Should I block it?

No, this file is 100% safe to run.

Additional versions

6.3.9600.16384 (winblue_rtm.130821-1623)	0.58%
6.2.9200.16384 (win8_rtm.120725-1247)	1.75%
6.2.9200.16384 (win8_rtm.120725-1247)	4.47%
6.2.8400.0 (winmain_win8rc.120518-1423)	0.19%
6.2.8102.0 (winmain_win8m3.110823-1455)	0.19%
6.1.7600.16385 (win7_rtm.090713-1255)	14.56%
6.1.7600.16385 (win7_rtm.090713-1255)	22.91%
6.0.6000.16386 (vista_rtm.061101-2205)	0.39%
6.0.6000.16386 (vista_rtm.061101-2205)	0.39%
6.0.6000.16386 (vista_rtm.061101-2205)	2.91%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710)	0.39%
5.1.2600.5512 (xpsp.080413-2108)	30.29%
5.1.2600.5512 (xpsp.080413-2108)	1.55%
5.1.2600.5512 (xpsp.080413-2108)	0.39%
5.1.2600.5512 (xpsp.080413-2108)	2.14%
5.1.2600.5512 (xpsp.080413-2108)	2.72%
5.1.2600.5512 (xpsp.080413-2108)	0.19%
5.1.2600.5512 (xpsp.080413-2108)	0.39%
5.1.2600.5512 (xpsp.080413-2108)	0.97%
5.1.2600.5512 (xpsp.080413-2108)	0.19%
5.1.2600.5512 (xpsp.080413-2108)	0.78%
5.1.2600.5512 (xpsp.080413-2108)	0.58%
5.1.2600.5512 (xpsp.080413-2108)	0.19%
5.1.2600.5512 (xpsp.080413-2108)	0.19%
5.1.2600.5512 (xpsp.080413-2108)	0.19%
View more
5.1.2600.3311 (xpsp.080212-0003)	0.39%
5.1.2600.3300 (xpsp.080125-2027)	0.19%
5.1.2600.3244 (xpsp.071030-1534)	0.19%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	8.35%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.39%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.19%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.19%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.19%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.19%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	0.19%

PE file structure

Show functions

Import table

advapi32.dll

LsaOpenPolicy, LsaFreeMemory, LsaClose, LsaQueryInformationPolicy, OpenThreadToken, GetTokenInformation, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, AccessCheck, AreAllAccessesGranted, MakeAbsoluteSD, RegisterServiceCtrlHandlerExW, SetServiceStatus, RegCreateKeyW, RegisterEventSourceW, ReportEventW, DeregisterEventSource, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, InitializeSecurityDescriptor, SetSecurityDescriptorControl, InitializeAcl, AddAccessDeniedAce, AddAccessAllowedAce, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegQueryValueExW, RegSetValueExW, RegDeleteValueW, RegOpenKeyW, ImpersonateSelf, RevertToSelf, FreeSid, AllocateAndInitializeSid, CheckTokenMembership, RegCloseKey

api-ms-win-core-delayload-l1-1-1.dll

ResolveDelayLoadedAPI, DelayLoadFailureHook

api-ms-win-core-errorhandling-l1-1-0.dll

RaiseException, GetLastError, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter

api-ms-win-core-errorhandling-l1-1-1.dll

SetLastError, GetLastError, RaiseException, SetUnhandledExceptionFilter, UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0.dll

FlushFileBuffers, GetFileSize, SetEndOfFile, SetFilePointer, DeleteFileW, CreateFileW, FindVolumeClose, FindFirstVolumeW, GetVolumeInformationW, GetDriveTypeW, FindNextVolumeW

api-ms-win-core-file-l1-2-0.dll

FlushFileBuffers, SetEndOfFile, FindVolumeClose, FindNextVolumeW, GetFileSize, GetDriveTypeW, DeleteFileW, CreateFileW, GetVolumeInformationW, FindFirstVolumeW, SetFilePointer

api-ms-win-core-file-l2-1-0.dll

ReadDirectoryChangesW, MoveFileExW

api-ms-win-core-handle-l1-1-0.dll

CloseHandle

api-ms-win-core-interlocked-l1-1-0.dll

InterlockedDecrement, InterlockedExchange, InterlockedCompareExchange, InterlockedIncrement

api-ms-win-core-interlocked-l1-2-0.dll

InterlockedCompareExchange, InterlockedIncrement, InterlockedDecrement, InterlockedExchange

api-ms-win-core-io-l1-1-0.dll

CancelIoEx, GetOverlappedResult, DeviceIoControl

api-ms-win-core-io-l1-1-1.dll

GetOverlappedResult, DeviceIoControl, CancelIoEx

api-ms-win-core-localization-l1-1-0.dll

LCMapStringW

api-ms-win-core-localization-l1-2-0.dll

LCMapStringW

api-ms-win-core-localregistry-l1-1-0.dll

RegCloseKey, RegOpenKeyExW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW

api-ms-win-core-misc-l1-1-0.dll

LocalAlloc, Sleep, LocalFree

api-ms-win-core-processthreads-l1-1-0.dll

GetCurrentThreadId, CreateThread, GetCurrentProcessId, TerminateProcess, GetCurrentThread, OpenThreadToken, OpenThread, OpenProcessToken, GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1.dll

CreateThread, GetCurrentProcess, GetCurrentThreadId, GetCurrentProcessId, OpenThreadToken, GetCurrentThread, OpenProcessToken, OpenThread, TerminateProcess

api-ms-win-core-profile-l1-1-0.dll

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0.dll

RegOpenKeyExW, RegDeleteValueW, RegSetValueExW, RegCloseKey, RegCreateKeyExW, RegQueryValueExW

api-ms-win-core-string-l1-1-0.dll

WideCharToMultiByte

api-ms-win-core-synch-l1-1-0.dll

ResetEvent, CreateEventW, InitializeCriticalSection, DeleteCriticalSection, SetEvent, LeaveCriticalSection, EnterCriticalSection

api-ms-win-core-synch-l1-2-0.dll

SetEvent, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, ResetEvent, CreateEventW, Sleep, DeleteCriticalSection

api-ms-win-core-sysinfo-l1-1-0.dll

GetSystemTime, GetTickCount, GetSystemTimeAsFileTime, SystemTimeToFileTime

api-ms-win-core-sysinfo-l1-2-0.dll

GetSystemTimeAsFileTime, GetTickCount, GetSystemTime

api-ms-win-core-timezone-l1-1-0.dll

SystemTimeToFileTime

api-ms-win-security-base-l1-1-0.dll

RevertToSelf, GetTokenInformation, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, AccessCheck, AreAllAccessesGranted, MakeAbsoluteSD, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, InitializeSecurityDescriptor, SetSecurityDescriptorControl, InitializeAcl, AddAccessDeniedAce, AddAccessAllowedAce, AdjustTokenPrivileges, ImpersonateSelf, FreeSid, AllocateAndInitializeSid, CheckTokenMembership

api-ms-win-security-base-l1-2-0.dll

InitializeAcl, RevertToSelf, SetSecurityDescriptorOwner, AdjustTokenPrivileges, GetTokenInformation, AddAccessAllowedAce, InitializeSecurityDescriptor, FreeSid, AllocateAndInitializeSid, SetSecurityDescriptorGroup, SetSecurityDescriptorControl, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, CheckTokenMembership, MakeAbsoluteSD, AccessCheck, AreAllAccessesGranted, ImpersonateSelf

api-ms-win-service-core-l1-1-0.dll

RegisterServiceCtrlHandlerExW, SetServiceStatus

api-ms-win-service-core-l1-1-1.dll

SetServiceStatus, RegisterServiceCtrlHandlerExW

api-ms-win-service-private-l1-1-0.dll

I_ScRegisterDeviceNotification, I_ScUnregisterDeviceNotification

kernel32.dll

LoadLibraryExA, FreeLibrary, GetProcAddress, DelayLoadFailureHook, ReadDirectoryChangesW, UnregisterWait, MoveFileW, MoveFileExW, GetComputerNameW, GetCurrentThread, LCMapStringW, OpenThread, WideCharToMultiByte, DeviceIoControl, GetDriveTypeW, GetVolumeInformationW, LocalAlloc, LocalFree, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, InterlockedExchange, FindFirstVolumeW, FindNextVolumeW, FindVolumeClose, GetTickCount, CreateFileW, GetOverlappedResult, SetEvent, Sleep, CreateEventW, CloseHandle, DeleteFileW, ResetEvent, SetFilePointer, SetEndOfFile, GetFileSize, InterlockedDecrement, InterlockedIncrement, SetLastError, GetLastError, CancelIo, InterlockedCompareExchange, FlushFileBuffers, GetSystemTime, SystemTimeToFileTime, RaiseException, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, QueryPerformanceCounter, UnregisterWaitEx

msvcrt.dll

DllMain

netapi32.dll

NetApiBufferFree, DsGetDcNameW, NetShareEnum, NetApiBufferAllocate

ntdll.dll

NtFsControlFile, RtlCreateSystemVolumeInformationFolder, RtlFreeUnicodeString, RtlDosPathNameToNtPathName_U, NtQueryVolumeInformationFile, RtlDeregisterWaitEx, RtlRegisterWait, RtlNtStatusToDosError, NtClose, NtWaitForSingleObject, NtReadFile, NtWriteFile, NtCompleteConnectPort, NtAcceptConnectPort, NtReplyPort, NtReplyWaitReceivePortEx, NtConnectPort, RtlInitUnicodeString, NtSetEvent, NtClearEvent, NtOpenEvent, NtCreateWaitablePort, RtlSetThreadErrorMode, NtCreateFile, RtlUnicodeStringToOemString, RtlDowncaseUnicodeString, RtlOemStringToUnicodeString, RtlInitString, NtSetVolumeInformationFile, NtOpenFile, NtQueryInformationFile, NtCancelTimer, NtCreateTimer, NtSetTimer, NtQueryDirectoryFile, RtlCompareMemoryUlong, RtlFreeHeap

rpcrt4.dll

RpcServerUseProtseqEpW, I_RpcBindingInqTransportType, RpcCancelThread, RpcServerUnregisterIf, RpcBindingVectorFree, RpcStringBindingComposeW, RpcEpUnregister, RpcBindingSetAuthInfoW, RpcBindingFree, RpcServerRegisterAuthInfoW, RpcBindingToStringBindingW, RpcStringBindingParseW, RpcEpRegisterW, RpcServerRegisterIfEx, RpcServerInqBindings, RpcStringFreeW, RpcAsyncCompleteCall, NdrAsyncServerCall, NdrServerCall2, RpcMgmtSetCancelTimeout, RpcRevertToSelf, RpcBindingFromStringBindingW, RpcImpersonateClient, NdrClientCall2, UuidCreate

user32.dll

UnregisterDeviceNotification, RegisterDeviceNotificationW

Export table

ServiceMain

SvchostPushServiceGlobals

trkwks.dll

Distributed Link Tracking Client by Microsoft

Remove trkwks.dll

Version:	5.1.2600.5512 (xpsp.080413-2108)
MD5:	548867e040cb81a82b5df09d074f95f8
SHA1:	be95efede68fdb68f642add9087b500d0dca2020
SHA256:	b3d488051473d15c35cfd7b5536488d6c2cf6c139f0ab94173e176b61e83e85f

This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is trkwks.dll?

You can use the Distributed Link Tracking Server service and the Distributed Link Tracking Client service to track links to files on NTFS-formatted partitions. Distributed Link Tracking tracks links in scenarios where the link is made to a file on an NTFS volume, such as shell shortcuts and OLE links.

About trkwks.dll (from Microsoft)

“Distributed Link Tracking consists of a client service and a server service. The Distributed Link Tracking Server service runs exclusively on Windows Server-based domain controllers. It stores informa”

Details

File name:	trkwks.dll
Publisher:	Microsoft Corporation
Product name:	Distributed Link Tracking Client
Description:	Microsoft® Windows® Operating System
Typical file path:	C:\Windows\System32\trkwks.dll
Original name:	trkwks.dll.mui
File version:	5.1.2600.5512 (xpsp.080413-2108)
Product version:	5.1.2600.5512
Size:	88 KB (90,112 bytes)
Digital DNA
PE subsystem:	Windows Console
File packed:	No
Code language:	Microsoft Visual C# / Basic .NET
.NET CLR:	Yes
.NET NGENed:	No

More details

Behaviors

Hosted services

Runs as a shared service under the Windows svcHost

Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'
Shared name is 'TrkWks'

Distribution by Windows OS

OS version	distribution
Windows 7 Ultimate	29.00%
Windows 7 Home Premium	26.00%
Windows 7 Ultimate N	25.50%
Windows 7 Professional	8.50%
Windows 8 Pro	4.00%
Windows 7 Home Basic	1.50%
Windows 7 Starter	1.50%
Windows Seven Black Edition	1.00%
Windows Vista Business	0.50%
Windows 8 Enterprise	0.50%
Windows Vista Home Premium	0.50%
Windows Vista™ Home Premium	0.50%
Microsoft Windows 7 Professional	0.50%
Windows Vista Ultimate	0.50%

Distribution by country

United States installs about 41.34% of Distributed Link Tracking Client.

Distribution by PC manufacturer

PC Manufacturer	distribution
Hewlett-Packard	18.69%
ASUS	16.82%
Acer	15.89%
Dell	14.95%
Toshiba	13.08%
Intel	5.61%
Lenovo	5.61%
NEC	3.74%
Samsung	2.80%
Alienware	0.93%
American Megatrends	0.93%
GIGABYTE	0.93%

Remove Adware and Spyware Programs, FREE Download!