Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.2.9200.16384 (win8_rtm.120725-1247) 0.67%
6.2.9200.16384 (win8_rtm.120725-1247) 0.71%
6.2.9200.16384 (win8_rtm.120725-1247) 1.35%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.08%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.08%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.04%
6.1.7600.16385 (win7_rtm.090713-1255) 20.13%
6.1.7600.16385 (win7_rtm.090713-1255) 36.27%
6.0.6000.16386 (vista_rtm.061101-2205) 5.47%
6.0.6000.16386 (vista_rtm.061101-2205) 0.04%
6.0.6000.16386 (vista_rtm.061101-2205) 0.36%
6.0.6000.16386 (vista_rtm.061101-2205) 1.23%
6.0.6000.16386 (vista_rtm.061101-2205) 0.36%
5.2.3790.4455 (srv03_sp2_gdr.090203-1205) 0.04%
5.1.2600.5922 (xpsp_sp3_qfe.091223-1723) 1.39%
5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) 23.90%
5.1.2600.5512 (xpsp.080413-2111) 1.82%
5.1.2600.3520 (xpsp_sp2_qfe.090206-1239) 0.24%
5.1.2600.3520 (xpsp_sp2_gdr.090206-1233) 1.23%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) 4.60%

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
TraceMessage, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, ConvertSidToStringSidW, RevertToSelf, CreateProcessAsUserW, ImpersonateLoggedOnUser, InitiateSystemShutdownExW, OpenThreadToken, LsaClose, LsaFreeMemory, LsaLookupSids, LsaOpenPolicy, OpenProcessToken, EqualSid, AdjustTokenPrivileges, SetSecurityDescriptorDacl, AddAce, InitializeAcl, CopySid, GetLengthSid, GetSecurityDescriptorDacl, RegGetKeySecurity, RegSetKeySecurity, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, RegLoadMUIStringW, LsaManageSidNameMapping, LookupPrivilegeValueW, RegNotifyChangeKeyValue, LsaQueryInformationPolicy, SetTokenInformation, AddAccessAllowedAce, LsaEnumeratePrivileges, LsaLookupNames, FreeSid, AllocateAndInitializeSid, AllocateLocallyUniqueId, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSecurityDescriptorToStringSecurityDescriptorW, GetKernelObjectSecurity, LsaStorePrivateData, EventWrite, EventRegister, RegOpenKeyW, SystemFunction005, SystemFunction029, StartServiceCtrlDispatcherW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, ControlTraceW, EnableTrace, StartTraceW, CheckTokenMembership, LogonUserExExW
api-ms-win-core-crt-l1-1-0.dll
memcpy, wcschr, _wcslwr_s, wcsrchr, wcscat_s, memset, memcmp, _vsnwprintf_s, _wcsnicmp, wcstoul, _ltow_s, wcscspn, wcsstr, _wcsicmp, _wtol, wcsncmp, _ultow_s, _except_handler4_common
api-ms-win-core-crt-l2-1-0.dll
exit, _initterm, _initterm_e
api-ms-win-core-errorhandling-l1-1-0.dll
SetLastError, GetLastError, SetErrorMode, SetUnhandledExceptionFilter, UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll
SetLastError, GetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetErrorMode
api-ms-win-core-file-l1-1-0.dll
CreateFileW, SetFileInformationByHandle, FindNextFileW, FindClose, CreateDirectoryW, FindFirstFileW
api-ms-win-core-file-l1-2-0.dll
CreateDirectoryW, FindFirstFileW, SetFileInformationByHandle, FindClose, FindNextFileW, CreateFileW
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-l1-1-0.dll
HeapFree, HeapCreate, HeapAlloc, HeapSetInformation
api-ms-win-core-heap-l1-2-0.dll
HeapAlloc, HeapSetInformation, HeapFree
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalAlloc, LocalFree
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange, InterlockedCompareExchange64
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedCompareExchange64, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-io-l1-1-0.dll
DeviceIoControl
api-ms-win-core-io-l1-1-1.dll
DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0.dll
GetModuleHandleW, GetProcAddress, FreeLibrary, LoadLibraryExW, GetModuleHandleA, LoadStringW
api-ms-win-core-libraryloader-l1-1-1.dll
LoadStringW, GetModuleHandleW, GetProcAddress, LoadLibraryExW, FreeLibrary
api-ms-win-core-localregistry-l1-1-0.dll
RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegGetKeySecurity, RegSetKeySecurity, RegNotifyChangeKeyValue, RegLoadMUIStringW, RegSetValueExW, RegCreateKeyExW
api-ms-win-core-misc-l1-1-0.dll
LocalFree, Sleep, lstrlenW, LocalAlloc
api-ms-win-core-processenvironment-l1-1-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-2-0.dll
GetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0.dll
CreateProcessW, CreateThread, TerminateProcess, GetCurrentThreadId, OpenThreadToken, GetCurrentThread, GetProcessId, GetCurrentProcess, CreateProcessAsUserW, DeleteProcThreadAttributeList, UpdateProcThreadAttribute, InitializeProcThreadAttributeList, OpenProcessToken, ResumeThread, SetThreadPriority, ExitThread, SetProcessShutdownParameters, GetCurrentProcessId, GetProcessTimes
api-ms-win-core-processthreads-l1-1-1.dll
CreateThread, CreateProcessW, SetThreadPriority, GetCurrentThread, GetCurrentThreadId, TerminateProcess, GetProcessId, OpenThreadToken, GetCurrentProcess, InitializeProcThreadAttributeList, UpdateProcThreadAttribute, DeleteProcThreadAttributeList, CreateProcessAsUserW, ResumeThread, OpenProcessToken, OpenProcess, GetProcessTimes, ExitThread, SetProcessShutdownParameters, GetCurrentProcessId
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-registry-l1-1-0.dll
RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegDeleteTreeW, RegNotifyChangeKeyValue, RegSetKeySecurity, RegGetKeySecurity, RegLoadMUIStringW, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW
api-ms-win-core-string-l1-1-0.dll
CompareStringW
api-ms-win-core-synch-l1-1-0.dll
LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, WaitForSingleObject, SetEvent, CreateEventW, ResetEvent, WaitForMultipleObjectsEx, OpenEventW, OpenProcess
api-ms-win-core-synch-l1-2-0.dll
AcquireSRWLockExclusive, OpenEventW, ResetEvent, WaitForMultipleObjectsEx, CreateEventW, SetEvent, WaitForSingleObject, Sleep, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, ReleaseSRWLockExclusive
api-ms-win-core-sysinfo-l1-1-0.dll
GetTickCount, GetSystemTimeAsFileTime, GetComputerNameExW, GetSystemTime, GetVersionExW
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount64, GetSystemTimeAsFileTime, GetComputerNameExW, GetVersionExW, GetSystemTime, GetTickCount
api-ms-win-core-threadpool-l1-2-0.dll
CreateThreadpoolCleanupGroup, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolCleanupGroupMembers, CloseThreadpoolCleanupGroup, CallbackMayRunLong, CloseThreadpoolWork
api-ms-win-security-base-l1-1-0.dll
SetSecurityDescriptorDacl, AdjustTokenPrivileges, EqualSid, ImpersonateLoggedOnUser, RevertToSelf, GetLengthSid, CopySid, CheckTokenMembership, GetTokenInformation, AddAce, InitializeAcl, GetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, SetTokenInformation, AddAccessAllowedAce, AllocateAndInitializeSid, AllocateLocallyUniqueId, FreeSid, SetKernelObjectSecurity, GetKernelObjectSecurity
api-ms-win-security-base-l1-2-0.dll
AddAccessAllowedAce, SetKernelObjectSecurity, GetKernelObjectSecurity, FreeSid, AllocateAndInitializeSid, AllocateLocallyUniqueId, SetSecurityDescriptorDacl, AddAce, InitializeAcl, GetSecurityDescriptorDacl, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, EqualSid, AdjustTokenPrivileges, RevertToSelf, ImpersonateLoggedOnUser, CopySid, GetLengthSid, CheckTokenMembership, GetTokenInformation, SetTokenInformation
api-ms-win-security-lsalookup-l1-1-0.dll
LsaLookupFreeMemory, LsaLookupTranslateSids, LsaLookupOpenLocalPolicy, LsaLookupManageSidNameMapping, LsaLookupGetDomainInfo, LsaLookupTranslateNames, LsaLookupClose
api-ms-win-security-lsalookup-l1-1-1.dll
LsaLookupOpenLocalPolicy, LsaLookupFreeMemory, LsaLookupClose, LsaLookupManageSidNameMapping, LsaLookupGetDomainInfo, LsaLookupTranslateNames, LsaLookupTranslateSids
api-ms-win-security-sddl-l1-1-0.dll
ConvertSecurityDescriptorToStringSecurityDescriptorW, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW
cryptbase.dll
SystemFunction005, SystemFunction029
kernel32.dll
InterlockedCompareExchange64, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, HeapAlloc, FreeLibrary, GetProcAddress, LoadLibraryW, GetModuleHandleW, TransactNamedPipe, WriteFile, GetTickCount, DuplicateHandle, GetCurrentProcess, GetSystemTimeAsFileTime, CreateEventW, SetEvent, GetCurrentThread, ResetEvent, DeviceIoControl, CreateFileW, GetProcessId, ResumeThread, GetCurrentProcessId, GetDriveTypeW, OpenEventW, GetComputerNameW, CompareStringW, SetThreadPriority, ExitThread, SetProcessShutdownParameters, SetConsoleCtrlHandler, HeapSetInformation, SetErrorMode, SetUnhandledExceptionFilter, GetProcessTimes, OpenProcess, InterlockedCompareExchange, LoadLibraryA, HeapCreate, WaitForSingleObject, TerminateProcess, HeapFree, InitializeCriticalSection, CreateThread, ExpandEnvironmentStringsW, CreateProcessW, GetLastError, CloseHandle, SetLastError, EnterCriticalSection, LeaveCriticalSection, Sleep, LocalFree, LocalAlloc, GetEnvironmentVariableW, CreateDirectoryW, FindFirstFileW, FindClose, lstrlenW, FindNextFileW, MoveFileExW, GetVersionExW, GetSystemTime, GetExitCodeThread, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, InterlockedExchange, DelayLoadFailureHook, ConnectNamedPipe
msvcrt.dll
DllMain
ncobjapi.dll
WmiCreateObjectWithFormat, WmiEventSourceConnect, WmiSetAndCommitObject
ntdll.dll
DllMain, EtwRegisterTraceGuidsW, RtlUnicodeStringToInteger, RtlSetLastWin32Error, NtTraceControl, RtlInitializeCriticalSection, NtQueueApcThread, NtOpenThread, EvtIntReportEventAndSourceAsync, RtlSetProcessIsCritical, NtOpenProcessToken, NtSetInformationProcess, NtSetEvent, EtwEventRegister, EtwEventWrite, RtlFreeHeap, NtDeleteFile, NtQueryDirectoryFile, NtWaitForSingleObject, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, NtQueryInformationFile, NtSetInformationFile, NtFilterToken, RtlCopyUnicodeString, RtlMapGenericMask, RtlValidRelativeSecurityDescriptor, RtlSetSecurityObject, RtlQuerySecurityObject, NtQueryInformationToken, NtDuplicateToken, NtAdjustPrivilegesToken, NtSetInformationThread, NtAccessCheckAndAuditAlarm, NtAccessCheck, NtOpenThreadToken, NtPrivilegeCheck, NtPrivilegeObjectAuditAlarm, WinSqmAddToStream, RtlSetEnvironmentVariable, RtlLengthSecurityDescriptor, RtlValidSecurityDescriptor, RtlSetControlSecurityDescriptor, NtDeleteKey, RtlSubAuthoritySid, NtOpenKey, NtEnumerateKey, NtDeleteValueKey, NtSetValueKey, NtQueryValueKey, NtCreateKey, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlCreateServiceSid, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, NtLoadDriver, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlCompareUnicodeString, NtUnloadDriver, DbgPrintEx, RtlAdjustPrivilege, RtlExpandEnvironmentStrings_U, RtlInitializeSRWLock, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, RtlAcquireSRWLockShared, NtDeleteObjectAuditAlarm, RtlReleaseSRWLockShared, RtlAreAllAccessesGranted, NtCloseObjectAuditAlarm, RtlDeregisterWait, RtlQueueWorkItem, RtlCopyLuid, RtlDeleteSecurityObject, RtlAcquireSRWLockExclusive, RtlReleaseSRWLockExclusive, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosError, NtShutdownSystem, EtwTraceMessage, RtlUnhandledExceptionFilter, NtQuerySystemInformation, RtlNtStatusToDosErrorNoTeb, RtlInitializeSid, RtlAllocateHeap, RtlLengthRequiredSid, RtlSubAuthorityCountSid, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNewSecurityObject, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlUnicodeStringToAnsiString, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, RtlAddAccessAllowedAce, RtlEqualSid, RtlGetOwnerSecurityDescriptor, NtDisplayString, TpReleaseWait, RtlInitUnicodeStringEx, TpAllocWait, NtDeleteWnfStateName, RtlPublishWnfStateData, NtCreateWnfStateName, TpSetWait, RtlAbsoluteToSelfRelativeSD, RtlAddAccessDeniedAce, RtlGetAce, RtlGetDaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, NtDelayExecution, NtRaiseHardError, RtlConnectToSm, RtlSendMsgToSm
rpcrt4.dll
UuidCreate, RpcAsyncAbortCall, RpcServerUnsubscribeForNotification, UuidEqual, RpcServerUseProtseqEpW, RpcServerRegisterIfEx, RpcServerUseProtseqW, RpcServerInqBindings, RpcBindingToStringBindingW, RpcStringBindingParseW, RpcStringFreeW, RpcEpRegisterW, RpcServerInqDefaultPrincNameW, RpcServerRegisterAuthInfoW, UuidCreateNil, I_RpcMapWin32Status, RpcServerInqCallAttributesW, RpcAsyncCompleteCall, RpcServerInqBindingHandle, RpcImpersonateClient, RpcRevertToSelf, I_RpcBindingInqLocalClientPID, I_RpcBindingIsClientLocal, I_RpcSessionStrictContextHandle, NdrServerCall2, NdrAsyncServerCall, RpcSsGetContextBinding, RpcServerInqCallAttributesA, RpcBindingServerFromClient, RpcBindingFree, RpcBindingVectorFree, RpcServerSubscribeForNotification, UuidFromStringW, RpcServerUnregisterIf, RpcMgmtWaitServerListen, RpcMgmtStopServerListening, RpcServerUnregisterIfEx, RpcServerRegisterIf, RpcServerListen, I_RpcExceptionFilter, NdrAsyncClientCall, RpcAsyncInitializeHandle, NdrClientCall2, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcEpResolveBinding, RpcServerRegisterIf3, RpcEpUnregister
scesrv.dll
ScesrvTerminateServer, ScesrvInitializeServer
sspicli.dll
LogonUserExExW
user32.dll
BroadcastSystemMessageW, LoadStringW, RegisterServicesProcess
userenv.dll
UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock

services.exe

Services and Controller app by Microsoft

Remove services.exe
Version:   5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
MD5:   c6ce6eec82f187615d1002bb3bb50ed4
SHA1:   b958912d139cb8dbfeeacdd38ba048c4f452174e
SHA256:   cea9c880328205ae3376eb8b005412cb0f8fce52a71c6f0651ef5f9c193f6e3f
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is services.exe?

Service Control Manager (SCM) is a special system process which starts, stops and interacts with Windows service processes. The SCM executable, Services.exe, runs as a Windows console program, and is launched by the Wininit process early during the system startup.

Overview

services.exe executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges). This is the Service Service Control Manager for Windows wich is responsible for controlling most Windows services. This version is installed on Windows XP and is compiled as a 32 bit program.

DetailsDetails

File name:services.exe
Publisher:Microsoft Corporation
Product name:Services and Controller app
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\services.exe
Original name:services.exe.mui
File version:5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product version:5.1.2600.2180
Size:105.5 KB (108,032 bytes)
Digital DNA
Entropy:6.449338
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.02359536%
0.028634%
Kernel CPU:0.01215487%
0.013761%
User CPU:0.01144048%
0.014873%
Kernel CPU time:50,552 ms/min
100,923,805ms/min
User CPU time:0 ms/min
0 ms/min
Context switches:83/sec
284/sec
Memory
Private memory:2.78 MB
21.59 MB
Private (maximum):4.89 MB
Private (minimum):3.78 MB
Non-paged memory:2.78 MB
21.59 MB
Virtual memory:40.41 MB
140.96 MB
Virtual memory (peak):47 MB
169.69 MB
Working set:4.18 MB
18.61 MB
Working set (peak):8.98 MB
37.95 MB
Page faults:21,970/min
2,039/min
I/O
I/O read transfer:2.31 KB/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:2.41 KB/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:211 Bytes/sec
448.09 KB/min
I/O other operations:6/sec
1,671/min
Resource allocations
Threads:16
12
Handles:330
600
GUI GDI count:4
103
GUI USER count:2
49

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command lines:
  • C:\Windows\System32\services.exe
  • C:\winnt\system32\services.exe
  • C:\winxpsp2\system32\services.exe
Owner:SYSTEM
Parent process:winlogon.exe (Windows NT Logon Application by Microsoft)

ResourcesThreads

Averages
 
umpnpmgr.dll
Total CPU:0.00532598%
0.272967%
Kernel CPU:0.00165852%
0.107585%
User CPU:0.00366746%
0.165382%
Memory:132 KB
1.16 MB
ntdll.dll
Total CPU:0.00278127%
Kernel CPU:0.00079465%
User CPU:0.00198662%
Memory:704 KB
NCObjAPI.DLL
Total CPU:0.00082517%
Kernel CPU:0.00000000%
User CPU:0.00082517%
Memory:48 KB
RPCRT4.dll
Total CPU:0.00007642%
Kernel CPU:0.00000000%
User CPU:0.00007642%
Memory:580 KB
services.exe (main module)
Total CPU:0.00007198%
Kernel CPU:0.00007198%
User CPU:0.00000000%
Memory:112 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 56.00%
Windows 7 Ultimate 26.50%
Windows 7 Professional 8.50%
Windows 7 Home Basic 3.50%
Windows Vista Home Premium 3.50%
Windows 7 Starter 1.00%
Windows Seven Black Edition 0.50%
Windows Vista Home Basic 0.50%

Distribution by countryDistribution by country

United States installs about 46.73% of Services and Controller app.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 26.22%
Hewlett-Packard 18.73%
ASUS 13.48%
Acer 12.73%
Toshiba 11.99%
Sony 3.75%
Lenovo 3.75%
Samsung 2.25%
GIGABYTE 2.25%
MSI 1.50%
Alienware 0.75%
Medion 0.75%
Intel 0.75%
Gateway 0.75%
Sahara 0.37%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE