Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.2.9200.16384 (win8_rtm.120725-1247) 0.67%
6.2.9200.16384 (win8_rtm.120725-1247) 0.71%
6.2.9200.16384 (win8_rtm.120725-1247) 1.35%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.08%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.08%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.04%
6.1.7600.16385 (win7_rtm.090713-1255) 20.13%
6.1.7600.16385 (win7_rtm.090713-1255) 36.27%
6.0.6000.16386 (vista_rtm.061101-2205) 5.47%
6.0.6000.16386 (vista_rtm.061101-2205) 0.04%
6.0.6000.16386 (vista_rtm.061101-2205) 0.36%
6.0.6000.16386 (vista_rtm.061101-2205) 1.23%
6.0.6000.16386 (vista_rtm.061101-2205) 0.36%
5.2.3790.4455 (srv03_sp2_gdr.090203-1205) 0.04%
5.1.2600.5922 (xpsp_sp3_qfe.091223-1723) 1.39%
5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) 23.90%
5.1.2600.5512 (xpsp.080413-2111) 1.82%
5.1.2600.3520 (xpsp_sp2_qfe.090206-1239) 0.24%
5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) 1.23%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) 4.60%

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
TraceMessage, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, ConvertSidToStringSidW, RevertToSelf, CreateProcessAsUserW, ImpersonateLoggedOnUser, InitiateSystemShutdownExW, OpenThreadToken, LsaClose, LsaFreeMemory, LsaLookupSids, LsaOpenPolicy, OpenProcessToken, EqualSid, AdjustTokenPrivileges, SetSecurityDescriptorDacl, AddAce, InitializeAcl, CopySid, GetLengthSid, GetSecurityDescriptorDacl, RegGetKeySecurity, RegSetKeySecurity, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, RegLoadMUIStringW, LsaManageSidNameMapping, LookupPrivilegeValueW, RegNotifyChangeKeyValue, LsaQueryInformationPolicy, SetTokenInformation, AddAccessAllowedAce, LsaEnumeratePrivileges, LsaLookupNames, FreeSid, AllocateAndInitializeSid, AllocateLocallyUniqueId, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSecurityDescriptorToStringSecurityDescriptorW, GetKernelObjectSecurity, LsaStorePrivateData, EventWrite, EventRegister, RegOpenKeyW, SystemFunction005, SystemFunction029, StartServiceCtrlDispatcherW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, ControlTraceW, EnableTrace, StartTraceW, CheckTokenMembership, LogonUserExExW
api-ms-win-core-crt-l1-1-0.dll
memcpy, wcschr, _wcslwr_s, wcsrchr, wcscat_s, memset, memcmp, _vsnwprintf_s, _wcsnicmp, wcstoul, _ltow_s, wcscspn, wcsstr, _wcsicmp, _wtol, wcsncmp, _ultow_s, _except_handler4_common
api-ms-win-core-crt-l2-1-0.dll
exit, _initterm, _initterm_e
api-ms-win-core-errorhandling-l1-1-0.dll
SetLastError, GetLastError, SetErrorMode, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll
SetLastError, GetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetErrorMode
api-ms-win-core-file-l1-1-0.dll
CreateFileW, SetFileInformationByHandle, FindNextFileW, FindClose, CreateDirectoryW, FindFirstFileW
api-ms-win-core-file-l1-2-0.dll
CreateDirectoryW, FindFirstFileW, SetFileInformationByHandle, FindClose, FindNextFileW, CreateFileW
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapFree, HeapCreate, HeapAlloc, HeapSetInformation
api-ms-win-core-heap-l1-2-0.dll
HeapAlloc, HeapSetInformation, HeapFree
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalAlloc, LocalFree
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange, InterlockedCompareExchange64
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedCompareExchange64, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-io-l1-1-0.dll
DeviceIoControl
api-ms-win-core-io-l1-1-1.dll
DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0.dll
GetModuleHandleW, GetProcAddress, FreeLibrary, LoadLibraryExW, GetModuleHandleA, LoadStringW
api-ms-win-core-libraryloader-l1-1-1.dll
LoadStringW, GetModuleHandleW, GetProcAddress, LoadLibraryExW, FreeLibrary
api-ms-win-core-localregistry-l1-1-0.dll
RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegGetKeySecurity, RegSetKeySecurity, RegNotifyChangeKeyValue, RegLoadMUIStringW, RegSetValueExW, RegCreateKeyExW
api-ms-win-core-misc-l1-1-0.dll
LocalFree, Sleep, lstrlenW, LocalAlloc
api-ms-win-core-processenvironment-l1-1-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-2-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0.dll
CreateProcessW, CreateThread, TerminateProcess, GetCurrentThreadId, OpenThreadToken, GetCurrentThread, GetProcessId, GetCurrentProcess, CreateProcessAsUserW, DeleteProcThreadAttributeList, UpdateProcThreadAttribute, InitializeProcThreadAttributeList, OpenProcessToken, ResumeThread, SetThreadPriority, ExitThread, SetProcessShutdownParameters, GetCurrentProcessId, GetProcessTimes
api-ms-win-core-processthreads-l1-1-1.dll
CreateThread, CreateProcessW, SetThreadPriority, GetCurrentThread, GetCurrentThreadId, TerminateProcess, GetProcessId, OpenThreadToken, GetCurrentProcess, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, DeleteProcThreadAttributeList, CreateProcessAsUserW, ResumeThread, OpenProcessToken, OpenProcess, GetProcessTimes, ExitThread, SetProcessShutdownParameters, GetCurrentProcessId
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegDeleteTreeW, RegNotifyChangeKeyValue, RegSetKeySecurity, RegGetKeySecurity, RegLoadMUIStringW, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW
api-ms-win-core-string-l1-1-0.dll
CompareStringW
api-ms-win-core-synch-l1-1-0.dll
LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, WaitForSingleObject, SetEvent, CreateEventW, ResetEvent, WaitForMultipleObjectsEx, OpenEventW, OpenProcess
api-ms-win-core-synch-l1-2-0.dll
AcquireSRWLockExclusive, OpenEventW, ResetEvent, WaitForMultipleObjectsEx, CreateEventW, SetEvent, WaitForSingleObject, Sleep, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, ReleaseSRWLockExclusive
api-ms-win-core-sysinfo-l1-1-0.dll
GetTickCount, GetSystemTimeAsFileTime, GetComputerNameExW, GetSystemTime, GetVersionExW
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount64, GetSystemTimeAsFileTime, GetComputerNameExW, GetVersionExW, GetSystemTime, GetTickCount
api-ms-win-core-threadpool-l1-2-0.dll
CreateThreadpoolCleanupGroup, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolCleanupGroupMembers, CloseThreadpoolCleanupGroup, CallbackMayRunLong, CloseThreadpoolWork
api-ms-win-security-base-l1-1-0.dll
SetSecurityDescriptorDacl, AdjustTokenPrivileges, EqualSid, ImpersonateLoggedOnUser, RevertToSelf, GetLengthSid, CopySid, CheckTokenMembership, GetTokenInformation, AddAce, InitializeAcl, GetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, SetTokenInformation, AddAccessAllowedAce, AllocateAndInitializeSid, AllocateLocallyUniqueId, FreeSid, SetKernelObjectSecurity, GetKernelObjectSecurity
api-ms-win-security-base-l1-2-0.dll
AddAccessAllowedAce, SetKernelObjectSecurity, GetKernelObjectSecurity, FreeSid, AllocateAndInitializeSid, AllocateLocallyUniqueId, SetSecurityDescriptorDacl, AddAce, InitializeAcl, GetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, EqualSid, AdjustTokenPrivileges, RevertToSelf, ImpersonateLoggedOnUser, CopySid, GetLengthSid, CheckTokenMembership, GetTokenInformation, SetTokenInformation
api-ms-win-security-lsalookup-l1-1-0.dll
LsaLookupFreeMemory, LsaLookupTranslateSids, LsaLookupOpenLocalPolicy, LsaLookupManageSidNameMapping, LsaLookupGetDomainInfo, LsaLookupTranslateNames, LsaLookupClose
api-ms-win-security-lsalookup-l1-1-1.dll
LsaLookupOpenLocalPolicy, LsaLookupFreeMemory, LsaLookupClose, LsaLookupManageSidNameMapping, LsaLookupGetDomainInfo, LsaLookupTranslateNames, LsaLookupTranslateSids
api-ms-win-security-sddl-l1-1-0.dll
ConvertSecurityDescriptorToStringSecurityDescriptorW, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW
cryptbase.dll
SystemFunction005, SystemFunction029
kernel32.dll
InterlockedCompareExchange64, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, HeapAlloc, FreeLibrary, GetProcAddress, LoadLibraryW, GetModuleHandleW, TransactNamedPipe, WriteFile, GetTickCount, DuplicateHandle, GetCurrentProcess, GetSystemTimeAsFileTime, CreateEventW, SetEvent, GetCurrentThread, ResetEvent, DeviceIoControl, CreateFileW, GetProcessId, ResumeThread, GetCurrentProcessId, GetDriveTypeW, OpenEventW, GetComputerNameW, CompareStringW, SetThreadPriority, ExitThread, SetProcessShutdownParameters, SetConsoleCtrlHandler, HeapSetInformation, SetErrorMode, SetUnhandledExceptionFilter, GetProcessTimes, OpenProcess, InterlockedCompareExchange, LoadLibraryA, HeapCreate, WaitForSingleObject, TerminateProcess, HeapFree, InitializeCriticalSection, CreateThread, ExpandEnvironmentStringsW, CreateProcessW, GetLastError, CloseHandle, SetLastError, EnterCriticalSection, LeaveCriticalSection, Sleep, LocalFree, LocalAlloc, GetEnvironmentVariableW, CreateDirectoryW, FindFirstFileW, FindClose, lstrlenW, FindNextFileW, MoveFileExW, GetVersionExW, GetSystemTime, GetExitCodeThread, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, InterlockedExchange, DelayLoadFailureHook, ConnectNamedPipe
msvcrt.dll
DllMain
ncobjapi.dll
WmiCreateObjectWithFormat, WmiEventSourceConnect, WmiSetAndCommitObject
ntdll.dll
DllMain, EtwRegisterTraceGuidsW, RtlUnicodeStringToInteger, RtlSetLastWin32Error, NtTraceControl, RtlInitializeCriticalSection, NtQueueApcThread, NtOpenThread, EvtIntReportEventAndSourceAsync, RtlSetProcessIsCritical, NtOpenProcessToken, NtSetInformationProcess, NtSetEvent, EtwEventRegister, EtwEventWrite, RtlFreeHeap, NtDeleteFile, NtQueryDirectoryFile, NtWaitForSingleObject, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, NtQueryInformationFile, NtSetInformationFile, NtFilterToken, RtlCopyUnicodeString, RtlMapGenericMask, RtlValidRelativeSecurityDescriptor, RtlSetSecurityObject, RtlQuerySecurityObject, NtQueryInformationToken, NtDuplicateToken, NtAdjustPrivilegesToken, NtSetInformationThread, NtAccessCheckAndAuditAlarm, NtAccessCheck, NtOpenThreadToken, NtPrivilegeCheck, NtPrivilegeObjectAuditAlarm, WinSqmAddToStream, RtlSetEnvironmentVariable, RtlLengthSecurityDescriptor, RtlValidSecurityDescriptor, RtlSetControlSecurityDescriptor, NtDeleteKey, RtlSubAuthoritySid, NtOpenKey, NtEnumerateKey, NtDeleteValueKey, NtSetValueKey, NtQueryValueKey, NtCreateKey, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlCreateServiceSid, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, NtLoadDriver, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlCompareUnicodeString, NtUnloadDriver, DbgPrintEx, RtlAdjustPrivilege, RtlExpandEnvironmentStrings_U, RtlInitializeSRWLock, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAcquireSRWLockShared, NtDeleteObjectAuditAlarm, RtlReleaseSRWLockShared, RtlAreAllAccessesGranted, NtCloseObjectAuditAlarm, RtlDeregisterWait, RtlQueueWorkItem, RtlCopyLuid, RtlDeleteSecurityObject, RtlAcquireSRWLockExclusive, RtlReleaseSRWLockExclusive, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, EtwTraceMessage, RtlUnhandledExceptionFilter, NtQuerySystemInformation, RtlNtStatusToDosErrorNoTeb, RtlInitializeSid, RtlAllocateHeap, RtlLengthRequiredSid, RtlSubAuthorityCountSid, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNewSecurityObject, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlUnicodeStringToAnsiString, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, RtlAddAccessAllowedAce, RtlEqualSid, RtlGetOwnerSecurityDescriptor, NtDisplayString, TpReleaseWait, RtlInitUnicodeStringEx, TpAllocWait, NtDeleteWnfStateName, RtlPublishWnfStateData, NtCreateWnfStateName, TpSetWait, RtlAbsoluteToSelfRelativeSD, RtlAddAccessDeniedAce, RtlGetAce, RtlGetDaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, NtDelayExecution, NtRaiseHardError, RtlConnectToSm, RtlSendMsgToSm
rpcrt4.dll
UuidCreate, RpcAsyncAbortCall, RpcServerUnsubscribeForNotification, UuidEqual, RpcServerUseProtseqEpW, RpcServerRegisterIfEx, RpcServerUseProtseqW, RpcServerInqBindings, RpcBindingToStringBindingW, RpcStringBindingParseW, RpcStringFreeW, RpcEpRegisterW, RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, UuidCreateNil, I_RpcMapWin32Status, RpcServerInqCallAttributesW, RpcAsyncCompleteCall, RpcServerInqBindingHandle, RpcImpersonateClient, RpcRevertToSelf, I_RpcBindingInqLocalClientPID, I_RpcBindingIsClientLocal, I_RpcSessionStrictContextHandle, NdrServerCall2, NdrAsyncServerCall, RpcSsGetContextBinding, RpcServerInqCallAttributesA, RpcBindingServerFromClient, RpcBindingFree, RpcBindingVectorFree, RpcServerSubscribeForNotification, UuidFromStringW, RpcServerUnregisterIf, RpcMgmtWaitServerListen, RpcMgmtStopServerListening, RpcServerUnregisterIfEx, RpcServerRegisterIf, RpcServerListen, I_RpcExceptionFilter, NdrAsyncClientCall, RpcAsyncInitializeHandle, NdrClientCall2, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcEpResolveBinding, RpcServerRegisterIf3, RpcEpUnregister
scesrv.dll
ScesrvTerminateServer, ScesrvInitializeServer
sspicli.dll
LogonUserExExW
user32.dll
BroadcastSystemMessageW, LoadStringW, RegisterServicesProcess
userenv.dll
UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock

services.exe

Services and Controller app by Microsoft

Remove services.exe
Version:   5.1.2600.5512 (xpsp.080413-2111)
MD5:   0e776ed5f7cc9f94299e70461b7b8185
SHA1:   cb5a33cec4c7b8ef4bd5dc8c241005b66b26cbbf
SHA256:   22750b3829133d1d4bb3ce2fa6247be2373b5d15a6ed1c8a71673aa1ce7d9530
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is services.exe?

Service Control Manager (SCM) is a special system process which starts, stops and interacts with Windows service processes. The SCM executable, Services.exe, runs as a Windows console program, and is launched by the Wininit process early during the system startup.

Overview

services.exe executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges). This is the Service Service Control Manager for Windows wich is responsible for controlling most Windows services. This version is installed on Windows XP and is compiled as a 32 bit program.

DetailsDetails

File name:services.exe
Publisher:Microsoft Corporation
Product name:Services and Controller app
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\services.exe
Original name:services.exe.mui
File version:5.1.2600.5512 (xpsp.080413-2111)
Product version:5.1.2600.5512
Size:106 KB (108,544 bytes)
Digital DNA
Entropy:6.449338
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00816368%
0.028634%
Kernel CPU:0.00608007%
0.013761%
User CPU:0.00208360%
0.014873%
Kernel CPU time:68,427 ms/min
100,923,805ms/min
Context switches:12/sec
284/sec
Memory
Private memory:2.04 MB
21.59 MB
Private (maximum):4.3 MB
Private (minimum):3.06 MB
Non-paged memory:2.04 MB
21.59 MB
Virtual memory:26.31 MB
140.96 MB
Virtual memory (peak):30.98 MB
169.69 MB
Working set:3.82 MB
18.61 MB
Working set (peak):5.38 MB
37.95 MB
Page faults:29,029/min
2,039/min
I/O
I/O read transfer:3.29 KB/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:4 KB/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:146 Bytes/sec
448.09 KB/min
I/O other operations:7/sec
1,671/min
Resource allocations
Threads:15
12
Handles:306
600
GUI GDI count:4
103
GUI USER count:2
49

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command lines:
  • C:\Windows\System32\services.exe
Owner:SYSTEM
Parent process:winlogon.exe (Windows NT Logon Application by Microsoft)

ResourcesThreads

Averages
 
umpnpmgr.dll
Total CPU:0.00045611%
0.272967%
Kernel CPU:0.00010937%
0.107585%
User CPU:0.00034675%
0.165382%
Context switches:1/sec
79/sec
Memory:132 KB
1.16 MB
RPCRT4.dll
Total CPU:0.00015532%
Kernel CPU:0.00000000%
User CPU:0.00015532%
Memory:584 KB
ntdll.dll
Total CPU:0.00003686%
Kernel CPU:0.00000000%
User CPU:0.00003686%
Memory:700 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 56.00%
Windows 7 Ultimate 26.50%
Windows 7 Professional 8.50%
Windows 7 Home Basic 3.50%
Windows Vista Home Premium 3.50%
Windows 7 Starter 1.00%
Windows Seven Black Edition 0.50%
Windows Vista Home Basic 0.50%

Distribution by countryDistribution by country

United States installs about 46.73% of Services and Controller app.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 26.22%
Hewlett-Packard 18.73%
ASUS 13.48%
Acer 12.73%
Toshiba 11.99%
Sony 3.75%
Lenovo 3.75%
Samsung 2.25%
GIGABYTE 2.25%
MSI 1.50%
Alienware 0.75%
Medion 0.75%
Intel 0.75%
Gateway 0.75%
Sahara 0.37%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE