Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.2.9200.16384 (win8_rtm.120725-1247) 0.57%
6.2.9200.16384 (win8_rtm.120725-1247) 0.60%
6.2.9200.16384 (win8_rtm.120725-1247) 1.14%
6.2.9200.16384 (win8_rtm.120725-1247) 9.23%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.07%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.07%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.03%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.07%
6.1.7600.16385 (win7_rtm.090713-1255) 17.05%
6.1.7600.16385 (win7_rtm.090713-1255) 30.70%
6.0.6000.16386 (vista_rtm.061101-2205) 4.63%
6.0.6000.16386 (vista_rtm.061101-2205) 0.03%
6.0.6000.16386 (vista_rtm.061101-2205) 0.30%
6.0.6000.16386 (vista_rtm.061101-2205) 1.04%
6.0.6000.16386 (vista_rtm.061101-2205) 0.30%
6.0.6000.16386 (vista_rtm.061101-2205) 0.03%
5.2.3790.4455 (srv03_sp2_gdr.090203-1205) 0.03%
5.2.3790.4455 (srv03_sp2_gdr.090203-1205) 0.03%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710) 0.03%
5.1.2600.5922 (xpsp_sp3_qfe.091223-1723) 1.17%
5.1.2600.5755 (xpsp_sp3_qfe.090206-1316) 0.13%
5.1.2600.5755 (xpsp_sp3_qfe.090206-1316) 1.34%
5.1.2600.5755 (xpsp_sp3_qfe.090206-1316) 0.23%
5.1.2600.5755 (xpsp_sp3_qfe.090206-1316) 0.44%
5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) 20.23%
View more

Relationships

Parent process
Child processes

PE structurePE file structure

Show functions
Import table
advapi32.dll
TraceMessage, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, ConvertSidToStringSidW, RevertToSelf, CreateProcessAsUserW, ImpersonateLoggedOnUser, InitiateSystemShutdownExW, OpenThreadToken, LsaClose, LsaFreeMemory, LsaLookupSids, LsaOpenPolicy, OpenProcessToken, EqualSid, AdjustTokenPrivileges, SetSecurityDescriptorDacl, AddAce, InitializeAcl, CopySid, GetLengthSid, GetSecurityDescriptorDacl, RegGetKeySecurity, RegSetKeySecurity, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, RegLoadMUIStringW, LsaManageSidNameMapping, LookupPrivilegeValueW, RegNotifyChangeKeyValue, LsaQueryInformationPolicy, SetTokenInformation, AddAccessAllowedAce, LsaEnumeratePrivileges, LsaLookupNames, FreeSid, AllocateAndInitializeSid, AllocateLocallyUniqueId, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSecurityDescriptorToStringSecurityDescriptorW, GetKernelObjectSecurity, LsaStorePrivateData, EventWrite, EventRegister, RegOpenKeyW, SystemFunction005, SystemFunction029, StartServiceCtrlDispatcherW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, ControlTraceW, EnableTrace, StartTraceW, CheckTokenMembership, LogonUserExExW
api-ms-win-core-crt-l1-1-0.dll
memcpy, wcschr, _wcslwr_s, wcsrchr, wcscat_s, memset, memcmp, _vsnwprintf_s, _wcsnicmp, wcstoul, _ltow_s, wcscspn, wcsstr, _wcsicmp, _wtol, wcsncmp, _ultow_s, _except_handler4_common
api-ms-win-core-crt-l2-1-0.dll
exit, _initterm, _initterm_e
api-ms-win-core-errorhandling-l1-1-0.dll
SetLastError, GetLastError, SetErrorMode, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll
SetLastError, GetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetErrorMode
api-ms-win-core-file-l1-1-0.dll
CreateFileW, SetFileInformationByHandle, FindNextFileW, FindClose, CreateDirectoryW, FindFirstFileW
api-ms-win-core-file-l1-2-0.dll
CreateDirectoryW, FindFirstFileW, SetFileInformationByHandle, FindClose, FindNextFileW, CreateFileW
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapFree, HeapCreate, HeapAlloc, HeapSetInformation
api-ms-win-core-heap-l1-2-0.dll
HeapAlloc, HeapSetInformation, HeapFree
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalAlloc, LocalFree
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange, InterlockedCompareExchange64
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedCompareExchange64, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-io-l1-1-0.dll
DeviceIoControl
api-ms-win-core-io-l1-1-1.dll
DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0.dll
GetModuleHandleW, GetProcAddress, FreeLibrary, LoadLibraryExW, GetModuleHandleA, LoadStringW
api-ms-win-core-libraryloader-l1-1-1.dll
LoadStringW, GetModuleHandleW, GetProcAddress, LoadLibraryExW, FreeLibrary
api-ms-win-core-localregistry-l1-1-0.dll
RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegGetKeySecurity, RegSetKeySecurity, RegNotifyChangeKeyValue, RegLoadMUIStringW, RegSetValueExW, RegCreateKeyExW
api-ms-win-core-misc-l1-1-0.dll
LocalFree, Sleep, lstrlenW, LocalAlloc
api-ms-win-core-processenvironment-l1-1-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-2-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0.dll
CreateProcessW, CreateThread, TerminateProcess, GetCurrentThreadId, OpenThreadToken, GetCurrentThread, GetProcessId, GetCurrentProcess, CreateProcessAsUserW, DeleteProcThreadAttributeList, UpdateProcThreadAttribute, InitializeProcThreadAttributeList, OpenProcessToken, ResumeThread, SetThreadPriority, ExitThread, SetProcessShutdownParameters, GetCurrentProcessId, GetProcessTimes
api-ms-win-core-processthreads-l1-1-1.dll
CreateThread, CreateProcessW, SetThreadPriority, GetCurrentThread, GetCurrentThreadId, TerminateProcess, GetProcessId, OpenThreadToken, GetCurrentProcess, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, DeleteProcThreadAttributeList, CreateProcessAsUserW, ResumeThread, OpenProcessToken, OpenProcess, GetProcessTimes, ExitThread, SetProcessShutdownParameters, GetCurrentProcessId
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegDeleteTreeW, RegNotifyChangeKeyValue, RegSetKeySecurity, RegGetKeySecurity, RegLoadMUIStringW, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW
api-ms-win-core-string-l1-1-0.dll
CompareStringW
api-ms-win-core-synch-l1-1-0.dll
LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, WaitForSingleObject, SetEvent, CreateEventW, ResetEvent, WaitForMultipleObjectsEx, OpenEventW, OpenProcess
api-ms-win-core-synch-l1-2-0.dll
AcquireSRWLockExclusive, OpenEventW, ResetEvent, WaitForMultipleObjectsEx, CreateEventW, SetEvent, WaitForSingleObject, Sleep, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, ReleaseSRWLockExclusive
api-ms-win-core-sysinfo-l1-1-0.dll
GetTickCount, GetSystemTimeAsFileTime, GetComputerNameExW, GetSystemTime, GetVersionExW
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount64, GetSystemTimeAsFileTime, GetComputerNameExW, GetVersionExW, GetSystemTime, GetTickCount
api-ms-win-core-threadpool-l1-2-0.dll
CreateThreadpoolCleanupGroup, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolCleanupGroupMembers, CloseThreadpoolCleanupGroup, CallbackMayRunLong, CloseThreadpoolWork
api-ms-win-security-base-l1-1-0.dll
SetSecurityDescriptorDacl, AdjustTokenPrivileges, EqualSid, ImpersonateLoggedOnUser, RevertToSelf, GetLengthSid, CopySid, CheckTokenMembership, GetTokenInformation, AddAce, InitializeAcl, GetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, SetTokenInformation, AddAccessAllowedAce, AllocateAndInitializeSid, AllocateLocallyUniqueId, FreeSid, SetKernelObjectSecurity, GetKernelObjectSecurity
api-ms-win-security-base-l1-2-0.dll
AddAccessAllowedAce, SetKernelObjectSecurity, GetKernelObjectSecurity, FreeSid, AllocateAndInitializeSid, AllocateLocallyUniqueId, SetSecurityDescriptorDacl, AddAce, InitializeAcl, GetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, EqualSid, AdjustTokenPrivileges, RevertToSelf, ImpersonateLoggedOnUser, CopySid, GetLengthSid, CheckTokenMembership, GetTokenInformation, SetTokenInformation
api-ms-win-security-lsalookup-l1-1-0.dll
LsaLookupFreeMemory, LsaLookupTranslateSids, LsaLookupOpenLocalPolicy, LsaLookupManageSidNameMapping, LsaLookupGetDomainInfo, LsaLookupTranslateNames, LsaLookupClose
api-ms-win-security-lsalookup-l1-1-1.dll
LsaLookupOpenLocalPolicy, LsaLookupFreeMemory, LsaLookupClose, LsaLookupManageSidNameMapping, LsaLookupGetDomainInfo, LsaLookupTranslateNames, LsaLookupTranslateSids
api-ms-win-security-sddl-l1-1-0.dll
ConvertSecurityDescriptorToStringSecurityDescriptorW, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW
cryptbase.dll
SystemFunction005, SystemFunction029
kernel32.dll
InterlockedCompareExchange64, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, HeapAlloc, FreeLibrary, GetProcAddress, LoadLibraryW, GetModuleHandleW, TransactNamedPipe, WriteFile, GetTickCount, DuplicateHandle, GetCurrentProcess, GetSystemTimeAsFileTime, CreateEventW, SetEvent, GetCurrentThread, ResetEvent, DeviceIoControl, CreateFileW, GetProcessId, ResumeThread, GetCurrentProcessId, GetDriveTypeW, OpenEventW, GetComputerNameW, CompareStringW, SetThreadPriority, ExitThread, SetProcessShutdownParameters, SetConsoleCtrlHandler, HeapSetInformation, SetErrorMode, SetUnhandledExceptionFilter, GetProcessTimes, OpenProcess, InterlockedCompareExchange, LoadLibraryA, HeapCreate, WaitForSingleObject, TerminateProcess, HeapFree, InitializeCriticalSection, CreateThread, ExpandEnvironmentStringsW, CreateProcessW, GetLastError, CloseHandle, SetLastError, EnterCriticalSection, LeaveCriticalSection, Sleep, LocalFree, LocalAlloc, GetEnvironmentVariableW, CreateDirectoryW, FindFirstFileW, FindClose, lstrlenW, FindNextFileW, MoveFileExW, GetVersionExW, GetSystemTime, GetExitCodeThread, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, InterlockedExchange, DelayLoadFailureHook, ConnectNamedPipe
msvcrt.dll
DllMain
ncobjapi.dll
WmiCreateObjectWithFormat, WmiEventSourceConnect, WmiSetAndCommitObject
ntdll.dll
DllMain, EtwRegisterTraceGuidsW, RtlUnicodeStringToInteger, RtlSetLastWin32Error, NtTraceControl, RtlInitializeCriticalSection, NtQueueApcThread, NtOpenThread, EvtIntReportEventAndSourceAsync, RtlSetProcessIsCritical, NtOpenProcessToken, NtSetInformationProcess, NtSetEvent, EtwEventRegister, EtwEventWrite, RtlFreeHeap, NtDeleteFile, NtQueryDirectoryFile, NtWaitForSingleObject, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, NtQueryInformationFile, NtSetInformationFile, NtFilterToken, RtlCopyUnicodeString, RtlMapGenericMask, RtlValidRelativeSecurityDescriptor, RtlSetSecurityObject, RtlQuerySecurityObject, NtQueryInformationToken, NtDuplicateToken, NtAdjustPrivilegesToken, NtSetInformationThread, NtAccessCheckAndAuditAlarm, NtAccessCheck, NtOpenThreadToken, NtPrivilegeCheck, NtPrivilegeObjectAuditAlarm, WinSqmAddToStream, RtlSetEnvironmentVariable, RtlLengthSecurityDescriptor, RtlValidSecurityDescriptor, RtlSetControlSecurityDescriptor, NtDeleteKey, RtlSubAuthoritySid, NtOpenKey, NtEnumerateKey, NtDeleteValueKey, NtSetValueKey, NtQueryValueKey, NtCreateKey, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlCreateServiceSid, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, NtLoadDriver, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlCompareUnicodeString, NtUnloadDriver, DbgPrintEx, RtlAdjustPrivilege, RtlExpandEnvironmentStrings_U, RtlInitializeSRWLock, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAcquireSRWLockShared, NtDeleteObjectAuditAlarm, RtlReleaseSRWLockShared, RtlAreAllAccessesGranted, NtCloseObjectAuditAlarm, RtlDeregisterWait, RtlQueueWorkItem, RtlCopyLuid, RtlDeleteSecurityObject, RtlAcquireSRWLockExclusive, RtlReleaseSRWLockExclusive, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, EtwTraceMessage, RtlUnhandledExceptionFilter, NtQuerySystemInformation, RtlNtStatusToDosErrorNoTeb, RtlInitializeSid, RtlAllocateHeap, RtlLengthRequiredSid, RtlSubAuthorityCountSid, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNewSecurityObject, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlUnicodeStringToAnsiString, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, RtlAddAccessAllowedAce, RtlEqualSid, RtlGetOwnerSecurityDescriptor, NtDisplayString, TpReleaseWait, RtlInitUnicodeStringEx, TpAllocWait, NtDeleteWnfStateName, RtlPublishWnfStateData, NtCreateWnfStateName, TpSetWait, RtlAbsoluteToSelfRelativeSD, RtlAddAccessDeniedAce, RtlGetAce, RtlGetDaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, NtDelayExecution, NtRaiseHardError, RtlConnectToSm, RtlSendMsgToSm
rpcrt4.dll
UuidCreate, RpcAsyncAbortCall, RpcServerUnsubscribeForNotification, UuidEqual, RpcServerUseProtseqEpW, RpcServerRegisterIfEx, RpcServerUseProtseqW, RpcServerInqBindings, RpcBindingToStringBindingW, RpcStringBindingParseW, RpcStringFreeW, RpcEpRegisterW, RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, UuidCreateNil, I_RpcMapWin32Status, RpcServerInqCallAttributesW, RpcAsyncCompleteCall, RpcServerInqBindingHandle, RpcImpersonateClient, RpcRevertToSelf, I_RpcBindingInqLocalClientPID, I_RpcBindingIsClientLocal, I_RpcSessionStrictContextHandle, NdrServerCall2, NdrAsyncServerCall, RpcSsGetContextBinding, RpcServerInqCallAttributesA, RpcBindingServerFromClient, RpcBindingFree, RpcBindingVectorFree, RpcServerSubscribeForNotification, UuidFromStringW, RpcServerUnregisterIf, RpcMgmtWaitServerListen, RpcMgmtStopServerListening, RpcServerUnregisterIfEx, RpcServerRegisterIf, RpcServerListen, I_RpcExceptionFilter, NdrAsyncClientCall, RpcAsyncInitializeHandle, NdrClientCall2, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcEpResolveBinding, RpcServerRegisterIf3, RpcEpUnregister
scesrv.dll
ScesrvTerminateServer, ScesrvInitializeServer
sspicli.dll
LogonUserExExW
user32.dll
BroadcastSystemMessageW, LoadStringW, RegisterServicesProcess
userenv.dll
UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock

services.exe

Services and Controller app by Microsoft

Remove services.exe
Version:   6.1.7600.16385 (win7_rtm.090713-1255)
MD5:   5f1b6a9c35d3d5ca72d6d6fdef9747d6
SHA1:   54a90c371155985420f455361a5b3ac897e6c96e
SHA256:   d7bc4ed605b32274b45328fd9914fb0e7b90d869a38f0e6f94fb1bf4e9e2b407
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is services.exe?

Service Control Manager (SCM) is a special system process which starts, stops and interacts with Windows service processes. The SCM executable, Services.exe, runs as a Windows console program, and is launched by the Wininit process early during the system startup.

Overview

services.exe executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges) typically within the context of its parent wininit.exe (Windows Start-Up Application by Microsoft). This is the Service Service Control Manager for Windows wich is responsible for controlling most Windows services. This version is designed to run on Windows 7 and is compiled as a 32 bit program.

DetailsDetails

File name:services.exe
Publisher:Microsoft Corporation
Product name:Services and Controller app
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\services.exe
Original name:services.exe.mui
File version:6.1.7600.16385 (win7_rtm.090713-1255)
Product version:6.1.7600.16385
Size:253 KB (259,072 bytes)
Digital DNA
Entropy:6.449338
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.01220692%
0.028634%
Kernel CPU:0.00511764%
0.013761%
User CPU:0.00708928%
0.014873%
Kernel CPU time:68,891,227 ms/min
100,923,805ms/min
CPU cycles:1,663,707/sec
17,470,203/sec
Context switches:35/sec
284/sec
Memory
Private memory:4.96 MB
21.59 MB
Private (maximum):7.8 MB
Private (minimum):5.06 MB
Non-paged memory:4.96 MB
21.59 MB
Virtual memory:40.94 MB
140.96 MB
Virtual memory (peak):55.1 MB
169.69 MB
Working set:5.81 MB
18.61 MB
Working set (peak):11.98 MB
37.95 MB
Page faults:25,788/min
2,039/min
I/O
I/O read transfer:5.72 KB/sec
1.02 MB/min
I/O read operations:21/sec
343/min
I/O write transfer:13.69 KB/sec
274.99 KB/min
I/O write operations:3/sec
227/min
I/O other transfer:2.58 KB/sec
448.09 KB/min
I/O other operations:117/sec
1,671/min
Resource allocations
Threads:11
12
Handles:266
600

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command lines:
  • C:\Windows\System32\services.exe
Owner:SYSTEM
Parent process:wininit.exe (Windows Start-Up Application by Microsoft)

ResourcesThreads

Averages
 
ntdll.dll
Total CPU:0.11060758%
0.272967%
Kernel CPU:0.06334236%
0.107585%
User CPU:0.04726523%
0.165382%
CPU cycles:1,429,290/sec
5,741,424/sec
Context switches:10/sec
79/sec
Memory:1.24 MB
1.16 MB
UBPM.dll
Total CPU:0.00647824%
Kernel CPU:0.00093338%
User CPU:0.00554487%
CPU cycles:127,046/sec
Context switches:1/sec
Memory:176 KB
ESENT.dll
Total CPU:0.00313732%
Kernel CPU:0.00313732%
User CPU:0.00000000%
CPU cycles:19,254/sec
Memory:1.64 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 56.00%
Windows 7 Ultimate 26.50%
Windows 7 Professional 8.50%
Windows 7 Home Basic 3.50%
Windows Vista Home Premium 3.50%
Windows 7 Starter 1.00%
Windows Seven Black Edition 0.50%
Windows Vista Home Basic 0.50%

Distribution by countryDistribution by country

United States installs about 46.73% of Services and Controller app.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 26.22%
Hewlett-Packard 18.73%
ASUS 13.48%
Acer 12.73%
Toshiba 11.99%
Sony 3.75%
Lenovo 3.75%
Samsung 2.25%
GIGABYTE 2.25%
MSI 1.50%
Alienware 0.75%
Medion 0.75%
Intel 0.75%
Gateway 0.75%
Sahara 0.37%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE