SetFileInformationByHandle, FindNextFileW, FindClose, CreateDirectoryW, FindFirstFileW
api-ms-win-core-file-l1-2-0.dll
CreateDirectoryW, FindFirstFileW, SetFileInformationByHandle, FindClose, FindNextFileW, CreateFileW
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapFree, HeapCreate, HeapAlloc, HeapSetInformation
api-ms-win-core-heap-l1-2-0.dll
HeapAlloc, HeapSetInformation, HeapFree
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalAlloc, LocalFree
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange, InterlockedCompareExchange64
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedCompareExchange64, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-io-l1-1-0.dll
DeviceIoControl
api-ms-win-core-io-l1-1-1.dll
DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0.dll
GetModuleHandleW, GetProcAddress, FreeLibrary, LoadLibraryExW, GetModuleHandleA, LoadStringW
api-ms-win-core-libraryloader-l1-1-1.dll
LoadStringW, GetModuleHandleW, GetProcAddress, LoadLibraryExW, FreeLibrary
api-ms-win-core-localregistry-l1-1-0.dll
RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegGetKeySecurity, RegSetKeySecurity, RegNotifyChangeKeyValue, RegLoadMUIStringW, RegSetValueExW, RegCreateKeyExW
api-ms-win-core-misc-l1-1-0.dll
LocalFree, Sleep, lstrlenW, LocalAlloc
api-ms-win-core-processenvironment-l1-1-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-2-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0.dll
CreateProcessW, CreateThread, TerminateProcess, GetCurrentThreadId, OpenThreadToken, GetCurrentThread, GetProcessId, GetCurrentProcess, CreateProcessAsUserW, DeleteProcThreadAttributeList, UpdateProcThreadAttribute, InitializeProcThreadAttributeList, OpenProcessToken, ResumeThread, SetThreadPriority, ExitThread, SetProcessShutdownParameters, GetCurrentProcessId, GetProcessTimes
api-ms-win-core-processthreads-l1-1-1.dll
CreateThread, CreateProcessW, SetThreadPriority, GetCurrentThread, GetCurrentThreadId, TerminateProcess, GetProcessId, OpenThreadToken, GetCurrentProcess, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, DeleteProcThreadAttributeList, CreateProcessAsUserW, ResumeThread, OpenProcessToken, OpenProcess, GetProcessTimes, ExitThread, SetProcessShutdownParameters, GetCurrentProcessId
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegDeleteTreeW, RegNotifyChangeKeyValue, RegSetKeySecurity, RegGetKeySecurity, RegLoadMUIStringW, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW
api-ms-win-core-string-l1-1-0.dll
CompareStringW
api-ms-win-core-synch-l1-1-0.dll
LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, WaitForSingleObject, SetEvent, CreateEventW, ResetEvent, WaitForMultipleObjectsEx, OpenEventW, OpenProcess
api-ms-win-core-synch-l1-2-0.dll
AcquireSRWLockExclusive, OpenEventW, ResetEvent, WaitForMultipleObjectsEx, CreateEventW, SetEvent, WaitForSingleObject, Sleep, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, ReleaseSRWLockExclusive
api-ms-win-core-sysinfo-l1-1-0.dll
GetTickCount, GetSystemTimeAsFileTime, GetComputerNameExW, GetSystemTime, GetVersionExW
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount64, GetSystemTimeAsFileTime, GetComputerNameExW, GetVersionExW, GetSystemTime, GetTickCount
api-ms-win-core-threadpool-l1-2-0.dll
CreateThreadpoolCleanupGroup, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolCleanupGroupMembers, CloseThreadpoolCleanupGroup, CallbackMayRunLong, CloseThreadpoolWork
api-ms-win-security-base-l1-1-0.dll
SetSecurityDescriptorDacl, AdjustTokenPrivileges, EqualSid, ImpersonateLoggedOnUser, RevertToSelf, GetLengthSid, CopySid, CheckTokenMembership, GetTokenInformation, AddAce, InitializeAcl, GetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, SetTokenInformation, AddAccessAllowedAce, AllocateAndInitializeSid, AllocateLocallyUniqueId, FreeSid, SetKernelObjectSecurity, GetKernelObjectSecurity
api-ms-win-security-base-l1-2-0.dll
AddAccessAllowedAce, SetKernelObjectSecurity, GetKernelObjectSecurity, FreeSid, AllocateAndInitializeSid, AllocateLocallyUniqueId, SetSecurityDescriptorDacl, AddAce, InitializeAcl, GetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, EqualSid, AdjustTokenPrivileges, RevertToSelf, ImpersonateLoggedOnUser, CopySid, GetLengthSid, CheckTokenMembership, GetTokenInformation, SetTokenInformation
api-ms-win-security-lsalookup-l1-1-0.dll
LsaLookupFreeMemory, LsaLookupTranslateSids, LsaLookupOpenLocalPolicy, LsaLookupManageSidNameMapping, LsaLookupGetDomainInfo, LsaLookupTranslateNames, LsaLookupClose
api-ms-win-security-lsalookup-l1-1-1.dll
LsaLookupOpenLocalPolicy, LsaLookupFreeMemory, LsaLookupClose, LsaLookupManageSidNameMapping, LsaLookupGetDomainInfo, LsaLookupTranslateNames, LsaLookupTranslateSids
api-ms-win-security-sddl-l1-1-0.dll
ConvertSecurityDescriptorToStringSecurityDescriptorW, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW
cryptbase.dll
SystemFunction005, SystemFunction029
kernel32.dll
InterlockedCompareExchange64, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, HeapAlloc, FreeLibrary, GetProcAddress, LoadLibraryW, GetModuleHandleW, TransactNamedPipe, WriteFile, GetTickCount, DuplicateHandle, GetCurrentProcess, GetSystemTimeAsFileTime, CreateEventW, SetEvent, GetCurrentThread, ResetEvent, DeviceIoControl, CreateFileW, GetProcessId, ResumeThread, GetCurrentProcessId, GetDriveTypeW, OpenEventW, GetComputerNameW, CompareStringW, SetThreadPriority, ExitThread, SetProcessShutdownParameters, SetConsoleCtrlHandler, HeapSetInformation, SetErrorMode, SetUnhandledExceptionFilter, GetProcessTimes, OpenProcess, InterlockedCompareExchange, LoadLibraryA, HeapCreate, WaitForSingleObject, TerminateProcess, HeapFree, InitializeCriticalSection, CreateThread, ExpandEnvironmentStringsW, CreateProcessW, GetLastError, CloseHandle, SetLastError, EnterCriticalSection, LeaveCriticalSection, Sleep, LocalFree, LocalAlloc, GetEnvironmentVariableW, CreateDirectoryW, FindFirstFileW, FindClose, lstrlenW, FindNextFileW, MoveFileExW, GetVersionExW, GetSystemTime, GetExitCodeThread, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, InterlockedExchange, DelayLoadFailureHook, ConnectNamedPipe
msvcrt.dll
DllMain
ncobjapi.dll
WmiCreateObjectWithFormat, WmiEventSourceConnect, WmiSetAndCommitObject
ntdll.dll
DllMain, EtwRegisterTraceGuidsW, RtlUnicodeStringToInteger, RtlSetLastWin32Error, NtTraceControl, RtlInitializeCriticalSection, NtQueueApcThread, NtOpenThread, EvtIntReportEventAndSourceAsync, RtlSetProcessIsCritical, NtOpenProcessToken, NtSetInformationProcess, NtSetEvent, EtwEventRegister, EtwEventWrite, RtlFreeHeap, NtDeleteFile, NtQueryDirectoryFile, NtWaitForSingleObject, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, NtQueryInformationFile, NtSetInformationFile, NtFilterToken, RtlCopyUnicodeString, RtlMapGenericMask, RtlValidRelativeSecurityDescriptor, RtlSetSecurityObject, RtlQuerySecurityObject, NtQueryInformationToken, NtDuplicateToken, NtAdjustPrivilegesToken, NtSetInformationThread, NtAccessCheckAndAuditAlarm, NtAccessCheck, NtOpenThreadToken, NtPrivilegeCheck, NtPrivilegeObjectAuditAlarm, WinSqmAddToStream, RtlSetEnvironmentVariable, RtlLengthSecurityDescriptor, RtlValidSecurityDescriptor, RtlSetControlSecurityDescriptor, NtDeleteKey, RtlSubAuthoritySid, NtOpenKey, NtEnumerateKey, NtDeleteValueKey, NtSetValueKey, NtQueryValueKey, NtCreateKey, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlCreateServiceSid, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, NtLoadDriver, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlCompareUnicodeString, NtUnloadDriver, DbgPrintEx, RtlAdjustPrivilege, RtlExpandEnvironmentStrings_U, RtlInitializeSRWLock, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAcquireSRWLockShared, NtDeleteObjectAuditAlarm, RtlReleaseSRWLockShared, RtlAreAllAccessesGranted, NtCloseObjectAuditAlarm, RtlDeregisterWait, RtlQueueWorkItem, RtlCopyLuid, RtlDeleteSecurityObject, RtlAcquireSRWLockExclusive, RtlReleaseSRWLockExclusive, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, EtwTraceMessage, RtlUnhandledExceptionFilter, NtQuerySystemInformation, RtlNtStatusToDosErrorNoTeb, RtlInitializeSid, RtlAllocateHeap, RtlLengthRequiredSid, RtlSubAuthorityCountSid, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNewSecurityObject, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlUnicodeStringToAnsiString, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, RtlAddAccessAllowedAce, RtlEqualSid, RtlGetOwnerSecurityDescriptor, NtDisplayString, TpReleaseWait, RtlInitUnicodeStringEx, TpAllocWait, NtDeleteWnfStateName, RtlPublishWnfStateData, NtCreateWnfStateName, TpSetWait, RtlAbsoluteToSelfRelativeSD, RtlAddAccessDeniedAce, RtlGetAce, RtlGetDaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, NtDelayExecution, NtRaiseHardError, RtlConnectToSm, RtlSendMsgToSm
rpcrt4.dll
UuidCreate, RpcAsyncAbortCall, RpcServerUnsubscribeForNotification, UuidEqual, RpcServerUseProtseqEpW, RpcServerRegisterIfEx, RpcServerUseProtseqW, RpcServerInqBindings, RpcBindingToStringBindingW, RpcStringBindingParseW, RpcStringFreeW, RpcEpRegisterW, RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, UuidCreateNil, I_RpcMapWin32Status, RpcServerInqCallAttributesW, RpcAsyncCompleteCall, RpcServerInqBindingHandle, RpcImpersonateClient, RpcRevertToSelf, I_RpcBindingInqLocalClientPID, I_RpcBindingIsClientLocal, I_RpcSessionStrictContextHandle, NdrServerCall2, NdrAsyncServerCall, RpcSsGetContextBinding, RpcServerInqCallAttributesA, RpcBindingServerFromClient, RpcBindingFree, RpcBindingVectorFree, RpcServerSubscribeForNotification, UuidFromStringW, RpcServerUnregisterIf, RpcMgmtWaitServerListen, RpcMgmtStopServerListening, RpcServerUnregisterIfEx, RpcServerRegisterIf, RpcServerListen, I_RpcExceptionFilter, NdrAsyncClientCall, RpcAsyncInitializeHandle, NdrClientCall2, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcEpResolveBinding, RpcServerRegisterIf3, RpcEpUnregister
scesrv.dll
ScesrvTerminateServer, ScesrvInitializeServer
sspicli.dll
LogonUserExExW
user32.dll
BroadcastSystemMessageW, LoadStringW, RegisterServicesProcess
userenv.dll
UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock

services.exe

Services and Controller app by Microsoft

Remove services.exe
Version:   6.0.6000.16386 (vista_rtm.061101-2205)
MD5:   934e0b7d77ff78c18d9f8891221b6de3
SHA1:   a1af1d6829236b5bd9980175f8aedd9f9ff3f4b0
SHA256:   bb1acd3cd6482d8b7c5931e8733b8094d2ce59c4fbc4012bd0799c8dc367fb74
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is services.exe?

Service Control Manager (SCM) is a special system process which starts, stops and interacts with Windows service processes. The SCM executable, Services.exe, runs as a Windows console program, and is launched by the Wininit process early during the system startup.

Overview

services.exe executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges) typically within the context of its parent wininit.exe (Windows Start-Up Application by Microsoft). This is the Service Service Control Manager for Windows wich is responsible for controlling most Windows services. This version is designed to run on Windows Vista and is compiled as a 64 bit program.

DetailsDetails

File name:services.exe
Publisher:Microsoft Corporation
Product name:Services and Controller app
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\services.exe
Original name:services.exe.mui
File version:6.0.6000.16386 (vista_rtm.061101-2205)
Product version:6.0.6000.16386
Size:375.5 KB (384,512 bytes)
Digital DNA
Entropy:6.449338
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.01006586%
0.028634%
Kernel CPU:0.00593235%
0.013761%
User CPU:0.00413350%
0.014873%
Kernel CPU time:29,767,958 ms/min
100,923,805ms/min
CPU cycles:1,576,184/sec
17,470,203/sec
Context switches:43/sec
284/sec
Memory
Private memory:3.75 MB
21.59 MB
Private (maximum):8.66 MB
Private (minimum):7.01 MB
Non-paged memory:3.75 MB
21.59 MB
Virtual memory:48.4 MB
140.96 MB
Virtual memory (peak):62.03 MB
169.69 MB
Working set:7.87 MB
18.61 MB
Working set (peak):9.31 MB
37.95 MB
Page faults:46,778/min
2,039/min
I/O
I/O read transfer:7.27 KB/sec
1.02 MB/min
I/O read operations:2/sec
343/min
I/O write transfer:30.49 KB/sec
274.99 KB/min
I/O write operations:8/sec
227/min
I/O other transfer:5.14 KB/sec
448.09 KB/min
I/O other operations:167/sec
1,671/min
Resource allocations
Threads:7
12
Handles:294
600

BehaviorsProcess properties

Integrety level:System
Platform:64-bit
Command line:C:\Windows\System32\services.exe
Owner:SYSTEM
Parent process:wininit.exe (Windows Start-Up Application by Microsoft)

ResourcesThreads

Averages
 
RPCRT4.dll
Total CPU:0.12509265%
0.272967%
Kernel CPU:0.10301745%
0.107585%
User CPU:0.02207520%
0.165382%
CPU cycles:1,543,227/sec
5,741,424/sec
Context switches:13/sec
79/sec
Memory:1.26 MB
1.16 MB
ntdll.dll
Total CPU:0.00002373%
Kernel CPU:0.00002373%
User CPU:0.00000000%
CPU cycles:282/sec
Memory:1.52 MB
NCObjAPI.DLL
Total CPU:0.00001290%
Kernel CPU:0.00000561%
User CPU:0.00000729%
CPU cycles:300/sec
Memory:88 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 56.00%
Windows 7 Ultimate 26.50%
Windows 7 Professional 8.50%
Windows 7 Home Basic 3.50%
Windows Vista Home Premium 3.50%
Windows 7 Starter 1.00%
Windows Seven Black Edition 0.50%
Windows Vista Home Basic 0.50%

Distribution by countryDistribution by country

United States installs about 46.73% of Services and Controller app.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 26.22%
Hewlett-Packard 18.73%
ASUS 13.48%
Acer 12.73%
Toshiba 11.99%
Sony 3.75%
Lenovo 3.75%
Samsung 2.25%
GIGABYTE 2.25%
MSI 1.50%
Alienware 0.75%
Medion 0.75%
Intel 0.75%
Gateway 0.75%
Sahara 0.37%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE