Should I block it?

No, this file is 100% safe to run.

Additional versions

6.2.9200.16384 (win8_rtm.120725-1247)	4.48%
6.1.7600.16385 (win7_rtm.090713-1255)	46.97%
6.1.7600.16385 (win7_rtm.090713-1255)	9.80%
6.1.7600.16385 (win7_rtm.090713-1255)	0.09%
6.1.7600.16385 (win7_rtm.090713-1255)	34.45%
6.1.7600.16385 (win7_rtm.090713-1255)	0.19%
6.00.2900.5853 (xpsp_sp3_qfe.090727-1747)	0.19%
6.00.2900.5853 (xpsp_sp3_gdr.090727-1736)	0.84%
6.00.2900.5853 (xpsp_sp3_gdr.090727-1736)	0.19%
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	0.19%
6.0.6000.16386 (vista_rtm.061101-2205)	1.87%
6.0.6000.16386 (vista_rtm.061101-2205)	0.75%

PE file structure

Show functions

Import table

advapi32.dll

GetCurrentHwProfileW, CloseServiceHandle, GetSecurityInfo, GetAce, AllocateAndInitializeSid, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, FreeSid, SetSecurityInfo, GetLengthSid, InitializeAcl, AddAccessAllowedAceEx, AddAccessAllowedAce, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegEnumValueW, RegDeleteValueW, RegOpenKeyExA, RegQueryValueExA, RegSetValueExW, RegQueryValueExW, EqualSid, GetTokenInformation, CryptVerifySignatureW, CryptHashData, CryptImportKey, CryptDestroyKey, CryptDestroyHash, RegEnumKeyExW, CryptReleaseContext, CryptAcquireContextW, CryptCreateHash, OpenSCManagerW, QueryServiceStatus, QueryServiceConfigW, DeleteService, ChangeServiceConfigW, SetServiceStatus, ChangeServiceConfig2W, CreateServiceW, RegisterServiceCtrlHandlerExW, EventWrite, EventEnabled, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegDeleteKeyW, OpenServiceW, CreateProcessAsUserW, SetThreadToken, RevertToSelf, ImpersonateLoggedOnUser, OpenProcessToken, OpenThreadToken, EventRegister, EventUnregister, UnregisterTraceGuids, RegisterTraceGuidsW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags

api-ms-win-core-delayload-l1-1-1.dll

DelayLoadFailureHook

api-ms-win-core-errorhandling-l1-1-1.dll

RaiseException, GetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter

api-ms-win-core-file-l1-2-0.dll

GetVolumePathNamesForVolumeNameW, CreateFileW, GetFileAttributesW, GetVolumeInformationW, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW, FindFirstFileW, FindClose, ReadFile

api-ms-win-core-handle-l1-1-0.dll

CloseHandle, DuplicateHandle

api-ms-win-core-heap-l1-2-0.dll

GetProcessHeap, HeapAlloc, HeapFree

api-ms-win-core-heap-obsolete-l1-1-0.dll

LocalAlloc, LocalFree

api-ms-win-core-interlocked-l1-2-0.dll

InterlockedDecrement, InterlockedIncrement, InterlockedExchange, InterlockedCompareExchange

api-ms-win-core-io-l1-1-1.dll

DeviceIoControl, CancelIo, GetOverlappedResult

api-ms-win-core-kernel32-legacy-l1-1-0.dll

WaitForMultipleObjects

api-ms-win-core-libraryloader-l1-1-1.dll

LoadLibraryExW, GetProcAddress, FreeLibrary, DisableThreadLibraryCalls

api-ms-win-core-memory-l1-1-1.dll

VirtualFreeEx, VirtualAllocEx, WriteProcessMemory

api-ms-win-core-path-l1-1-0.dll

PathCchAddBackslash

api-ms-win-core-privateprofile-l1-1-0.dll

GetPrivateProfileStringW, WritePrivateProfileStringW

api-ms-win-core-processenvironment-l1-2-0.dll

ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1.dll

OpenThreadToken, GetCurrentThread, CreateThread, GetCurrentProcessId, QueueUserAPC, GetCurrentProcess, TerminateProcess, GetCurrentThreadId, ProcessIdToSessionId, OpenProcess

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0.dll

RegCloseKey, RegSetValueExW, RegGetValueW, RegQueryValueExW, RegEnumValueW, RegOpenKeyExW

api-ms-win-core-string-l1-1-0.dll

MultiByteToWideChar, CompareStringW, CompareStringOrdinal

api-ms-win-core-string-obsolete-l1-1-0.dll

lstrcmpW, lstrcmpiW

api-ms-win-core-synch-l1-2-0.dll

WaitForSingleObject, CreateEventW, SetEvent, OpenEventW, WaitForSingleObjectEx, WaitForMultipleObjectsEx, EnterCriticalSection, ResetEvent, Sleep, InitializeCriticalSection, SetWaitableTimer, LeaveCriticalSection, DeleteCriticalSection

api-ms-win-core-sysinfo-l1-2-0.dll

GetTickCount, GetLocalTime, GetSystemTimeAsFileTime

api-ms-win-core-threadpool-legacy-l1-1-0.dll

QueueUserWorkItem

api-ms-win-core-timezone-l1-1-0.dll

SystemTimeToFileTime

api-ms-win-devices-config-l1-1-0.dll

CM_Unregister_Notification, CM_Register_Notification, CM_Get_Device_IDW, CM_Get_Parent

api-ms-win-eventing-classicprovider-l1-1-0.dll

TraceMessage

api-ms-win-security-base-l1-2-0.dll

ImpersonateLoggedOnUser, RevertToSelf

api-ms-win-service-core-l1-1-0.dll

RegisterServiceCtrlHandlerExW, SetServiceStatus

api-ms-win-service-core-l1-1-1.dll

SetServiceStatus, RegisterServiceCtrlHandlerExW, EnumDependentServicesW

api-ms-win-service-management-l1-1-0.dll

CloseServiceHandle, OpenServiceW, OpenSCManagerW

api-ms-win-service-private-l1-1-0.dll

I_ScUnregisterDeviceNotification, I_ScRegisterDeviceNotification

api-ms-win-service-winsvc-l1-1-0.dll

QueryServiceStatus, ControlService

api-ms-win-service-winsvc-l1-2-0.dll

ControlService, QueryServiceStatus

hid.dll

HidD_GetHidGuid, HidD_GetInputReport, HidP_GetSpecificButtonCaps, HidD_FreePreparsedData, HidP_GetCaps, HidP_GetUsages, HidP_MaxUsageListLength, HidD_GetPreparsedData

kernel32.dll

CompareStringW, QueueUserAPC, VirtualAllocEx, WriteProcessMemory, VirtualFreeEx, OpenProcess, ProcessIdToSessionId, OpenEventW, VirtualAlloc, ReadFile, VirtualFree, GetSystemDirectoryW, HeapReAlloc, LocalAlloc, LocalFree, GetProcessHeap, DisableThreadLibraryCalls, DelayLoadFailureHook, GetProcAddress, GetLastError, FreeLibrary, InterlockedCompareExchange, LoadLibraryExA, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, LeaveCriticalSection, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, GetVolumePathNamesForVolumeNameW, CompareStringOrdinal, WaitForSingleObject, CloseHandle, Sleep, HeapCreate, HeapDestroy, SystemTimeToFileTime, GetLocalTime, GetTickCount, lstrlenW, GetCurrentThreadId, HeapAlloc, HeapFree, QueueUserWorkItem, DuplicateHandle, GetCurrentProcess, GetCurrentThread, GetCurrentProcessId, InterlockedExchange, QueryPerformanceCounter, GetSystemTimeAsFileTime, LoadLibraryW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, ResetEvent, lstrcmpW, ExpandEnvironmentStringsW, GetVolumePathNameW, GetVolumeNameForVolumeMountPointW, lstrcmpiW, FindClose, FindFirstFileW, DeviceIoControl, SetEvent, CreateFileW, GetPrivateProfileStringW, WritePrivateProfileStringW, CreateEventW, TerminateProcess, MultiByteToWideChar, GetVolumeInformationW, GetFileAttributesW, RegisterWaitForSingleObject, UnregisterWait, WaitForMultipleObjects, GetVersionExA, GetModuleHandleW, GetFullPathNameW, GetModuleFileNameW, GetMailslotInfo, GetOverlappedResult, CancelIo, SetLastError, CreateMailslotW, LoadLibraryA, UnmapViewOfFile, GetFileSize, MapViewOfFile, CreateFileMappingW, SetFilePointer, ReadProcessMemory, CreateWaitableTimerW, GetModuleHandleExW

kernelbase.dll

ResolveDelayLoadedAPI

msvcrt.dll

DllMain

ntdll.dll

NtOpenProcessToken, EtwEventUnregister, NtQueryVolumeInformationFile, EtwEventEnabled, EtwEventWrite, RtlAllocateAndInitializeSid, RtlCompareMemory, NtFilterToken, NtClose, RtlFreeSid, RtlNtStatusToDosError, EtwEventRegister, NtOpenThread, NtOpenThreadToken, RtlUnhandledExceptionFilter, NtReplyPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCompleteConnectPort, NtCreatePort, NtDuplicateToken, NtSetInformationThread, RtlInitializeCriticalSection, NtConnectPort, NtOpenProcess, NtOpenEvent, RtlInitUnicodeString, NtCreateEvent, NtQueryInformationProcess, NtQuerySystemInformation, RtlImageNtHeader, NtRequestWaitReplyPort, RtlDeleteCriticalSection, EtwTraceMessage, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle

rpcrt4.dll

I_RpcBindingInqLocalClientPID

slc.dll

SLGetWindowsInformationDWORD

user32.dll

RegisterDeviceNotificationW, UnregisterDeviceNotification, GetSystemMetrics, CloseDesktop, SetThreadDesktop, GetThreadDesktop, OpenInputDesktop, UnregisterUserApiHook

Export table

CreateHardwareEventMoniker

DllInstall

DllRegisterServer

DllUnregisterServer

HardwareDetectionServiceMain

ThemeServiceMain

shsvcs.dll

Windows Shell Services Dll by Microsoft

Remove shsvcs.dll

Version:	6.00.2900.5853 (xpsp_sp3_qfe.090727-1747)
MD5:	8a34f9730a2206726b1be4dc4209cab9
SHA1:	15928d99317a803db1ccb4830e2223fa40c4b068
SHA256:	67f6276cb85a19d178a7db0d8a4c0284123e72dcf1f6275b458ea850b865c0cd

This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

shsvcs.dll is loaded as dynamic link library that runs in the context of a process. The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). This version is installed on Windows XP.

Details

File name:	shsvcs.dll
Publisher:	Microsoft Corporation
Product name:	Windows Shell Services Dll
Description:	Microsoft® Windows® Operating System
Typical file path:	C:\Windows\System32\shsvcs.dll
Original name:	SHSVCS.DLL.MUI
File version:	6.00.2900.5853 (xpsp_sp3_qfe.090727-1747)
Product version:	6.00.2900.5853
Size:	132 KB (135,168 bytes)
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
Code language:	Microsoft Visual C# / Basic .NET
.NET CLR:	Yes
.NET NGENed:	No

More details

Behaviors

Hosted services

Runs as a shared service under the Windows svcHost

Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'
Shared name is 'ShellHWDetection'

Distribution by Windows OS

OS version	distribution
Windows 7 Home Premium	50.50%
Windows 7 Ultimate	28.50%
Windows 7 Professional	11.00%
Windows 7 Home Basic	2.50%
Windows 8 Pro	2.00%
Windows 7 Starter	1.50%
Windows 7 Enterprise	1.00%
Windows Vista Home Premium	0.50%
Windows 8 Enterprise Evaluation	0.50%
Windows Se7en Titan	0.50%
Windows 8 Pro with Media Center	0.50%
Windows 8	0.50%
Windows Vista Business	0.50%

Distribution by country

United States installs about 37.24% of Windows Shell Services Dll.

Distribution by PC manufacturer

PC Manufacturer	distribution
Dell	23.26%
Hewlett-Packard	16.67%
ASUS	15.50%
Acer	13.57%
Toshiba	6.20%
Sony	5.43%
Lenovo	4.65%
Intel	3.10%
GIGABYTE	2.71%
Samsung	2.33%
MSI	1.55%
Alienware	0.78%
Gateway	0.78%
NEC	0.78%
Compaq	0.78%
Medion	0.78%
American Megatrends	0.78%
Sahara	0.39%

Remove Adware and Spyware Programs, FREE Download!