www.vinodkeezhayil.com - Windows Services

List of Windows XP/NT services

Name	Status	Filename	Description
@%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc)	L	wmpnetwk.exe	Related to Windows_Media_Player Network Sharing Service. Note: Located in %ProgramFiles%\Windows Media Player\
@%SystemRoot%system32qwave.dll,-1 (QWAVE)	L	svchost.exe	Part of Windows Vista
Belgium Identity Card Service (BELGIUM_ID_CARD_SERVICE)	L	Belpic PCSC Service.exe	Belgium Identity Card Middleware from Zetes/CSC
Dell Printer Status Database (DLSDB)	?	DLSDBNT.EXE	Related to Dell_Printers Note: Located in C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\
license	L	lic_srv.exe	Transbase® CD, http://www.transaction.de/ permits the distribution of data base contents on CD/DVD ROM and a following actualization of the data over the Web to Transbase® CD unites in ideal way variable and static data. Note: Located in c:\opt\MBCASE\pm\bin
LXCCCustomerConnect	L	LXCCserv.exe	Related to Lexmark printers Note: Located in %windir%\System32\spool\DRIVERS\W32X86\3\\LXCCserv.exe
Network Windows Service (MSWindows)	X	urdvxc.exe	Added by the W32/Allaple-B WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
pcAnywhere Install Service - Symantec Corporation	L	pca_run.exe	Part of Symantec PCAnywhere
Remote Debug Services	X	smsc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Security Platform Management Service (IFXSpMgtSrv)	L	IFXSPMGT.exe	Related to Security_Platform_Management Service from Infineon Technologies. Note: Located in C:\WINDOWS\system32\
Shell Software Detection (ShellSWDetection)	X	shellsw.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
SolidWorks Licensing Service	L	SolidWorksLicensing.exe	Part of a SolidWorks product
Windows Zero Connection (WinZConn)	?	mswnt.exe	Probable backdoor trojan
Wireless Adapter Configurator	L	WirelessDaemon.exe	Related to BT's home hub products
$sys$aries	X	aries.sys	Added by the SonyBMG_First4DRM ROOTKIT! Read the link, rootkit type stealth involved. Thanks Sony.
%NVSVC.name%	L	nvsvc32.exe	NVidia driver
(Any service name)	O	srvany.exe	This utility allows running Windows NT\2000\XP applications as services. Can also be used to load Malware. See Explanation ... Example of how to find the file being loaded with Service name iOpusService
(non-roman characters)	X	sServer.exe	Added by the Troj/Feutel-AB TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
(random file name without extension)	X	(random file name).sys	Added by the TROJ_ROOTKIT.AI TROJAN! Read the link, rootkit type stealth involved.
(random name)	X	window.exe	Troj/Hupigon-BS Note: Located in %windir% Read the link, steals information and allows remote access
(Random) See description	X	irjit.dll	Added by the Backdoor.CVM TROJAN! Note: This trojan file is found in the System or System32 folder. Check the link for the list of random service names.
(special characters) (myserver)	X	myserver.exe	Added by the Troj/Dropper-BR TROJAN!
*Microsoft Update	X	wstcl.exe	No from Microsoft.
*Microsoft Update	X	wuytc.exe	unknown virus
*windows update	X	wsctl.exe	malware virus. possibly "Win32.Rbot.gen"
*windows update	X	wuaucrlt.exe	Added by the W32.Spybot.HUR WORM!
*wuauclt.exe	X	random	Related to WORM_RBOT.AKU or variant.
.NET Framework Service	X	svchost.exe	"Trojan-PSW.Win32.Sagic.15" Virus
.NET Framework Service (.NET Connection Service)	X	svchost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ Note The proper location for that operating file is in C:\%WINDIR%\System32
.NET Runtime Optimization Service v2.0.50215_X86 (clr_optimization_v2.0.50215_32)	L	mscorsvw.exe	Related to Microsoft_NET_Framework NET Runtime Optimization Service.
1784-PCIDS DeviceNet	?	PcidsService.exe	Appears to be from Rockwell software
1789-SIM Simulator Module (SimModuleService)	?	SimModuleService.exe	Appears to be from Rockwell software
19E7E238	X	19E7E238.EXE	Troj/Agent-ELX
32-bit Installation Host (inst32)	X	inst32.exe	Added by the W32/Chinegan-A WORM! Note: This worm is located in C:\Program Files\Common Files\inst32\
32-bit Registration Host (reghost32)	X	reghost32.exe	Added by the W32/Rbot-GKR WORM! Note: This worm is located in C:\Program Files\Common Files\System\
39672EA4	X	39672EA4.EXE	Troj/GrayBir-EW
3Com DMI Agent	L	3CDMINIC.EXE	3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
3ComBOOTP	L	3CBOOTPS.EXE	A 3Com Product Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment. Note: Located in Drive:\Program Files\3Com\Boot Services
3ComPXE	L	3CPXES.EXE	A 3Com Product Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment. Note: Located in Drive:\Program Files\3Com\Boot Services
3ComTFTP	L	3CTFTPS.EXE	A 3Com Product Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment. Note: Located in Drive:\Program Files\3Com\Boot Services
3dkeybd	O	3dkeybd.exe	Unknown... No answers on the net.
64Bit architecture emulation (wrmsrvice)	X	WRMSRVICE.SYS	Added by the TROJ_ROOTKIT.AG TROJAN! Read the link, rootkit type stealth involved.
80xFire daemon (80xFire)	X	80xFire.exe	Added by the W32/Tilebot-BK WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
9F9DF57C	X	(random name)	Troj/DwnLdr-GUT
@%SystemRoot%ehomeehstart.dll,-101 (ehstart)	L	svchost.exe	Windows Media Center Service Launcher in the Windows Vista edition
@%SystemRoot%system32seclogon.dll,-7001 (seclogon)	L	svchost.exe	Part of Windows Vista
a-squared Free Service (a2free)	L	a2service.exe	Related to a-squared free edition, from Emsi Software GmbH
aaksrv	L	aaksrv.exe	Spydex Advanced Anti keylogger
AAMQDispatcher	L	AAMQDispatcherService.exe	Compuware Serversoftware
ABCSpell Helper Service	L	ABCSpellService.exe	Spell checker (Ect, ect) for Outlook Express. For more information Click_Here
Abel	X	Abel.exe	Source: http://www.pestpatrol.com/PestInfo/C/Cain.asp
abhcop	X	abhcop.sys	Added by the PigSearch Adware. Read the link, rootkit type stealth involved.
AC	X	acoustic.exe	Added by the SDBOT.CRN WORM! Read the link, rootkit type stealth involved.
Ac Profile Manager Service (AcPrfMgrSvc)	L	AcPrfMgrSvc.exe	Related to the Ac_Profile_Manager_Service installed as a part of ThinkPad Access Connections suite on ThinkPad laptops. Note: Located in C:\Program Files\ThinkPad\ConnectUtilities\
AC-DNAME (AC-DNAME)	X	acoustic.exe	Added by the SDBOT.CFN WORM! Read the link, rootkit type stealth involved.
Accenture Media Viewer (MediaViewer)	L	streamviewerservice.exe	Related to Accenture_Media_Viewer
Access Remote PC Service 4.3	O	rpcsetup.exe	Access_Remote_PC remote access software. Legitimate, but remote access could be considered dangerous unless monitored carefully.
ACMService (ACMService)	L		Added by the ACM SPYWARE! **Note this is a commercial computer monitoring software
ACNUSvc	L	acnupdatersvc.exe	Related to Accenture global management consulting, technology services and outsourcing company Note: Located in c:\program files\acnu\
Acronis Scheduler2 Service (AcrSch2Svc)	L	schedul2.exe	Related to Acronis_True_Image creates the exact copy of your hard disk and allows you to instantly restore the entire machine including operating system. Note: Located in C:\Program Files\Common Files\Acronis\Schedule2\
Active Virus Shield (AVP)	L	avp.exe	Related to Active_Virus_Shield from AOL. Note: Located in C:\Program Files\AOL\Active Virus Shield\
ActiveXperts Network Monitor (AxsNmSvc)	L	AxsNmSvc.exe	Added by ActiveXperts_Network_Monitor allows administrators to monitor the network for failures and irregularities. Note: Located in C:\Program Files\ActiveXperts\
Actuate Process Management Daemon 8 (__AC_PROCESS_MGMT_DAEMON8)	L	pmd8.exe	Actuate_Enterprise Reporting Applications for business intelligence analytic services
Ad-Aware 2007 Service (aawservice)	L	aawservice.exe	Related to Ad-Aware_2007 anti-spyware solution. This program can find and remove spyware and malware from your computer. Note: Located in C:\Program Files\Lavasoft\
Ad-Axis Client	L	aaclient.exe	Related to Lavasof's Ad-Aware SE Enterprise Edition 2005
Adaptador de rendimiento de WMI	L	wmiapsrv.exe	Windows Management Instrumentation Performance Adapter Service Windows XP and 2003. Note: Located in C:\WINDOWS\System32\wbem\wmiapsrv.exe
Adaptec I/O Manager Server	L	iomgr.exe	Related to Adaptec product
Adaptec RAID Remote Services Agent	L	afaagent.exe	Related to Adaptec, Inc.
Adaptec Storage Manager Notifier	L	notify.exe	Related to Adaptec procuct
Adaptec Web Server	L	arcpd.exe	Related to Adaptec procuct.
AdaptecStorageManagerAgent	L	StorServ.exe	Related to Adaptec Incorporated
Adapter Switching	L	RoamSvc.exe	Intel Adapter Switching
AddFiltr	L	AddFiltr.exe	Found on HP computers
ADF Installer Service (ADF Installer)	L	AgentSVC.exe	Related to Citrix Installation Manager Service
Admin Works Agent X8 (AWService)	L	awServ.exe	Related to AdminWorks from Avocent Corporation. A cost effective IT management software tool for small and medium size businesses. Note: Located in C:\Program Files\Intel\IDU\
AdministraciÃ³e aplicaciones	L	services.exe	Spanish Windows 2000 applications managing
Administrador de cuentas de seguridad	L	lsass.exe	Spanish Windows 2000 security accounts manager
Administrador de discos	L	services.exe	Spanish Windows 2000 disks manager
Administrador de sesiÃ³e Ayuda de escritorio remoto	L	sessmgr.exe	This service manages and controls Remote Assistance
Administrador de utilidades	L	UtilMan.exe	Spanish Windows 2000 utility manager
Adobe Active File Monitor	L	PhotoshopElementsFileAgent.exe	Related to Adobe photoshop.
Adobe LM Service	L	Adobelmsvc.exe	Required for PhotoshopCS
Adobe Update Manager (Adobe3M)	X	mshss.exe	Added by the Troj/Wollf-B TROJAN! Note: This worm\trojan file is found in the System32 folder.
Adobe Version Cue CS2	L	VersionCueCS2.exe	Related to Adobe Products
AdobeVersionCue	L	VersionCue.exe	Adobe related
ADSService	L	ADSSER~1.EXE	Related to Aluria_Active_Defense_Shield Service. An EarthLink Co. Note: Located in C:\Program Files\EarthLink\Protection Control Center\
Advanced Networking Service (hnmsvc)	L	hnm_svc.exe	Related to Advanced_Networking_Service from Dell. Note: Located in %\Program Files%\Dell Network Assistant\
Advantage Database Server	L	ADS.EXE	Related to Extended Systems' Advantage_Database_Server
AEClientHostService	L	AEClientHostService.exe	Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\Program Files\GE Fanuc\Alarm Viewer\Host\
Age of Empires III: The WarChiefs	X	ageofempires.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\dllcache\ (Win9x/Me), C:\%WINDIR%\dllcache\ (XP/WinNT/2K)
Agente de directivas IPSEC	L	lsass.exe	Spanish Windows 2000 IPSEC policy agent
Agere Modem Call Progress Audio (AgereModemAudio)	L	agrsmsvc.exe	Related to Agere_Modem Call Progress Audio. (Now owned by LSI Corp.) Note: Located in C:\Windows\system32\
Agere Service (AgrSrvce)	L	AgrSrvce.exe	Related to Proxim_Corp Client manager software associated with the ORiNOCO wireless LAN card.
AIM (AIM)	X	aim.exe	Added by the W32/Rbot-AGC or W32/Sdbot-BFX WORM! Read the link, rootkit type stealth involved.
Aim Version 6 (Aimv6)	X	aim6.exe	Identified as the Rbot.cgu infection. This infection is part of the family of worms and IRC backdoors. Note: This worm is located in C:\WINDOWS\Cursors\
aim.ex	X	IEXPLORER.EXE	Added by the SDBOT.COW WORM! Read the link, rootkit type stealth involved.
Alerter	L	svchost.exe	Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
AlfaCleanerService	X	ACServer.exe	AlfaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware. This program tends to be installed with other known Smitfraud infections.
ALGE	X	Hacker.com.cn.exe	Troj/GrayBr-CP Read the link, allows remote access
Almacenamiento protegido	L	services.exe	Spanish Windows 2000 protected storage
Altera JTAG Server (JTAGServer)	L	JTAGServer.exe	Related to Altera Quartus II Software. Note: Located in C:\altera\quartus50\bin\
Alternative User Input Services (Ctfmon)	X	ctfmon.exe	Added by the W32/Tilebot-JR WORM! Note: This worm is located in C:\%WINDIR%\ Note This is not the cftmon.exe normally found in C:\WINDOWS\System32\
Altiris Agent (AeXNSClient)	L	AeXNSAgent.exe	Related to Alteris services. http://www.altiris.com
Altiris Carbon Copy (CarbonCopy32)	L	ccsrvc.exe	Related to Alteris services. http://www.altiris.com
Altiris Client Service	L	ACLIENT.exe	Related to Altiris, Inc.
Altiris eXpress NS Client (AeXNSClient)	L	AeXNSClient.exe	Related to Altiris_eXpress NS Database and SVS (Software Virtualization Services).
Altiris eXpress NS Client Transport (AeXNSClientTransport)	L	AeXNSClientTransport.exe	Related to Altiris_eXpress NS Database and SVS (Software Virtualization Services).
Aluria Message Service (MsgSrvService)	L	AluriaMsgSrv.exe	Aluria security center
Aluria Security Center Spyware Eliminator Service (ASCService)	X	ascserv.exe	Aluria Spyware Eliminator "Spyware remover" a rogue program of dubious repute - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "Alura"
Aluria Spyware Eliminator Service	O	ASEServ.exe	Aluria Spyware Eliminator
AL_ADSService	X	AL_ADSService.exe	Aluria Spyware Eliminator "Spyware remover" a rogue program of dubious repute - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "Alura"
Amadeus Automatic Update	L	AutoUpdate.exe	Related to Amadeus powerful front office travel management tool. Note: Located in C:\Program Files\Automatic Update\
AMD PowerNow! . Technology Service (GemServ)	L	GemServ.exe	Related to Advanced Micro Devices, Inc. - http://www.amd.com/
Ampi32 (wdfmgr)	X	msvcrt.exe	Added by the W32/Tilebot-Q WORM! Note: This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Analysis Server (MSSQLSERVER) (MSSQLServerOLAPService)	L	msmdsrv.exe	Related to Microsoft_SQL_server suite.
ANIWZCSd Service	L	ANIWZCSdS.exe	Related to Alpha_Networks
AntiSpyUltra (Zonelaps)	X	vsmom.exe	Added by the W32/Tilebot-E WORM! Read the link, rootkit type stealth involved.
AntiVir PersonalEdition Classic Guard (AntiVirService)	L	avguard.exe	Part of Antivir
AntiVir Scheduler (AntiVirScheduler)	L	sched.exe	Related to AntiVir antivirus program.
AntiVir Service	L	AVGUARD.EXE	AntiVir antivirus
AntiVir Update	L	AVWUPSRV.EXE	AntiVir Antivirus
antivirus32	X	antivirus32.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
antivirusdll	X	winmsgslive.exe	Added by the W32/Sdbot-CXQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Modifies some FTP files, read the link
ANTS Profiler service	L	RedGate.Profiler.Service.exe	Related to Red Gate Software Ltd
AnyPoint Service - Intel Corporation	L	APSERVER.EXE	Belongs to Intel_Anypoint home networking system
AOL Antivirus Update Service (aolavupd)	L	aolavupd.exe	Related to AOL Antivirus Update Service.
AOL Connectivity Service	L	AOLAcsd.exe	Owner: America Online. Description: AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Also shown as AOL Connectivity Service (AOL ACS).
AOL Connectivity Service	L	acsd.exe	AOL related
aol software (Aol Software)	X	smss.exe	Added by the W32/Tilebot-FM WORM! Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Allows a remote intruder to gain access and control over the computer, read the link.
AOL Spyware Protection Service	L	aolserv.exe	Related to AOL
AOL TopSpeed Monitor	L	aoltsmon.exe	AOL Topspeed
Apache	L	Apache.exe	Apache Web Server Software
Apache2	L	Apache.exe	Apache Web Server
APACS+ NIM32 (NIM32)	L	Nim32.exe	Related to Siemens Energy & Automation Platform. Note: located in C:\Program Files\ProcessSuite\NIM\
APC PBE Server	L	pbeserver.exe	APC PowerChute Business Edition Server (For UPS)
APC UPS Service	L	mainserv.exe	Related to American Power Conversion Corporation
AppExpress Client	L	ece.exe	Related to Endeavros Technology, Inc and Microsoft_Encarta
Application Layer Gateway (Application Gateway Service)	X	WeRecl.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. More here
Application Layer Gateway Manager (AppLayerGatewayMgr)	X	alg.exe	Added by W32/Tilebot-EU WORM!, Note: not to be confused with see_Here located in C:\Windows\System32\ this infection is locate in C:\Windows\
Application Layer Gateway Service (ALG)	L	alg.exe	Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall located in C:\Windows\System32\
Application Layer Gateway Services	X	alg.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\
Application Layer Gateway System (ALGS)	X	algsys.exe	Added by the W32/Rbot-DDF WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Application Layer Service	X	weRecv.exe	Added by the SystemPoser TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Application Layer Service (algserv)	X	algserv.exe	Troj/Agent-ECW Note: Located in %windir%\system32
Application Layer Service Control (applilserv)	X	applayer.ex	W32/Rbot-GHL Note: Located in %windir%\system32 Read the link, allows remote access
Application State Service (AppSvc)	X	apsvc.exe	Added by the W32/Rbot-FWW WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
AppMgmt	X	svchost.exe -k AppMgmt	Added by the Fuwudoor TROJAN!
AppnNode	L	appnnode.exe	Related to IBM_Server Note: Located in C:\WINDOWS\system32\Drivers\
ARC Plugin (ARCPLUG)	X	arci.exe	Added by the W32/Tilebot-HB WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Steal information from Protected Storage
ArcaBit NetMonitor (ABNetMon)	L	NetMonSV.exe	ArcaVir an AntiVirus software from Poland. A procuct of ArcaBit Sp. z o.o
ArchestrA Logger (aaLogger)	L	aaLogger.exe	Related to ArchestrA Software architecture for the integration of your automation systems.
Ares Chatroom server (AresChatServer)	L	chatServer.exe	Related to the Ares P2P software
Argos Billing Dialog	L	WorkstationMonitor.exe	Related to Argos_Billing_Dialog from Sepialine inc. Print Monitor. Note: Located in c:\Program Files\Sepialine\Argos Print Monitor\
ArGoSoft Mail Server Plus	L	mailservernt.exe	Related to ArGo Software Design Mail Server
Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9)	L	arr_srvs3,0,1,9.exe	Related to SSL_VPN SSL VPN Secure Access Gateways from Array Networks. Anytime, anywhere secure access. Note: Located in C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\
Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3)	L	arr_isrv4,0,1,3.exe	Related to SSL_VPN SSL VPN Secure Access Gateways from Array Networks. Anytime, anywhere secure access. Note: Located in C:\Program Files\Array Networks\Common\4,0,1,3\
Ascent Capture Service	L	acsvc.exe	Related to Kofax Image Products.
ASF Agent	L	ASFAgent.exe	Intel Alert Standard Format Console - asfagent.exe is a part of a systems management suite bundled with other applications, mainly Dell's OpenManage.
AshampooDefragService	L	aDefragService.exe	Related to Ashampoo Magic Defrag Utility
ASMAgent	L	ASMAgent.exe	Related to ASAP_eSMART Smart Asset Management tool.
ASNFTP daemon (ASNFTPD)	X	AsnFtpd.exe	Added by the W32/Tilebot-BD WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
ASP.NET (State Service)		ASP.NET.exe	Troj/GrayBir-EC Note: Located in %windir% Read the link allows remote access
ASP.NET State Service (aspnet_state)	L	aspnet_state.exe	Related to Microsoft Windows Operating System and is the ASP State Service.
Asset Insight Client (AICLIENT)	L	Aiclient.EXE	Asset Insight from Tangram - http://castlecops.com/s1883-AICLIENT_EXE.html
Asset Management Agent	L	UMCSTUB.EXE	Related to Unicenter Asset Management by Computer_Associates
Asset Management Daemon	L	dtsslsrv.exe	Display configuration software used by several manufacturers under differing names such as Image Tune or EZTune etc... Note: located in C:\Program Files\...
Asus Motherboard Utility (Asus)	X	asus.exe	Added by the WORM_SPYBOT.IY WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
ASUSKeyboardService	L	asuskbservice.exe	Added by ASUS_Keyboard Service and provides additional configuration options for these devices. Note: located in C:\%WINDIR%\
ASWLSVC	L	ASWLSVC.exe	Relate to the ASUS_Wireless_LAN_Card_Services
Asynchronous Load Balance (ySvcHst)	X	srvnst.exe	Added by ServiceThreadHandler.Process TROJAN! Note: located in C:\WINDOWS\System32\
Asynchronous UPnP Support Services	X	UPnPSvc.dll	Troj/PWS-ANB Read the link, steals information
AT Host Service	L	atnthost.exe	Related to WebEx
Atheros Configuration Service	L	acs.exe	related to Atheros Wireless LAN
Ati HotKey Poller	L	Ati2evxx.exe	ATI Video Card Control Panel
ATI Smart	L	ati2sgag.exe	ATI Video Card Control Panel
ATIintergrated (ATIintergrated)	X	atigraphics.exe	Added by the SDBOT.CRX WORM! Read the link, rootkit type stealth involved.
ATK Keyboard Service (ATKKeyboardService)	L	ATKKBService.exe	Related to ASUSTeK_Computer Inc. ASUS Keyboards and provides additional configuration options for these devices.
Audio Adapter (VGADown)	X	avp.exe	Added by an unidentified TROJAN!. Note: This worm\trojan is located in C:\%WINDIR%\
Auto HotKey Poller	X	winpol.exe	Added by a variant of the W32/Malware Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
AutoComplete Service	L	autocomp.exe	Tracks Eraser Pro
Autodata Limited License Service	L	ADCDLicSvc.exe	Related to Autodata Limited
Autodesk Data Management Job Dispatch	L	Connectivity.WindowsService.JobDispatch.exe	Related to Autodesk_Data_Management Web Server. Note: Located in C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\
Autodesk EDM Server	L	Connectivity.EDMWS.Server.exe	Related to Autodesk_Data_Management Web Server. Note: Located in C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\
Autodesk Licensing Service	L	AdskScSrv.exe	Related to Autodesk, Inc.
Autodesk MapGuide® Server 6.3 (MapServer6.3)	L	MapServer.exe	Related to Autodesk Inc.
Autodesk Network Licensing Service	L	AdskNetSrv.exe	Related to Autodesk_Network Licensing service. Note: Located in C:\Program Files\Common Files\Autodesk Shared\Service\
AutoMate 5 (AutoMate5)	L	AutoMate5Svc.exe	Related to Automate from Network Automation, Inc. A Task Service. Note: Located in C:\Program Files\automate\
AutoMate 6 (AutoMate6)	L	AMTS.exe	Related to AutoMate from Network Automation. Tools necessary to completely automate business processes. Note: Located in C:\Program Files\AutoMate 6\
Automatic LiveUpdate Scheduler	L	ALUSchedulerSvc.exe	Related to to the Symantec LiveUpdate service which updates your Symantec products periodically.
Automatic Update Service (Automatic Update)	X	wuapi.exe	Added by the W32/Codbot-AC WORM! Note: This worm\trojan file is found in the System32 folder.
AutoStore (autostore)	L	batch.exe	Related to NSi's AutoStore from Notable Solutions, Inc. Capture documents and securely saving the content in your business applications.
AutoUpdate (Windows Server AutoUpdate)	X	Winupdate.exe	Troj/GrayBrd-CF Note: Located in %windir%\system32 Read the link, allows remote access and logs keystrokes
Av Update Monitor (AvSvcMonitor)	L	AvMonitor.exe	Avast
avast! Antivirus	L	ashServ.exe	Related to Avast AntiVirus
avast! iAVS4 Control Service	L	aswUpdSv.exe	Related to Avast AntiVirus
avast! Mail Scanner	L	ashMaiSv.exe	Related to Avast AntiVirus
avast! Web Scanner	L	ashWebSv.exe	Related to AWIL Software http://www.avast.com/
Avast32 Start as Service	?	avserver.exe	seems to belong to Avast anti-virus software
AVCore (SrvMain)	X	avservice.exe	As of yet Unknown Worm, Trojan or Malware. The file (avservice.exe) is found in the Documents and Settings\All Users\Application Data folder.
Aventail Connect (As32Svc)	L	as32svc.exe	Related to Aventail_Corp
AVG Anti-Spyware Guard (Anti-Malware Development a.s)	L	guard.exe	AVG Anti-virus product.
AVG E-mail Scanner	L	avgemc.exe	Related to AVG anti-virus
AVG Firewall (AVGFwSrv)	L	avgfwsrv.exe	Related to AVG_Firewall Note: located in C:\PROGRA~1\Grisoft\AVG7\
AVG6 Service	L	avgserv.exe	AVG 6 Anti virus
AVG7 Alert Manager Server	L	avgamsvr.exe	Related to AVG Anti-Virus.
AVG7 Resident Shield Service (AvgCoreSvc)	L	avgrssvc.exe	Related to Grisoft_AVG_Resident Shield Service. Note: Located in C:\PROGRAM Files\Grisoft\AVG7\
AVG7 Update Service	L	avgupsvc.exe	Used by the AVG 7 Antivirus program to keep your definitions up to do date. Note : For more information see AVG
avgav.exe (AVG)	X	avgav.exe	W32/Sdbot-DCT Read the link, allows remote access
Avid SDM Service (AvidSDMService)	L	AvidSDMService.exe	Related to Avid_SDM_Service from Avid Technology Note: Located in C:\WINDOWS\system32\
Avid Startup	L	AvidStartup.exe	Associated with Avid_Digital_Media Products
avinitnt	L	avinitnt.exe	Related to Command AntiVirus for Windows Component, made by Command Software Systems, Inc. Which merged with Authentium in 2002.
AVKernel	X	AVKernel.exe	Rouge Anti-Virus Program. Made by WinSoftware, Ltd. For more information on WinAntiVirus 2005 Click_Here Note: Not recommended.
AVM FRITZ!web Routing Service (de_serv)	L	de_serv.exe	Installed alongside DSL drivers from AVM Fritz's range of modem products. http://www.liutilities.com/products/wintaskspro/processlibrary/de_serv/
AVM IGD CTRL Service	L	IGDCTRL.EXE	Related to AVM_IGD_CTRL DSL Service. Note: Located in C:\Program Files\FRITZ!DSL\
AVM WLAN Connection Service	L	WlanNetService.exe	Related to broadband products from avm.de
AVP Control Centre Service	L	avpcc.exe	Kaspersky AntiVirus
AVP UPDATE IONTERFACE A6 (avA6)	X	AVA6.SYS	Added by the DLOADER.AJQ TROJAN! Note: This has also been seen using the Display name AVP update interface A6. This trojan file is found in the System32 folder.
AVP-SE	X	avp-32.exe	WORM_AGOBOT.FS Read the link, allows remote access
AVPX TCP (avpx32)	X	avpx32.sys	Added by the Troj/Haxdoor-AH TROJAN! Read the link, rootkit type stealth involved.
AVPX64 TCP (avpx64)	X	avpx64.sys	Added by the Troj/Haxdoor-AH TROJAN! Read the link, rootkit type stealth involved.
avsinc	L
avsuite (mssuite)	X	msuite.exe	Added by the W32/Sdbot-ABC WORM! Read the link, rootkit type stealth involved.
AVSync Manager	L	Avsynmgr.exe	From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application
AVupdate service interface X2 (avupdate2)	X	avupdate2.sys	Added by the Troj/Hanlo-A TROJAN! Note: This trojan file is located in the System32 folder.
AvUpdSvc	L	avupdsvc.exe	Part of Avast! anti-virus software
â€œRDRIVâ€Â (rdriv)	X	RDRIV.SYS	Added by the TROJ_ROOTKIT.E TROJAN! Read the link, rootkit type stealth involved.
B's Recorder GOLD Library General Service (bgsvcgen)	L	bgsvcgen.exe	Related to B_H_A_Corp B' Recording Gold for CD/DVD burning and authoring software.
BackOnTrack Callback Service (BOTCbs)	L	bcbs_xp.exe	Related to BackOnTrack from System OK. Note: Located in C:\Program Files\SystemOK\BackOnTrack\WinXP\
Backup Exec 8.x Alert Server (BackupExecAlertServer)	L	alertServer.exe	Related to Veritas Software backup tool.
Backup Exec 8.x Notification Server (BackupExecNotificationServer)	L	nsvr.exe	Related to Veritas Software backup tool.
Backup Exec Agent Browser (BackupExecAgentBrowser)	L	benetns.exe	Related to the Backup Exec application from Veritas http://www.liutilities.com/products/wintaskspro/processlibrary/benetns/
Backup Exec Device & Media Service (BackupExecDeviceMediaService)	L	pvlsvr.exe	Related to Veritas Backup Exec and offers essential functionality for Backup Exec. http://www.processlibrary.com/directory/files/pvlsvr/index.php
Backup Exec Job Engine (BackupExecJobEngine)	L	bengine.exe	Backup service for Veritas Backup Exec. This program is essential in keeping backups up to date and should not be terminated. http://www.processlibrary.com/directory/files/bengine/index.php
Backup Exec Naming Service (BackupExecNamingService)	L	benser.exe	Veritas Software Corporation. This is the Backup Exec naming service which is needed in order to achieve some backups and restores. http://www.processlibrary.com/directory/files/benser/index.php
Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator)	L	beremote.exe	process that belongs to Backup Exec from Veritas http://www.liutilities.com/products/wintaskspro/processlibrary/beremote/
Backup Exec Server (BackupExecRPCService)	L	beserver.exe	Related to Veritas Backup Exec. This program is essential in keeping backups up to date and should not be terminated. http://www.processlibrary.com/directory/files/beserver/index.php
BackupClientSvc	L	BackupClientSvc.exe	Related to NovaNet_WEB NovaStor Corp. Online Backup Services.
bbc (cnn)	X	imsins.exe	Troj/Hupigon-U
bbserver	X	bbserver.exe	Troj/Hupigon-PS Note: Located in %windir% Read the link, allows remote access
bcrcogqrkyko	X	mueyzrua5.exe
BeatJam Music Server - HTTP (BeatJamMusicStreamingServer)	L	BeatJamHttpService.exe	See_BeatJam BeatJam Music Server Edition.
BeatJam Music Server - UPnP (BeatJamUPnPMusicServer)	L	BeatJamUPnPService.exe	See_BeatJam Justsystem audio software BeatJam.
Bell & Howell Database Manager (dbmang)	L	DBMANG.EXE	Related to Bell_and_Howell
Bell & Howell Monitor Service (BHMonitorService)	L	monitor.exe	Related to Bell_and_Howell
BelMonitor Service (BelMonitorService)	L	BANTMonitorSvc.exe	Related to Belarc, inc.
BES Client (BESClient)	L	BESClient.exe	Related to BESClient by BigFix Inc
Beyond Remote Server	O	BRServer.exe	Beyond Remote Remote Legitimate, but allows remote access so should be removed if it was not intentionally installed
BGS_SDService	L	BGS_SDservice.exe	Related BMC Software, Inc. - http://www.bmc.com/
bh611	L	NT611SVC.EXE	Related to Bell_and_Howell
BigPond Broadband Cable Login	L	bpcService.exe	Telstra's BIGPOND_BROADBAND_CABLE
Biometric Authentication Service	L	DpHost.exe	Related to DigitalPersona, Inc.
BitDefender Communicator	L	xcommsvr.exe	Related to bitdefender Antivirus
BitDefender Desktop Update Service	L	livesrv.exe	Update service for BitDefender_Antivirus
BitDefender Scan Server	L	bdss.exe	Related to Bitdefender antivirus
BitDefender Virus Shield	L	vsserv.exe	Related to bitdefender (Virusshield)
Black Hole Professional Version (wmupdate)	X	svch0st.exe	Detected as Backdoor.Win32.Ciadoor.123.d by Kaspersky
Black Hole2005 Professional Version (Black Hole2005 Professional)	X	QQ.exe	Added by the Troj/BlackHol-C TROJAN!
Black Hole2005 Professional Version (Black Hole2005 Professional)	X	server.exe	Added by the Troj/Singu-W TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
BlackICE	L	blackd.exe	Black Ice firewall
Blue Coat K9 Web Protection (WebFilter)	L	k9filter.exe	Related to K9 Web Protection
Bluesocket IPSec Service (BlueService)	L	BlueService.exe	Related to Bluesocket WLAN service. Note: Located in C:\Program Files\Bluesocket MS IPSec Config Tool\
BlueSoleil Hid Service	L	BTNtService.exe	BlueSoleil is a Bluetooth device manager for Windows. Made by the IVT_Corporation The file associated with this service is found in the Program Files\IVT Corporation\BlueSoleil folder.
Bluetooth Notification Service (Btnfserv)	X	btserv.exe	Added by the W32/Sdbot-CSD WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Bluetooth Service	L	btwdins.exe	Bluetooth Service
bobo	L	momo	panda platinium antivirus
Boeing Permissions Elevator	L	elevate.exe	The Boeing Company (internal use)
Boingo Monitor Service	L	wmonitor.exe	Boingo's Free_Wi-Fi_Software
Bonjour Service	L	mDNSResponder.exe	Create's a network of computers and smart devices. Made by Apple Computer, Inc. For more information Click_Here File location is in the Program Files\Gizmo Project folder.
BoolTern (BoolTern)	X	svch0st.exe	Added by the W32/Tilebot-U WORM! Note: This (svch0st.exe) is not the legitimate Windows process (Which is always found in the System32 folder, also notice the difference in the spelling.) The legitimate Windows process (svchost.exe) should not be seen in Msconfig or as a Startup item. This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Boonty Games	X	Boonty.exe	Boonty_Games Used with Boonty box. Will not uninstall from Add/Remove programs. This is from their Privacy Policy. "We also may share payment information with third parties who provide payment services and share aggregate data regarding the type and number of videogames you download, your age, gender, occupation, education level, geographic location, computer equipment data and on-line and video game interests, activities and practices to game publishers. In addition, we share e-mail addresses with third party e-mail carriers who assist us in sending out our e-mails to many of our customers at the same time. Subsidiaries and controlled affiliates are not viewed as third parties for the purpose of data transfers, and hence personal information may be shared within those subsidiaries and affiliates without obtaining additional consent."
Broadcom ASF IP monitoring service v3.0.1	L	basfipm.exe	Related to Broadcom communications - hardware.
Brother BidiAgent Service for Resource manager (brmfbags)	L	BrmfBAgS.exe	Related to Brother_BidiAgent Service products, from Brother Industries. Note: Located in C:\WINDOWS\System32\
Brother Popup Suspend service for Resource manager	L	Brmfrmps.exe	Brother printer related
Browser	X	svchost.exe -k Browser	Added by the Fuwudoor TROJAN!
BrSplService	L	brsvc01a.exe	related to Brother Industries Ltd
BT Modem Lock	L	ModemLock.exe	Related to NetProtector Parental control.
BUFFALO Wireless Configuration Service (bwcsrv)	L	bwcsrv.exe	Related to BUFFALO_Wireless Configuration Service Note: Located in C:\WINDOWS\System32\Drivers\
Buffalo Wireless Service (BWSVC)	L	bwsvc.exe	Related to Buffalo_Wireless_Service The Multimedia Combo Set by SANSUN Industries. Note: Located in C:\Program Files\BUFFALO\Client Manager 2\
BullGuard Email Monitoring (BsMailProxy)	L	svchost.exe	Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\
BullGuard File Monitoring (BsFileSpy)	L	svchost.exe	Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\
BullGuard Firewall (BsFirewall)	L	svchost.exe	Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\
BullGuard LiveUpdate (BGLiveSvc)	L	BullGuardUpdate.exe	Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\
BullGuard Main (BGMainSvc)	L	svchost.exe	Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\
BusinessC (BusinessContinuity)	X	msstl.exe	Added by the SDBOT.CJR WORM! Read the link, rootkit type stealth involved.
Bytemobile Web Configurator (bmwebcfg)	L	bmwebcfg.exe	Related to Bytemobile Inc. Mobile Content Filtering.
C-DillaCdaC11BA	O	CDAC11BA.EXE	copy protection software
C-DillaSrv	L	CDANTSRV.EXE	C-Dilla License Management software from MacroVison
CA ISafe	L	isafe.exe	Related to Computer Associates virus software.
CA License Client	L	lic98rmt.exe	Computer Associates
CA License Server	L	lic98rmtd.exe	Computer associates
CA Pest Patrol Realtime Protection Service (ITMRTSVC)	L	ITMRTSVC.exe	Related to CA_Pest_Patrol Realtime Protection Service Note: Located in C:\Program Files\CA\PPRT\bin\
CaCCProvSP	L	ccprovsp.exe	Related to eTrust_Internet_Security_Suite from Computer Associates International Inc. Note: Located in C:\Program Files\CA\eTrust Internet Security Suite\
CachemanXP	L	CachemanXP.exe	CachemanXP Memory Manager
CAILI	L	caili.exe	related to CarryIco Software, installed by a flash card reader driver setup utility.
CAISafe	L	ISafe.exe	Part of eTrust EZ Antivirus
CanerServer	X	caner.exe	Troj/Hupigon-ES
Canon BJ Memory Card Manager	L	Bjmcmng.exe	Canon Bubblejet Memory Card Utility
Canon Camera Access Library 8 (CCALib8)	L	CALMAIN.exe	Canon digital camera software that provides additional configuration options for the devices.
Canon Driver Information Assist Service	L	CnxDIAS.exe	CANON Driver Information Assist Core Module. This file should be found in the Program Files\Canon\DIAS folder.
Canon PIXMA iP6000D Memory Card Manager	L	PDUiP6000DMemCrdMgr.exe	Related to Canon PIXMA iP6000D Bubble Jet printer
Capture Device Service	L	DevSvc.exe	Related to Capture_Device InterVideo Service. Note: Located in C:\Program Files\Common Files\InterVideo\
Capture Service (CaptureService)	L	CaptureService.exe	Related to Impact_360 from Witness Systems, Inc. Workforce management. Note: Located in C:\WINDOWS\system32\DirectX\
Carbon Copy Scheduler (CarbonCopyScheduler)	L	schdsrvc.exe	Related to Alteris services. http://www.altiris.com
CarboniteService	L	carboniteservice.exe	Related to Carbonite_online_backup automatically backs up all the the files on your computer.
Card Adapter (NETDown)	X	smss.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This is not the legitimate Windows Process smss.exe. (Which is found in the System32 folder.) This worm/trojan file (smss.exe) is found in the Windows or Winnt folder.
cdmonsvc32	X	cmmonsvc32.exe	Worm.Opanki_Variant.Process Note: Located in %windir%
Cdsys (Cdsys)	X	cdcd.sys	Added by the Troj/Agent-IA TROJAN! Note: This trojan file is found in the System32 folder.
CE-Infosys Security System (CE-Infosys Security Service)	?	ceisvc.exe	Seems to be legit, belongs to this company Ce-infosys_suite It will be left as unknown until more is found out about the company.
CeEPwrSvc	L	CeEPwrSvc.exe	Related to TOSHIBA and COMPAL ELECTRONIC INC.
CelInDrv	X	CelInDriver.sys	Win32/Agent.ABF Note:Located in %system% Read the link, collects sensitive information
CentennialClientAgent	L	CAgent32.exe	Related to Centennial UK Limited - http://www.centennial.co.uk/
CentennialIPTransferAgent	L	xferwan.exe	Related to Centennial UK Limited - http://www.centennial.co.uk/
cFosSpeed System Service (cFosSpeedS)	L	spd.exe	cFos_Software Internet acceleration program related. Note: May be necessary for the software to work properly.
change me please (VIRUS)	X	sysdat.exe	Added by the W32/Tilebot-L WORM!
Changed me (Patch)	X	systemz32.exe	W32/Tilebot-JD Read the link, allows remote access and uses rootkit stealth
Charter High-Speed Security Suite	O	SERVIC~1.EXE	Related to F-Secure, Backweb application
chckntfs	X	chckntfs.exe	Added by the W32/Tilebot-EF WORM! Note: This worm\trojan is located in C:\%WINDIR%\
chkext(chkext) (chkext)	X	chkext.exe	Added by the W32/Sdbot-CRW WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Chong3 Me (MlCR0SOFTS UPDATE)	X	N0RTAN.EXE	Added by the SDBOT.CNM WORM! Read the link, rootkit type stealth involved.
Chong3 Me (MlCR0SOFTS UPDATEe)	X	lexplarer.exe	Added by the SDBOT.CWB WORM! Read the link, rootkit type stealth involved.
cics.REGION1	L	cicssvc.exe	Related to IBM Corp.
cics.REGION2	L	cicssvc.exe	Related to IBM Corp.
cicssfs.SCMMC223	L	cicssfssvc.exe	Related to IBM Corp.
cidaemon	L	.exe	Microsoft Indexing Service filter daemon
cidaemon	L	cidaemon.exe	Microsoft Indexing Service filter daemon
Cisco Configuration Service (CCS)	L	ccs.exe	Related to Related to Cisco_Systems Note: Located in C:\WINDOWS\system32\
Cisco Systems, Inc. STC Agent (STCAgent)	L	agent.exe	Related to Cisco Systems inc. SSL VPN Client, Note: located in C:\Program Files\Cisco Systems\SSL VPN Client\
Cisco Systems, Inc. VPN Service	L	cvpnd.exe	part of Cisco VPN
Citrix CPU Utilization Mgmt/CPU Rebalancer (CTXCPUBal)	L	ctxcpubal.exe	Related to Citrix MetaFrame
Citrix CPU Utilization Mgmt/Resource Mgmt (ctxcpuSched)	L	ctxcpusched.exe	Related to Citrix MetaFrame
Citrix CPU Utilization Mgmt/User-Session Sync (CTXCPUUsync)	L	ctxcpuusync.exe	Related to Citrix MetaFrame
Citrix Print Manager Service (cpsvc)	L	CpSvc.exe	Related to Citrix MetaFrame, control Printer Management.
Citrix SMA Service	L	SmaService.exe	Related to Citrix MetaFrame
Citrix Virtual Memory Optimization	L	CtxSFOSvc.exe	Related to Citrix MetaFrame, Monitors all DLLs on a server to find where collisions are occurring
Citrix WMI Service (CitrixWMIService)	L	ctxwmisvc.exe	Related to Citrix MetaFrame
Citrix XML Service (CtxHttp)	L	ctxxmlss.exe	Related to Citrix MetaFrame
Citrix XTE Server (CitrixXTEServer)	L	XTE.exe	Related to Citrix MetaFrame
CL500_510 Remote Server	L	KaNTSRV.exe	Related to Panasocic_Color_Laser_Printer server. Note: Located in C:\PROGRAM FILES\PANASONIC\REMOTE SERVER\
Client Debug Manager	X	spoolvc.exe	W32/Sdbot-DCX Read the link, allows remote access
Client Disk Manager	X	symon.exe	Added by the W32/Tilebot-IN WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Client IP-IPX	X	svchosts.exe	Added by a variant of the W32/SDBOT WORM! Note: Located in C:\%WINDIR%\System32\drivers\ (XP/WinNT/2K)
Client Network (CdmService)	L	cdmsvc.exe	Related to Citrix MetaFrame, maps client drives and peripherals for access in ICA sessions.
Client Server Runtime Proces	X	csrss.exe	Added by the WORM_SDBOT.BTI WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Malicious activities read the topic. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder.
Client Server Runtime Process	L	csrss.exe	Microsoft Client Server Runtime Process
Client Server Runtime Service (csrss32)	X	csr.exe	Added by the W32/Sdbot-AFM WORM! Note: This worm file is found in the Windows or Winnt folder.
Client Update Service for Novell	L	cusrvc.exe	Related to Novel server.
Client/Server Runtime Server Subsystem (CSRSS)	X	csrss.exe	W32/IRCBot-UN Note: Located in %windir%, not to be confused with the legitimate file in %windir%\system32 (%windir%\system on windows 98/ME) Read the link, allows remote access and steals information
Client32	L	client32.exe	NetSupport Manager by "NetSupport Ltd.".
Cliente de seguimiento de vinculos distribuidos	L	services.exe	Spanish Windows 2000 distributed links tracking client
Cliente DHCP	L	services.exe	Spanish Windows 2000 DHCP client
Cliente DNS	L	services.exe	Spanish Windows 2000 DNS client
Clients Server Runtime Process	X	csrss.exe	Added by the W32/Sdbot-CPF WORM! Note: This worm\trojan is located in C:\%WINDIR% This is not the legitimate Windows Process. (Which is found in the System32 folder.)
Clients Server Runtime Process (Windows Internet)	X	csrss.exe	Added by the W32/Sdbot-CPF WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
clmss (Content List Management Sub System)	X	clmss.exe	Added by the W32/Tilebot-AO WORM! Note: This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Cobian Backup 8 service (CobBMService)	L	cbService.exe	Related to Cobian_Backup An Open Source projects. Note: Located in C:\Program Files\Cobian Backup 8\ Note Open souce project can be modified. Make sure you scan the program with a Virus protection program before using.
Codec	X	WINCODEC.EXE	Added by the SDBOT.CJO WORM! Read the link, rootkit type stealth involved.
Cognos ReportNet	L	cogbootstrapservice.exe	Related to Cognos_ReportNet Business Intelligence software. Note: located in C:\Program Files\Cognos\crn\bin\
ColdFusion Graphing Server	L	JRun.exe	Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc.
ColdFusion Management Repository Server (ColdFusion Management Repository)	L	jrun.exe	Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc.
ColdFusion Management Service	L	CANamingAdapter.exe	Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc.
ColdFusion Monitoring Service (ClusterCATS Service)	L	ccmgr.exe	Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc.
ColdFusion MX Application Server	L	jrunsvc.exe	Related to Macromedia Cold Fusion software.
ColdFusion MX ODBC Server	L	swstrtr.exe	Related to Macromedia Cold Fusion software.
COM Host	L	comHost.exe	Related to Norton/Symantec Internet Security
COM Message Transfer (mscommt)	X	svchost.exe -k mscommt	Added by the Troj/Dbit-A TROJAN!
COM+ Component Service (COMCSVC)	X	winmgnt.exe	Added by unknown malware, the file winmgnt.exe may be a Serv-U FTP server used to download other malicious files to your computer. File location is in the System32 folder.
COM+ Interface (svcmngr)	X	svcgirl.exe	Added by an unknown malware. Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder.
COM+ Messages	X	svchosts.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
COM+ System Client (ComSysCnt)	X	cmsvc.exe	Identified as the SdBot.bis worm Note: This worm is located in C:\WINDOWS\repair\
COM+ System Service (COMSS)	X	SSMS.EXE	Added by unknown malware. File location is in the System32 folder.
COM+ System Service (DLLHOST)	X	dllhost.exe	Added by the Backdoor.Win32.SdBot.xd as identified by Kaspersky TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
COM+ System Source (COMSysSRC)	X	vmnat.exe	W32/Tilebot-JE Note: Located in %windir%\system32 Read the link, allows remote access
Command Service (cmdService)	X	command.exe	Adware
CommServer	L	CommSvr.exe	Related to the HiPath 1220 digital PBX system from Siemens. For more information Click_Here File location is in the Program Files\Siemens\HiPath 1220\CommServer2.0 folder.
Comodo Application Agent (CmdAgent)	L	cmdagent.exe	Related to Comodo_Firewall from Comodo. Note: Located in C:\Program Files\Comodo\Firewall\
Compaq Advisor	L	compaq-rba.exe	Related to Compaq
Compaq DMI Web Agent	L	WebDmi.exe	Related to Compaq Computer.
Compaq Local Alerter	L	cpqalert.exe	Related to Compaq Computer. Allows for "fault, performance, and configuration management". Recommended for corporate users only.
Compaq Local Alerter (CPQALERT)	L	CPQAlert.exe	Related to compaq products
Compaq Presario SSH	X	cpsd.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K)
Compaq Remote Diagnostics Enabling Agent	O	Cpqdfwag.exe	Related to Compaq diagnostics utility.
Compuware Open Server	L	cwjboss.exe	Compuware Serversoftware
comrepl	X	comrepl32.exe	Added by the W32/Rbot-DNH WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
comrepl	X	comreplsvc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Config Loader	X	scvhost.exe	several Agobot variants
ConfigFree Service	L	CFSvcs.exe	Toshiba related
Configuration Loader (bF)	X	wincrt32.exe	Virus and Trojan tools. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JP&VSect=Sn
Configuration Loading	X	svchos1.exe	several Agobot variants
Connected Agent Service (AgentSrv)	L	AgentSrv.EXE	Related to Connected Corporation. - http://www.connected.com/
Connected Launcher	L	CBlaunch.exe	Connected backup software
Connected RegCap	L	CBRegCap.EXE	Connected backup software
Connection Rese	X	webadmin.exe	W32/Forbot-FY adds this, with a display name of Website Administrator Info.
Content Index service	L	cisvc.exe	Microsoft Content Index service
Content Monitoring Tool	L	msCMTSrvc.exe	Compaq CMTS
ContentProtect (CwCpSvc20)	L	cwsvc.exe	Related to ContentWatch Parental Control Internet Filter.
Contivity VPN Service	L	Extranet_serv.exe	Related to Novel server.
Contour Shuttle Device Engine (ShuttleEngine)	L	ShuttleEngine.exe	Related to Contou_Design
Control Services	X	expl0rer.exe	Win-Trojan/BlackHole.125440
Control Task Manager	X	cvsys.exe	Added by an unidentified TROJAN! Note: of the IRC/bot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
COSIDS_TB	L	TbMux32.exe	Related to http://www.transaction.de/
coste	O	martinr.coste@neuf.fr	antivirus
Cox High Speed Internet Security Suite System Service (AuthSysSvc)	L	SysSvcNt.exe	Related to Cox High Speed Internet Security Suite System Service. Note: Located in C:\Program Files\Cox\Applications\app\
cpanelx (Microsoft Control Panel)	X	cpanelx.exe	Added by a variant of the W32/SDBOT WORM! Note: This worm file is found in the Windows or Winnt folder.
cpqdmi	L	cpqdmi.exe	Compaq version of the Desktop Management Interface
CPUCooLServer Service (CPUCooLServer)	L	CooLSrv.exe	Part of CPUCooL
CQG Installation Service	L	cqginsts.exe	Related to CQG, Inc. CQG provides extensive historical data online for charting and technical analysis.
crauto	L	crauto.exe	Background task of the Paragon Encrypted Disk software which enables you to have encrypted virtual hard disks to store sensitive data. (answers that work)
Creative Labs Licensing Service	L	CreativeLicensing.exe	Related to Creative Labs Licensing Service. Note: located in C:\Program Files\Common Files\Creative Labs Shared\Service\
Creative Service for CDROM Access	L	CTsvcCDA.exe	Creative Service for CDROM Access
crss32.exe	X	crss32.exe	Added by the W32/Tilebot-GT WORM! Note: This worm\trojan is located in C:\%WINDIR%
Crypkey License	L	crypserv.exe	CrypKey Software Licensing System from Cobalt Systems
Cryptainer service (ssoftservice)	L	ssoftsrv.exe	Owner:Cypherix Cypherix Encryption Software
Cryptic Protected Storage (CryptProtectedService)	X	cpstorage.exe	Added by the W32/Tilebot-HO WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Cryptographic Engine (EngSvc)	X	csvc.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Crystal APS (CrystalAPS)	L	CrystalAPS.exe	Related to Crystal_APS Now owned by Business Objects. Note: Located in C:\Program Files\Seagate Software\Enterprise\x86\
Crystal Cache Server (CacheServer)	L	cacheserver.exe	Crystal_Decisions_Cache_Server Now owned by Business Objects
Crystal Event Server	L	EventServer.exe	Crystal Decisions Event Server
Crystal Input File Repository Server (CrystalInputFileServer)	L	inputfileserver.exe	Crystal_Decisions_File_Repository_Server Now owned by Business Objects.
Crystal Management Server	L	CrystalMS.exe	Crystal Decisions Management Server
Crystal Output File Repository Server (CrystalOutputFileServer)	L	outputfileserver.exe	Crystal_Decisions_Output_File_Repository_Server Now owned by Business Objects
Crystal Program Job Server	L	ProgramServer.exe	Crystal Decisions Job Server
Crystal Report Application Server	L	crystalras.exe	Crystal Decisions Report Application Server
Crystal Report Job Server (JobServer_Report)	L	JobServer.exe	Crystal_Decisions_Report_Job_Server Now owned by Business Objects
Crystal Web Component Server (WebCompServer)	L	WebCompServer.exe	Related to Crystal Decisions Enterprise software. Now owned by Business_Objects Note: Located in C:\Program Files\Seagate Software\WCS\
CsdDriver	X	CsdDriver.sys	Troj/Goldun-EE
CTI Central Management	X	cti.exe	Lowers IE security settings
Curtains for Windows System Service (CurtainsSysSvc)	L	CurtainsSysSvcNt.exe	Related to Authentium, Inc. http://www.authentium.com/
CVSNT 2.5.01.1927 Dispatch service (cvsnt)	L	cvsservice.exe	Related to CVS_on_NT service Machines. From March Hare Software. Note: Located in C:\Program Files\CVSNT\
CVSNT 2.5.01.1927 locking service (cvslock)	L	cvslock.exe	Related to CVS_on_NT service Machines. From March Hare Software. Note: Located in C:\Program Files\CVSNT\
CWAFAdminController	L	CWAFAdminController.exe	Compuware Seversoftware
CWAFAdminMonitor	L	CWAFAdminMonitor.exe	Compuware Serversoftware
CWAFEventRouter	L	cwafservice.exe	Compuware Serversoftware
CWAFNotesService	L	CWAFNotesService.exe	Compuware Serversoftware
CWAFReportScheduler	L	CWAFSchedService.exe	Compuware Serversoftware
CWAFRmiRegistry	L	CWAFRmiRegistry.exe	Compuware Serversoftware
CWShredder Service	L	CWShredder.exe	CWShredder tool from Trend Micro.
CXPT_Service - Cyberspace Headquarters, LLC	L	wcservice.exe	Related to Internet_Security Suite from COSMI Corp.
CyberArmor Run Service	L	casvc.exe	CyberArmor an Enterprise Class Personal Firewall
Cyberhawk	L	CHService.exe	Related to Cyberhawk from Novatix, Protects against Viruses, Spyware, Identity Theft. Note: Located in C:\Program Files\Novatix\Cyberhawk\
CyberLink Background Capture Service (CBCS) (CLCapSvc)	L	CLCapSvc.exe	Related to CyberPower Systems, Inc. - http://www.powercinema.com/english/index.jsp
CyberLink Media Library Service	L	CLMLServer.exe	Related to CyberPower Systems, Inc. - http://www.powercinema.com/english/index.jsp
Cyberlink RichVideo Service(CRVS) (RichVideo)	L	RichVideo.exe	CyberLink RichVideo is an advanced technology designed to save precious video editing time.
CyberLink Task Scheduler (CTS) (CLSched)	L	CLSched.exe	Related to CyberPower Systems, Inc. - http://www.powercinema.com/english/index.jsp
CYGWIN cygserver (cygserver)	L	cygrunsrv.exe	Related to Cygwin_RedHat powerful tools to assist developers in migrating applications from UNIX®/Linux to the Microsoft® Windows®; platform. Note: located in C:\Apps\cygwin\bin\
CypressLink	L	CypressLinkService.exe	Related to Related to CypressViewer from Siemens. Medical software. Note: Located in C:\Program Files\Acuson\CypressViewer\Bin\Release\
D-Link IP servellience Launcher (D-Link_ST3402)	L	Launcher_DL.exe	Related to D-link Software. Note: Located in C:\Program Files\D-Link\IP surveillance\
DameWare Mini Remote Control	L	DWRCS.EXE	Related to DameWare Development
DameWare NT Utilities 2.6 (DNTUS26)	L	DNTUS26.EXE	Related to Dameware_NT_Utilities program that allows remote access and control of a computer. This is a common program for hackers to install on a computer, so if it is installed, and you did not install it, it should be removed. Note: Located in C:\%WINDIR%\System32 (XP/WinNT/2K)
dashsvc	L	Dashsvc.exe	Motion computer pen interface. :Owner: Motion Computing Inc.
Data Protector Inet	L	OmniInet.exe	Related to Hewlett-Packard OpenView OmniBack II
Datakey's Log Service (DkLogger)	L	DkLog.exe	Made by Datakey, Inc.
Datakey's Token Service (DkTknSrv)	L	dkcktkn.exe	Made by Datakey, Inc.
DataSvr	L	DataServer.exe	Related to Wave_Systems_Corp An identity protection application that is configured to use digital certificates.
Datax Sagef Server (SagefServer)	L	Datax.Sagef.Server.exe	Related to DataX Server. Note: Located in C:\Program Files\Datax\Servidor Sagef\
DB2 - DB2 (DB2)	L	db2syscs.exe	Related to IBM Corp.
DB2 - DB2DAS00 (DB2DAS00)	L	db2syscs.exe	Related to IBM Corp.
DB2 Governor (DB2GOVERNOR)	L	db2govds.exe	Related to IBM Corp.
DB2 JDBC Applet Server	L	db2ccs.exe	Unknown.Found in an IBM application.
DB2 JDBC Applet Server (DB2JDS)	L	db2jds.exe	Unknown, found in a IBM application.
DB2 Remote Command (DB2REMOTECMD)	L	db2rcmd.exe	Related to IBM Corp.
DB2 Security Server (DB2NTSECSERVER)	L	db2sec.exe	Related to IBM Corp.
DB2DAS - DB2DAS00	L	db2dasrrm.exe	IBM DB2 related. The DB2 Admin Server process. This process supports both local and remote administration requests using the DB2 Control Center.
Dcfssvc	L	dcfssvc.exe	Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can\'t load pictures from your camera/dock - Kodak\'s dock is an example
Dcom Helper (DcmHlp)	X	dcmhelp.exe	Addec by the W32/Sdbot-AJA WORM! Note: This worm\trojan is located in C:\%WINDIR%\
DCOM PC Service (mspcdcom)	X	mspcdcom.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
DCPFLICS	L	DCPFLICS.exe	Related to: Discreet Turbosquid/3dsmax Plugin Protection
DCS Loader	L	OPHALDCS.EXE	Print spooler service for Oki_Data printer
dcznetv2 (dcznetv2)	X	dcznetv2.exe	Added by the W32/Tilebot-O WORM! Note: This worm/trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
DDE de red	L	netdde.exe	Spanish Windows 2000 network DDE
Debug Config System	X	lrsys.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here
Debug System Manager	X	spoolvc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Deepsight Extractor	L	ExtractorService.exe	Symantec Security Analyser
DeepSight Extractor CC Service	L	ccExtractorService.exe	Related to Symentec corp.
DeepSight Extractor Service for NPF03	L	ExtractorServiceNPF03.exe	Symantec Security Analyser
DeepSight Extractor Service for NPF04	L	ExtractorServiceNPF04.exe	Symantec Security Analyser
Defragmentation Management Handler (FAT Defragmentation)	X	dfrgfat32.exe	Added by the W32/Codbot-AB WORM! Note: This worm\trojan file is found in the System32 folder.
DefWatch	L	defwatch.exe	Symantec Antivirus related
Dell Printer Status Watcher (DLPWD)	L	DLPWDNT.EXE	Related to Dell_Printers Note: Located in C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\
Dell Wireless WLAN Tray Service (wltrysvc)	L	WLTRYSVC.EXE	Related to wireless networking for Broadcom wireless network cards, found on Dell PCs
DellDmi	L	DellDmi.exe	Related to Dell's OpenManage software.
DEventAgent	L	EventAgt.exe	Related to: Dell OpenManage and used for server management.
DEVICEMAP	X	DEVICEMAP.SYS	Added by the TROJ_ROOTKIT.O TROJAN! Read the link, rootkit type stealth involved.
DF5Serv	L	DF5Serv.exe	By Faronics Corporation
dgtsys (dgtsys)	X	dgtsys.sys	Added by Adware-DigitalNames
DHCP Client (Ulead Service)	X	dhcpclient.exe	Added by the W32/Codbot-AG WORM!
Diagnostic Facility COM Server (CdfSvc)	L	CdfSvc.exe	Related to Citrix MetaFrame Presentation Server
DiamondCS Process Guard Service v3.000	L	dcsuserprot.exe	process guard
DigiCtrl	L	digisc.exe	Related to Matrox_Electronic_Systems DigiSuite Service Control
Digidesign MME Refresh Service (DigiRefresh)	L	MMERefresh.exe	Related to Digidesgin Protocols Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R
digiSPTIService	L	digiSPTIService.exe	Related to Pro_Tools digital audio workstation (DAW) technology.
Digitizer Service (Digitizer)	L	digtizer.exe	Related to Digitizer_Service from Wacom Tech. Note: Located in C:\%WINDIR%\System32 (XP/WinNT/2K)
Dimension4	L	D4.exe	Related to Dimension4 Thinking Man Software - Note: Located in C:\Program Files\D4\
direct sound rss (dsrss)	X	dsrss.exe	Added by the Backdoor.SdBot.xd as identified by ewido. Note: This worm\trojan is located in C:\%WINDIR%\
DirectUpdate engine	L	DUService.exe	Direct Update - registers dynamic IPs to a fixed hostname
DirectX Debug Service (DXDebug)	L	DXDebugService.exe	Related to the Microsoft DirectX SDK and offers a debug facility for this development suite.
DirectX Drivers	X	D1rectX.exe	Added by the SDBOT.CIF WORM! This should not be confused with Microsoft DirectX files. Read the link, rootkit type stealth involved.
DirectX Graphics (dxdmain)	X	dxdmain.exe	Added by the W32/Codbot-O WORM!
DirectX Service (Cakad)	X	explorer.exe	Troj/DwnLdr-GTD Read the link, allows remote access
DirectX Service (DirectFezt)	X	explorer.exe	Troj/Crybot-G Note: Located in the downloaded program files folder Read the link, allows remote access
DirectX Service (DirectService)	X	directx.exe	Added by the Troj/Crybot-B TROJAN! This should not be confused with Microsoft DirectX files. Note: Allows a remote intruder to gain access and control over the computer through IRC channels.
DirectX Service (DirectValk)	X	explorer.exe	Added by the Troj/Crybot-F TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
DirectX Service (DirectXopm)	X	explorer.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\COMMAND\ Folder. Note This should not be confused with C:\%WINDIR%\explorer.exe which is the Microsoft Operating file.
directx.exe	X	directx.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder.
DIRECWAY Webcast (DPC_SRV_WEBCAST)	L	dpcproxy.exe	Related to DIRECWAY Webcast - http://www.directway.com/
DirMS_Defragmentation	L	DirmsService.exe	Related to DirMS_Defragmentation from DIRMS. Allows the user to defragment hard drives with a user-friendly GUI. Note: Located in C:\Program Files\MATCO\
Disk Checker Service (Check Disk)	X	chkdsk.exe	Added by the W32/Tilebot-IS WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Read the link
Disk Indexing Service (DiSVC)	X	disvc.exe	Added by the Troj/IRCBot-UX TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Disk Management Service (VxSvc)	L	VxSvc.exe	Related to Dell Open Management system. http://www.what-process.com/process-info.aspx?p=VxSvc.exe
Disk Monitor Services (DiskMon32)	X	svchost.exe -k dmon	Added by the Hanmon TROJAN! Note: This trojan file is found in the System32 folder.
Diskeeper	L	DkService.exe	Executive Software's Diskeeper (Defragmenter)
Distributed Link Tracking Extensions	X	kernel32dll.exe	Added by the W32/Myfip-I worm.
Distributed Link Tracking Service (TrkWksvc)	X	TrkWksvc.exe	Added by the W32.Toxbot.B WORM!
Distributed Transaction Coordinator (MSDTC)	L	msdtc.exe	Related to the Distributed_Transaction_Coordinator on Windows 2003. Note: Located in C:\%WINDIR%\System32\
Distributed Transaction Server (MSDCT)	X	msdtc.exe	Troj/Hupigo-SJ Read the link, allows remote access
distributed.net client	X	iosdt.exe	You have a Trojan virus on your PC . IOSDT.EXE is its main file. You most probably tried to download illegal copies of Microsoft software, and got infected by this trojan virus as a result (it gives access to your PC from the Internet).
distributed.net client (dnetc)	L	dnetc.exe	Client part of the dstributed.net general-purpose distributed computing project.
DK2 Network Server (DNServer32)	L	DNSrv32.exe	Related to DESkey_Hardware reliable and flexible means to protect your software from piracy. Note: Located in C:\Program Files\DESkey\DK2 Network Server\
DkeySync	L	syncservice.exe	Related to GE_Security_Supra Note: Located in c:\program files\ge security supra\
dlbt_device	L	dlbtcoms.exe	Something by Dell Computers
dlbu_device	L	dlbucoms.exe	Related to Dell computers
dlbx_device	L	dlbxcoms.exe	Related to Dell computers.
dlcc_device	L	dlcccoms.exe	Dell printer related. File is found in the System32 folder.
dlcg_device	L	dlcgcoms.exe	Related to Dell_Printer Communication System Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
dlcj_device	L	dlcjcoms.exe	Related to Dell Photo AIO Printer, may be the driver.
DLL Manager (mswindll)	X	mswindll32.exe	Added by the W32/Tilebot-AQ WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
dllmgr64	X	dllmgr64.exe	Added by a Backdoor.SdBot.xd trojan identified by EWIDO. Note: This worm\trojan is located in C:\%WINDIR%\
DLT - Dell Computer Corporation	L	DLT.exe	Related to Dell OpenManage system management software
DM Primer (DMPrimer)	L	dmprimer.exe	Related to Unicenter_Remote_Control_Host From Computer Associates Note: Located in C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\
DM1Service	L	DM1Service.exe	Related to OLYMPUS Corporation
dmisrv	L	dmisrv.exe	Appears to be part of Dell OpenManage_Client_Instrumentation Software.
dmserver	X	svchost.exe -k dmserver	Added by the Fuwudoor TROJAN!
DNS Client Service	X	svshost.exe	Identified as the SdBot.awe worm Note: This worm is located in C:\%WINDIR%\System32\
DNS Manager (dnsmgr)	X	dnsmgr.exe	Added by a variant of W32.Wargbot WORM! Note: This worm is located in C:\%WINDIR%\System32
DNS Server (DNS Server)	X	svchost.exe	Added by the Troj/Feutel-Y TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This trojan file is found in the Windows or Winnt folder.
DNS4Me Client (DNS4MeClient)	L	DNS4MeClient.exe	Related to Dynamic_DNS_service from RhinoSoft.com that makes it possible for you to start hosting your own web site, FTP server, mail server, and more.
DNSCacheReader	X	j[random number].exe	Troj/TinyDL-J Note: Located in C:\Windows\System32
DNSexit	L	dnsexit_srv.exe	Provides reliable DNS Services free of charge to top level domains for both business and internet users. http://www.dnsexit.com/
dnWhoDisp	L	dnwhodisp.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
Documentum Desktop Component Installer	L	DcComponentInstaller.exe	Related EMC_Corporation Content management software.
Download Manager Lite Service (DownloadManagerLite)	L	dm.exe	Related to Net_Cable TV. Note: Located in C:\Program Files\NCTV\bin\
DPI Assistant Service (srvdpi)	L	srvdpi.exe	Related to Ositech_Communiction Service. Note: Located in C:\WINDOWS\System32\
Dragon Age - Bioware	X	dragonage.exe	Added by the W32/Vanebot-M WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ dllcache\ (XP/WinNT/2K) Will try to teminate virus protections software.
Driver Cache (Driver Cache)	X	Driver Cache.exe	Added by the Troj/Feutel-S TROJAN!
DSDM de DDE de red	L	netdde.exe	Spanish Windows 2000 network DDE DSDM
dservice	X	dservices.exe	W32/Spybot-NM Note: Located in %windir%\system32\dllcache Read the link, allows remote access
DTS Agent	L	tngdta.exe	Computer Associates Data Transport Service Agent
DTS Browser	L	tngdoba.exe	Computer Associates Data Transport Service Browser
DTS Metrics Gatherer	L	tngdtmg.exe	Computer Associates Data Transport Service
DUN Manager Service	?	dmservc.exe	Dial-up and routed networking enhancement - http://www.magsys.co.uk/dunman/
DUN_SERVICE3	X	dun3.exe	Added by the Trojan.Sokiron TROJAN!
DVD-RAM_Service	L	DVDRAMSV.exe	DVD driver
DVDrealm (DVDrealm)	X	DVDrealm.sys	Added by the Troj/Rootkit-AA TROJAN! Read the link, rootkit type stealth involved.
DvpApi	L	dvpapi.exe	Command Software Systems, Inc. - anti Virus
dx32hhec	X	dx32hhlp.exe	Added by the Nemog TROJAN!
Dynamic Library Host (DLLHOSTS)	X	dllhost.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: Note: This worm\trojan is located in C:\%WINDIR%\ More here
DynamicHost (DLHOST)	X	dlhost.exe	Added by the W32/Tilebot-BO WORM! Note: This worm file is found in the Windows or Winnt folder.
E6F7BD90	X	Random_Name.exe	Troj/BDoor-ADP
E8CA85CC	X	E8CA85CC.EXE	Troj/JD-A Read the link, steals information
EarthLink Firewall Process Path Service (ElnkFWPPService)	L	EFWPPS~1.EXE	Related to EarthLink_Firewall Process. Note: Located in C:\Program Files\EarthLink\Protection Control Center\
EarthLink Protection Control Center Service (ELNKService)	L	ELNKServ.exe	Related to EarthLink_Protection_Control Center Service. Note: Located in C:\Program Files\EarthLink\Protection Control Center\
EarthLinkSafeConnectAgent	L	SanaAgent.exe	Part of the EarthLink protection center
Earthworks License Manager	L	ewlicense_manager_nt.exe	Software application for mining and related extractive industries and produces two ranges of products under the Datamine and Earthworks labels. Note: Located in C:\Program Files\Common Files\Earthworks
Earthworks License Services	L	LicenseServicesNT.exe	Software application for mining and related extractive industries and produces two ranges of products under the Datamine and Earthworks labels. Located in C:\Program Files\Common Files\Earthworks
Easy File & Folder Protector (ACDService)	L	EFPAP.exe	Easy_File_&_Folder_Protector Deny access to certain files and folders, or to hide them securely from viewing and searching
EC2007 Service 1.40 (EC2007Service)	L	ec27ser.exe	Electronic_Chart_Display_and_Information System (ECDIS). Data production for Electronic Navigational Charts. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
ECA (cpanel)	X	javapanel.exe	Added by the W32/Tilebot-Y WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
eEye Application Bus (eeyeevnt)	L	eeyeevnt.exe	Related to eEye Digital Security
eEye Retina Engine (RetinaEngine)	L	RetinaEngine.exe	Related to eEye Digital Security
Electronic Arts Licensing Service	L	EA Licensing Service.exe	Related to EA_Licensing_Service.exe is installed with some games from Electronic Arts. It is required for the games to run. Leave it alone if you want to play any games from EA Note: located in C:\Program Files\Common Files\Electronic Arts Shared\
ELNK Update Service (ELNKUpdateService)	L	UpdateService.exe	Related to EarthLink's protection centre
EloSystemService	L	EloSrvce.exe	Elo TouchSystems, Inc. - http://www.elotouch.com
EloTouchscreen	L	EloTouch.exe	Related to Elo TourchSystems, Inc.
elpow_spy	X	elpow_spy.sys	Added by the ElpowKeylogger Spyware! Note: This file is found in the System32\drivers folder. Read the link, rootkit type stealth involved.
Emagic EMI System Tray Service (emitray)	L	emitray.exe	The tray icon of the emagic EMI 2/6 USB audio interface
EMCliSrv	L	EMCliSrv.exe	Related to Express_Metrix PC inventory and software usage tracking. Note: Located in C:\WINDOWS\system32\wex4962\
Empty (m_hook)	X	m_hook.sys	Troj/BagleDl-CJ Note: Located in %windir%\system32 Read the link, rootkit stealth involved
Enables Java Support (Java)	X	winjava.exe	Added by the W32/Codbot-AA WORM! Note: This worm/trojan file is found in the System32 folder. (May use various filenames and will startup with system even in Safe mode.)
Enables Javascript Support (Javascript)	X	javascript.exe	Added by the W32/Codbot-V WORM!
Encryption Service	L	encsvc.exe	Related to Citrix MetaFrame
end task (Taskend)	X	Taskend.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\
Entrust Login Interface (ELIService)	L	etlisrv.exe	Related to Entrust Login Interface service, Made by Entrust Technologies Ltd. This file is found in the Windows or Winnt folder.
ENUFF Server (ENXPSVR)	L	ENSERVS.EXE	Enuff Parental Control Software by Akrontech
ENUFF XP Service (ENXPSVC)	L	CVSEXPSS.EXE	Enuff Parental Control Software by Akrontech
EP2005-SAGEM Usb Switcher (EpMonitor)	?	EpMonitor.exe	Appears to be related to EpMonitor from "Eightfold Technologies"
EPrint III Service	L	LPSVS03N.EXE	Related to LEADTOOLS_ePrint From Lead Tech. Perform additional processing to your print job before sending it to the driver.
EPS Printer Driver	X	EPSONSYS.SYS	Added by the Goldun.I TROJAN! Note: This trojan file is found in the System32 (NT/2000/XP) folder. Also look for Winlogon Notify: printpnp - printpnp.dll
EPSON ESC/POS Status Service (EPSON ESCPOS Status Service)	L	EpStsSrv.exe	Related to EPSON_ESC/POS Status service by SEIKO EPSON Corp. Note: Located in C:\WINDOWS\SYSTEM32\
Epson Printer Status Agent (StatusAgent)	L	SAgentNT.exe	Related to Epson_Printer Status agent. Note: Located in C:\Program Files\Common Files\EPSON\EBAPI\
EPSON Printer Status Agent2	L	SAgent2.exe	detects and configures an Epson Printer Port where applicable
Epson Printer Status Agent4 (StatusAgent4)	L	SAgent4.exe	Related to Epson Corp.
EPSON V3 Service2(02) (EPSON_PM_RPCV2_02)	L	E_S00RP2.EXE	Related to the EPSON Status Monitor 3
EPSON V3 Service2(03) (EPSON_PM_RPCV2_01)	L	E_S00RP1.EXE	Related to the EPSON Status Monitor 3
EPSON V3 Service4(01) (EPSON_PM_RPCV4_01)	L	E_S30RP1.EXE	Epson status monitor
EpsonBidirectionalService	L	eEBSVC.exe	Related to Epson printers.
eRecovery Service (eRecoveryService)	L	eRecoveryService.exe	Related to eRecoveryService Management from Acer Empowering Technology Note: Located in C:\Acer\Empowering Technology\eRecovery\
eScan Monitor Service	L	avpm.exe	eScan Antivirus
eScan Server-Updater	L	TRAYSSER.EXE	eScan antivirus
Escritorio remoto compartido de NetMeeting	L	mnmsrvc.exe	Spanish Windows 2000 Netmeeting remote desktop sharing service
Esker FTPD (ftpds)	L	WFTPDSNT.EXE	Related to Esker software
Esker License Control (EskerLicenseControl)	L	eslcbcst.exe	Related to Esker License control
Esker LPD (lpds)	L	WLPDSNT.EXE	Related to Esker software
Esker NFSD (nfsds)	L	WNFSDSNT.EXE	Related to Esker software
EstaciÃ³e trabajo	L	services.exe	Spanish Windows 2000 "workstation"
ET54FG	X	ET54FG.SYS	Added by the TROJ_ROOTKIT.N TROJAN! Read the link, rootkit type stealth involved.
eToken Notification Service (ETOKSRV)	L	eTSrv.exe	Related to eToken Notification Service from Aladdin Knowledge Systems, Ltd. Authentication and password management. Note: Located in C:\WINDOWS\system32\
eTrust Antivirus Job Server	L	InoTask.exe	Associated with eTrust Antivirus/InoculateIT
eTrust Antivirus Realtime Server	L	InoRT.exe	Related to eTrust's AntiVirus Internet Security solution.
eTrust Antivirus RPC Server	L	InoRpc.exe	Associated with eTrust Antivirus/InoculateIT
EUQ_Monitor	L	EUQMonitor.exe	Related to a Trend Micro product
Event Log Watch	L	LogWatNT.exe	Computer Associates
Event Monitor (evmon)	X	spoolcll.exe" -netcvs	Added by the W32.Spybot.IVQ WORM!
EvtEng	L	EvtEng.exe	Related to Intel Corporation http://www.what-process.com/process-info.aspx?p=EvtEng.exe
ewido anti-spyware 4.0 guard	L	guard.exe	Related to ewido_suite Note: located C:\Program Files\ewido anti-spyware 4.0/
ewido security suite control	L	ewidoctrl.exe	Related to ewido networks
ewido security suite guard	L	ewidoguard.exe	Related to ewido networks
Examinador de equipos	L	services.exe	Spanish Windows 2000 computers browser
ExecView Communication Module (ECM) (ECM Service)	L	ECM.exe	Related to VERITAS_ExecView
Exten. controlador Instrumental de admon. de Windows	L	services.exe	Spanish Windows 2000 windows management instrumentation drive extension
Extend360 Agent (ServiceMgr)	L	ServiceMgr.exe	Related to Fiberlink's Extend360 TM mobile Note: Located in C:\Program Files\Fiberlink\Extend360\
Extended Windows Security (Microsoft Extended Windows Security)	X	elRecvr.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\ (Win9x/Me), C:\%WINDIR%\ (XP/WinNT/2K)
Externtelecom	X	extel.exe	Added by the W32/Sdbot-AAX WORM! Read the link, rootkit type stealth involved.
F-Prot Antivirus Update Monitor	L	fpavupdm.exe	Related F-Prot Antivirus Update Monitor by FRISK_Software_International
F-Secure 2006 (BackWeb Plug-in - 4476822)	L	SERVIC~1.EXE	Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder.
F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822)	L	SERVIC~1.EXE	Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder.
F-Secure Anti-Virus Firewall Daemon	L	fsdfwd.exe	Related to F-Secure Corporation.
F-Secure Authentication Agent (FSAA)	L	FSAA.EXE	Related to F-Secure antivirus
F-Secure Automatic Update Agent (FSAUA)	L	fsaua.exe	Related to F-Secure Corporation. Note: Located in C:\Program Files\F-Secure\FSAUA\program\
F-Secure BackWeb LAN Access	O	fsbwlan.exe	Related to F-Secure_BackWeb LAN Access. This File should be found in the Program Files\F-Secure Internet Security\backweb\7681197\program folder.
F-Secure Gatekeeper Handler Starter	L	fsgk32st.exe	Related to F-Secure Anti-Virus Prog.
F-Secure HTTP Server (fshttps)	L	fshttps.exe	F-Secure Corporation http://www.what-process.com/process-info.aspx?p=fshttps.exe
F-Secure Management Agent	L	FSMA32.EXE	Related to F-Secure Anti-Virus Prog.
F-Secure Network Request Broker	L	FNRB32.EXE	Related to F-Secure_Anti-Virus software. This File should be found in the Program Files\F-Secure\Common\ folder.
FactoryTalk Diagnostics CE Receiver (RNADiagReceiver)	L	RNADiagReceiver.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
FactoryTalk Diagnostics Local Reader (RNADiagnosticsService)	L	RNADiagnosticsSrv.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
fan.eeewl.com	X	nsvce32.exe	Added by the TROJ_AGENT.IOF TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Fast Track Installer (FastTrackInstallerService)	L	GBInst.exe	Related to Fast_Track_USB from M-Audio. Note: Located in C:\Program Files\M-Audio Fast Track\
FastUserSwitchingCompatibil (Fast User Switching Compatibil)	X	svchost.exe	Added by the Troj/Keylog-AT TROJAN! Note: This is not the legitimate Windows process svchost.exe (Which is always found in the System32 folder.) This trojan file is found in the Windows or Winnt folder.
Fear Service (FSVC)	X	fear32.exe	Added by the W32/Tilebot-T WORM! Note: This worm file is found in the Windows or Winnt folder.
Fiberlinkcomm Wireless Engine	L	BWEngine.exe	Related to Fiberlink's Extend360 TM mobile Note: Located in C:\Program Files\Fiberlink\Extend360\WENGINE2\
FIFA WORLD CUP 2007	X	fifa2007.exe	Added by the W32/Spybot-MQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\(XP/WinNT/2K) Steal information from Protected Storage and terminate certain anti-virus and security software
File and Folder Protector	L	ffpsrv.exe	Related to SoftHeap.Com a software shop of Atlantic Coast PLC http://www.softheap.com/
FileCabinet CS Print Service (FCPrintService)	L	csifcsvc.exe	Related to FileCabinet_CS Print Service Note: Located in C:\%WINDIR%\
FileChecker	L	filechecker.exe	Related to FileChecker from Javacool software. Watches important system files for changes, modifications, or tampering (by malicious programs).
FileZilla Server FTP server (FileZilla Server)	L	FileZilla Server.exe	Related to FileZilla A FTP and SFTP client for Windows from SourceForge.net
Firebird Guardian	L	fbguard.exe	Firebird Guardian
Firebird Server	L	fbserver.exe	Firebird Database Server
FireDaemon Service: events (events)	X	FireDaemon.EXE	Reported by Ewido security suite as Backdoor.SdBot.nj. Note: FireDaemon is a legitimate product that has been included, illegally, as part of the payload in a series of Worms and Trojans that exploit various security holes in Microsoft's Operating System products. For More information including cleanup Click_Here
FireDaemon Service: rundll (rundll)	X	FireDaemon.EXE	Reported by Ewido security suite as Backdoor.SdBot.nj. Note: FireDaemon is a legitimate product that has been included, illegally, as part of the payload in a series of Worms and Trojans that exploit various security holes in Microsoft's Operating System products. For More information including cleanup Click_Here
firefox auto update	X	firefox.exe	Added by the W32/Tilebot-DN WORM!, Note: Located in C:\%WINDIR%\
Firewall service (FWSvc)	X	FWSvc.exe	Related to WinAntiVirus Pro - rogue "antivirus"
Fix-It Task Manager (mxserver)	L	mxserver.exe	Related to Ontrack Inc. Data Recovery service.
Flash Communication Admin Service (FlashComAdmin)	L	FlashComAdmin.exe	Appears to be modem driver related, Made by Macromedia, Inc.
Flash Communication Server (FlashCom)	L	FlashCom.exe	Appears to be modem driver related, Made by Macromedia, Inc.
FLEXlm server for PTC	L	lmgrd.exe	lmgrd.exe is a process associated with the Macrovision application-generic license server.
FLEXnet Licensing Service	L	FNPLicensingService.exe	Related to FLEXnet_Publisher from Macrovision. Note: Located in C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\
Folder Size (FolderSize)	L	FolderSizeSvc.exe	Related to Folder_Size Adds an other column to your folder view. Note: Located in C:\Program Files\FolderSize\
Folding@Home (FAH@C:+FAH+fah-service+FAH502-Console.exe)	L	FAH502-Console.exe	Related to Stanford University - Folding@home is a distributed client computing effort by Stanford University http://tech-report.com/etc/folding/
Font Cache Downlevel	L	FontCacheService.exe	Service installed by the Microsoft Avalon open beta.
ForceWare Intelligent Application Manager (IAM)	L	nSvcAppFlt.exe	Related to Nvidia Corp. Intelligent Application Manager.
ForceWare IP service (nSvcIp)	L	nSvcIp.exe	Related to Nvidia Corp. Network Access Manager.
ForceWare user log service (nSvcLog)	L	nSvcLog.exe	Related to Nvidia Corp. Network Access Manager.
Fortech Proxy+	L	ProxyPlus.exe	FORTECH Ltd. http://www.proxyplus.cz/
Fortinet Service Scheduler (FA_Scheduler)	L	scheduler.exe	Related to Fortinet security systems are the new generation of real time network protection systems. Note: located in C:\Program Files\Fortinet\FortiClient\
Framework	O	srvany1234.exe	Unknown owner: Location C:\WINDOWS\system32\srvany1234.exe
Freeloader Monthly Subscription Service	L	Freeloader Monthly Subscription Service File.exe	Related to freeloader.com Online game services.
FreePOPs	L	freepopsservice.exe	FreePOPs is distributed by the GNU General Public License is intended to guarantee your freedom to share and change free software. Make sure your copy is not adware or includes a virus. Note: Located in C:\Program Files\FreePOPs\
FreeSSHDService	L	FreeSSHDService.exe	Related to OpenSSH A free SSH/SecSH protocol suite providing encryption for network services like remote login or remote file transfer. Note: located in C:\Program Files\freeSSHd\
FreezeScreenSaver	X	FreezeScreenSaver.exe	FREEZESCREENSAVER.EXE_is_Adware Note: Located in C:\WINDOWS\system32\
frepdll.exe	X	FREPDLL.EXE	Added by the W32/Tilebot-D WORM! Note: Gives the fake description "ET dll Locator tool". Read the link, rootkit type stealth involved.
FS Service Control	L	NTServApp.exe	Related to ArchestrA Software architecture for the integration of your automation systems.
fsbwsys	L	fsbwsys.exe	Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder.
Fujitsu Services VPN Manager (FS_VPNmanager)	?	FSVPNManager.exe	Appears to be software from Fujitsu
FUS_Server (USEPigeonServer)	X	FTPServer.exe	Added by the Troj/Hunpigon-RO TROJAN! Note: This trojan file is found in %windir%
FW Configuration Interpreter	L	UmxCfg.exe	Tiny Firewall
FW Event Manager	L	UmxAgent.exe	Tiny Firewall
FW Live Update	L	umxlu.exe	Tiny Firewall
FW Policy Manager	L	UmxPol.exe	Tiny Firewall
FW User to IP Address Translation	L	umxuta.exe	Tiny Firewall
FW User-Mode Helper (UmxFwHlp)	L	UmxFwHlp.exe	Tiny Software Firewall User-Mode Helper. Made by Tiny Software, Inc. A subsidiary of Computer_Associates_International The file associated with this service is located in the Program Files\Tiny Firewall folder.
fwnet64 (fwnet)	X	fwnet64.exe	Added by Backdoor.SDBot.gen Note: This worm\trojan is located in C:\%WINDIR%\
FwSRService	L	fwsrservice.exe	CheckPoint SecuRemote
gb	X	ibm*****.dll	Trojan-PSW:W32/Sinowal.CP Read the link, steals information Note: ***** is a 5 digit random number
GB-PVR Recording Service	L	gbpvrrecordingservice.exe	Part of GB-PVR Personal video recorder software
GBPoll	L	GBPoll.exe	Seems to be Roxio GoBack related
GbpSv	X	svchost.exe	Troj/Banker-EFM Read the link, steals information Note: Located in %windir%
GCX Service	X	GCXSRVC.EXE	Added by the RBOT.CUE WORM! Read the link, rootkit type stealth involved.
GEARSecurity	L	GEARSEC.EXE	Related to GEAR software.
Gene6 FTP Server	L	G6FTPSERVER.EXE	Related to Gene6 Sarl. http://www.g6ftpserver.com/
General Network Service	X	winsocks32.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here
generic host process (svchost)	X	svchost.exe	Added by the W32/Tilebot-BB WORM! Note: This is not the legitimate Windows process svchost.exe (Which is always found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Generic Host Process (svchost)	X	SVCHOST.EXE	Added by the SDBOT.CNK WORM! Note: This is not the legitimate Windows process svchost.exe (Which is always found in the System32 folder.) This trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Generic Host Process For Win32 Services (Generic Host Process)	X	svchost.exe	Added by the W32/Tilebot-DM WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.)
Generic Service for HID Keyboard Input Collections (GenericHidService)	L	HIDSERVICE.exe	Enhanced Driver for Keyboards and Windows http://www.microsoft.com/whdc/device/input/w2kbd.mspx
GFI LANguard N.S.S. 7.0 Attendant Service	L	lnssatt.exe	Related to GFI_LANguard_Network Security Scanner from GFi. Note: Located in C:\Program Files\GFI\LANguard Network Security Scanner 7.0\
GFI LANguard System Integrity Monitor 3 agent service	L	cfservice.exe	GFI LANguard System Integrity Monitor is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/XP system. Made by GFI_Software_Ltd File location is in the Program Files\GFI\System Integrity Monitor 3 folder.
GhostStartService	L	GHOSTS~2.EXE	Related to Norton. GHOSTSTARTSERVICE is the background support task/service for Ghost for Windows.
Giga Pocket Hardware Detector	L	shwserv.exe	Sony computers
gldr	X	gldr.exe	Trojan Related
Google Updater Service (gusvc)	L	GoogleUpdaterService.exe	Related to Google_Updater_Service Note: Located in C:\Program Files\Google\Common\Google Updater\
GoogleDesktopManager	L	GoogleDesktopManager.exe	Related to Google_Desktop_Manager Note: Located in C:\Program Files\Google\Google Desktop Search\
GoToMyPC	L	g2svc.exe	Related to Citrix Online
GoverLAN Service (GOVsrv)	L	GOVsrv.EXE	Owner:PJ Technologies Inc. See_Here
Gray (Pigeon)	X	Scrsss.exe	Added by the Troj/GrayBrd-AM TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
GrayPigeonServer	X	in.exe	Added by a variant of the Troj/GrayBrd-AP TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
GrayPigeonServer	X	G_Server2006.exe	Added by the Troj/Graybrd-EI TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder. More: delete this file also G_Server2006Key.DLL
GrayPigeon_Hacker.com.cn	X	winlogoin.exe	Added by the Troj/GrayBrd-BA TROJAN! Added by an unknown malware. Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder.
Gray_Pigeon (GrayPigeon)	X	.exe	Added by the Troj/GrayBrd-EH TROJAN! Note: This worm\trojan file is found in the Program Files folder.
Gray_Pigeon (GrayPigeon)	X	G_Server2.0.exe	Troj/Hupigon-CH Note: Located in %windir% Read the link, allows remote access
Gray_Pigeon_Serve (GrayPigeonServer)	X	G_Server.exe	Added by the Troj/Feutel-I or Troj/Feutel-AI TROJAN!
Gray_Pigeon_Server (GrayPigeonServer)	X	G_Server1.2.exe	Added by the Troj/GrayBrd-AP TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
Gray_Pigeon_Server1.236 (GrayPigeonServer1.236)	X	G_Server1.236.exe	Troj/Hupigon-RW Read the link, allows remote access
Gray_Pigeon_Server2.0 (GrayPigeonServer2.0)	X	G_Server2.0.exe	Added by the Troj/GrayBird-O TROJAN!
GreenBorder Client Manager Service (clnt_ClientMan)	L	ClientMan.exe	Related to GreenBorder Secure your browsing activities on the internet. Note: Located in C:\Program Files\GreenBorder\
GridIron X-Factor After Effects Peer #1 (XFACTORAE1)	L	xlr8d.exe	Related to GridIron Nucleo For digital post production professionals using Adobe® After Effects® on a multi-processor or new multi-core computer
Groove Installer Service	O	GrooveInstallerService.exe	???
GS30s	L	GS30s.exe	Related to Gizmo!_Secure USB flash drive software by Crucial
handle (handle)	X	handle.exe	Added by the SDBOT.CDD WORM! Read the link, rootkit type stealth involved.
Handling the DHCP requests (DHCP Client)	X	dhcpclient.exe	Most likely a W32.Toxbot_variant
Hardware Clock Driver (hwclock)	X	hwclock.exe	Added by the W32/Hwbot-A WORM!
Hardware Detection (Serv-U)	X	svchost.exe	Reported by Kaspersky Anti-Virus as Win32.Serv-U.gen Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This file is found in the System32\drivers\etc\data\ folder.
Hardware Monitor Service (Hardware Monitor)	X	mshms.exe	Added by the Troj/Wollf-A TROJAN!
Hardware Monitoring Program (ADMService)	L	admServ.exe	Related to Avocent Embedded Software and Solutions Division
Harmony	L	RSOBSERV.EXE	Related to Rockwell_Automation Inc. FactoryTalk suite
haxdrv	X	haxdrv.sys	Added by the Troj/Rootkit-U TROJAN! Read the link, rootkit type stealth involved.
hcalway	X	hcalway.sys	Added by the PigSearch Adware. Read the link, rootkit type stealth involved.
hexadecimal (HexadecimaRepresentation)	X	Edit.exe	Added by the W32/Sdbot-AAY WORM! Note: File name may be different. Read the link, rootkit type stealth involved.
HF30Service	L	HF30Service.exe	Related to Lock_Folder Password protection for files, folders, and drives. Note: Located in c:\Program Files\Everstrike Software\Hide Folder 3.1\
hgz	X	Hacker.com.cn.exe	Added by a variant of the Troj/Feutel-CJ TROJAN Note: This worm\trojan is located in C:\%WINDIR%\HgzServer\ Folder.
Hibernation	L	hibserv.exe	Related to Compaq-Hewlett Packard hibernation service.
HICOM LAN Bridge VCapiDrv (vcapidrv)	?	vcapintsvc.exe	Could be related to a new version of HICOM LAN Bridge?
HID Input Service WIN32 (HID_Input_Service_WIN32)	X	msiexecu.exe	Added by the Troj/Raser-AS TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Creates this file SndSystem.sys which acts as a rootkit.
HID Output Service (HODSrv)	X	hpsvc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Horario de Windows	L	services.exe	Spanish Windows 2000 "windows time"
host (host)	X	host.exe	Added by the Troj/GrayBrd-AR TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
host Service For Windows (mshost)	X	mshost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\
Host Services (Host Services)	X	svhosts.exe	Added by the W32/Tilebot-AC WORM! Note: This is not the legitimate Windows process svchost.exe (Notice the difference in the spelling.) This worm\trojan file (svhosts.exe) is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Host Services (Host Services)	X	myhost.exe	Added by the W32/Tilebot-AT WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Hotplug Devices Manager	X	hotplug.exe	Added by the W32.Orpheus.A WORM!
Hotspot Shield Service (HotspotShieldService)	L	openvpnas.exe	Related to Hotspot_Shield helps secure your computer, your anonymity and your online communications when using free wi-fi. Note: Located in C:\Program Files\Hotspot Shield\bin\
Houdini License Client (HoudiniServer)	L	hserver.exe	Related to Houdini_License_Server from Side Effects Software Inc. Note: Located in C:\WINDOWS\system32\
Houdini License Server (HoudiniLicenseServer)	L	sesinetd.exe	Related to Houdini_License_Server from Side Effects Software Inc. Note: Located in C:\WINDOWS\system32\
HP Configuration Interface Service	L	HPConfig.exe	HPConfig Module
HP Hard Drive Thermal	L	HDThermal.exe	Related to Hewlett-Packard company.
HP Insight Event Notifier (CIMnotify)	L	cimntfy.exe	Related to HP products
HP Insight Foundation Agents (CqMgHost)	L	cqmghost.exe	Related to HP products
HP Insight NIC Agent (CpqNicMgmt)	L	cpqnimgt.exe	Related to HP products
HP Insight Server Agents (CqMgServ)	L	cqmgserv.exe	Related to HP products
HP Insight Storage Agents (CqMgStor)	L	cqmgstor.exe	Related to HP products
HP OpenView Trace Service	L	OVTrace.exe	HP OpenView Internet Services
HP Port Resolver	L	hpbpro.exe	Related to Hewlett-Packard Company
HP ProLiant Remote Monitor Service (CpqRcmc)	L	CpqRcmc.exe	Related to HP_ProLiant_Remote_Monitor_Service Note: This file is located in C:\%WINDIR%\
HP ProLiant System Shutdown Service (sysdown)	L	sysdown.exe	Related to HP products
HP RF Device Service	L	HpRfDev.exe	support for HP managing wireless devices
hp service (Hpsys)	X	hpsys.exe	Added by the W32/Codbot-AF WORM! Note: This service has nothing to do with HP. This worm\trojan file is found in the System32 folder.
HP Status	L	hpb2ksrv.exe	Related to Hewlett-Packard Company
HP Status Print	L	hpbhksrv.exe	Related to Hewlett-Packard company.
HP Status Server	L	hpboid.exe	Related to Hewlett-Packard Company
HP System Management Homepage (SysMgmtHp)	L	smhstart.exe	Related to HP products
HP Version Control Agent (cpqvcagent)	L	vcagent.exe	Related to HP products
HP WMI Interface (hpqwmi)	L	HPQWMI.exe	Related to Hewlett-Packard
hpdj	?	hpdj.exe	Maybe HP related? Sits in TEMP folder.
hpdj	L	hpztsb04.exe	Hewlett Packard printer toolbox, sits in taskbar. Path to executable file - %windir%\system32\spool\drivers\w32x86\3\
hpdriver	X	hpdriver.sys	Added by the Troj/Rootkit-AA TROJAN! Note: This trojan file is found in the System32 folder. Read the link, rootkit type stealth involved.
HpPrinter	X	hpserver.exe	Added by the Troj/CmjSpy-W Trojan!
hpqwmiex	L	hpqwmiex.exe	Related to HP_ProtectTools security manager
HPR34K8	X	hpr34k8.sys	Added by the Troj/Rootkit-AA TROJAN! Read the link, rootkit type stealth involved.
HPWirelessMgr	L	HPWirelessMgr.exe	Located in HP Notebook Utilities - guessing for wireless connection.
HTTP SSL (HTTPFilter)	L	lsass.exe	Related to Application_Isolation_Mode_Functions Microsoft IIS 6.0. Note: Located in C:\%WINDIR%\System32\
huapeak	?	huapeak.exe	Unknown origin.
Hummingbird Inetd (HCLInetd)	L	inetd32.exe	Related to Hummingbird Ltd. - http://www.hummingbird.com/
Hummingbird Jconfig Daemon (Jconfigd)	L	jconfigdnt.exe	Related to Hummingbird Ltd. - http://www.hummingbird.com/
HXD Service 100 (HackerDefender100)	X	newka.exe	Virus http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39265
H_Server (H_Server)	X	G_Server.exe	Added by the Troj/GrayBird-W TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
i386p	X	I386P.SYS	Added by the Backdoor.Rustock TROJAN! Found in the System32\drivers folder. Read the link, rootkit type stealth involved.
IAA Event Monitor	L	iaantmon.exe	Intel related
Iap	L	Iap.exe	Related to Dell OpenManage Client Instrumentation.
IBM Automatic Server Restart Executable (ibmasrex)	L	ibmasrex.exe	Unknown owner :Location C:\WINDOWS\system32\ibmasrex.exe Related to IBM servers.
IBM CICS Transaction Gateway (IBMCICSTransactionGateway)	L	CTGSERVICE.EXE	Related to IBM Corp.
IBM CICS Universal Client (CICSClient)	L	cclserv.exe	Related to IBM Corp.
IBM Enterprise Extender (ldlcserv)	L	ldlcserv.exe	Related to IBM Corp. - http://www.anti-spy.info/process/ldlcserv.exe.html
IBM HDD APS Logging Service (TPHDEXLGSVC)	L	TPHDEXLG.EXE	Related to IBM's Active_Protection_System Made by the IBM_Corporation The file associated with this service is located in the System32 folder.
IBM KCU Service	L	TpKmpSVC.exe	related to IBM ThinkPad
IBM Mobility Client DHCP Control (artdhcp)	L	artdhcp.exe	Related to IBM_Mobility_Client DHCP Control Note: Located in C:\Program Files\IBM\Mobility Client\
IBM MQSeries	L	amqsvc.exe	IBM WebSphereÂ® MQ to exchange information across different platforms
IBM PM Service	L	ibmpmsvc.exe	Power management driver for IBM laptops
IBM PSA Access Driver Control	L	PsaSrv.exe	related to Professional Services Automation (PSA) from SharpOWL
IBM Rapid Restore Ultra Service	L	rrpcsb.exe	related to Xpoint Technologies
IBM Trace Facility (TrcBoot)	L	trcboot.exe	Related to IBM Corp.
IBM User Verification Manager	L	uvmserv.exe	Related to IBM_User_Verification_Manager (UVM) secure logon interface. Note: located in C:\Program Files\IBM\Security\
IBM WebSphere Application Server V5 - server1 (IBMWAS5Service - server1)	L	wasservice.exe	Related to IBM WebSpere server.
IBWin Service	L	IBWin Service.exe	Related to IBackUp_for_Windows Backup on character sets other than US/English. Note: Located in C:\Program Files\IBackup For Windows\
iClarityQoSService	L	QosServM.exe	Related to Avaya_IP Softphone. Note: Located in C:\WINDOWS\system32\
ICONICS License Server (GenRegistrar) (GenRegistrar)	L	GenRegistrarServer.exe	Related to ICONICS Inc. Visualization and Automation software products
ICQ Update Service (ICQUPD)	X	kpsf.sys	Detected as Backdoor.HackDefender. Rootkit type stealth involved.
ICRAplus	L	ICRAplus.exe	Related to ICRAplus internet filter, parental control etc. Note: Located in C:\Program Files\ICRAplus\ICRAplus\
icrss manager 32bit (icrss)	X	icrss.exe	Added by the W32/Rbot-FZB WORM! Note: Located in C:\WINDOWS\system\
icservice - ONTRACK Data International, Inc.	L	icserv.exe	Related to SuperAdBlocker
iD2 Smart Card Server (id2scaps)	L	id2scaps.exe	iD2 is a client product that brings security, user authentication and digital signatures to standard Internet browsers by utilising Smart Cards and the client-side of the SSL protocol.
ieupdater (Microsoft IE Updater)	X	ieupdate.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Documents and Settings\user name\Local Settings\Temp\
ieupdater1 (Microsoft IEUpdater1)	X	ie_updater.exe	Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\
ieupdater2 (Microsoft IE Updater2)	X	~tmp0374.exe	Related to a variant of the Malware.IFN.dropper family. Note: Located in C:\Documents and Settings\(user name)...\ Note: filename is random.
ieupdater2 (Microsoft IEUpdater2)	X	ie_updater.exe	Added by the Troj/Bckdr-QGB TROJAN! Note: This Trojan is located in C:\ ROOT folder.
ieupdater21 (Microsoft IEUpdater21)	X	ie_updater.exe	Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\
ieupdater22 (Microsoft IEUpdater22)	X	ie_updater.exe	Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\
iexplorer (iexplorer)	X	iexplorer.exe	Added by the Troj/Singu-U TROJAN! Note: This trojan file is found in the System32 folder
IgniteService.exe	L	IgniteService.exe	Related to Accenture_Media_Viewer
Image Converter video recording monitor for VAIO Entertainment	L	IcVzMon.exe	Related to Sony_VAIO computers.
ImagePath (VGADown)	X	avp.exe	Troj/Maran-AA Read the link, steals information
ImagePath (win32ssr)	X	win32ssr.exe	Added by the W32/Sdbot-AMA WORM! Read the link, rootkit type stealth involved.
IMail FINGER Server (FINGRD32)	L	FINGRD32.exe	Related to Ipswitch Inc. Network Management.
IMail IMAP4 Server (IMAP4D32)	L	IMAP4D32.exe	Related to Ipswitch Inc. Network Management.
IMail LDAP Service (OpenLDAP-slapd)	L	slapd.exe	Related to Ipswitch Inc. Network Management.
IMail Monitor Service (IMONITOR)	L	IMonitor.exe	Related to Ipswitch Inc. Network Management.
IMail POP3 Server (POP3D32)	L	POP3D32.exe	Related to Ipswitch Inc. Network Management.
IMail PWD Server (PSERVE)	L	PSERVE.exe	Related to Ipswitch Inc. Network Management.
IMail Queue Manager Service (QUEUEMGR)	L	queuemgr.exe	Related to Ipswitch Inc. Network Management.
IMail SMTP Server (SMTPD32)	L	smtpd32.exe	Related to Ipswitch Inc. Network Management.
IMail Sys Logger Service (SYSLOGD)	L	SYSLOGD.exe	Related to Ipswitch Inc. Network Management.
IMail Web Calendar Service (IWEBCAL)	L	IWebCal.exe	Related to Ipswitch Inc. Network Management.
IMail Web Service (IWEBMSG)	L	iwebmsg.exe	Related to Ipswitch Inc. Network Management.
IMail WHOIS Server (WHOISD32)	L	WHOISD32.exe	Related to Ipswitch Inc. Network Management.
IMAPI CD-Burning COM Service	L	ImapiRox.exe	IMAPI CD-Burning COM Service
IMAPI CD-Burning COM Service (ImapiService)	L	imapi.exe	Related to recording of CDs.
IMountSRV	L	IMountSRV.exe	Related to Paragon hard_disk_manager
Inbound Distributor Service	L	inbounddistributorservice.exe	Related to Inbound_Logistics
InCD File System	L	InCDsrv.exe	InCD Packet Writer related.
InCD Helper	L	InCDsrv.exe	InCD Packet Writer service from Nero Burning ROM (Ahead Software)
Independent Management Architecture (IMAService)	L	ImaSrv.exe	Related to Citrix MetaFrame
Index Service (b3)	X	dllhost32.exe	Added by the WORM_AGOBOT.CH WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Indexing Helps (Indexingbox)	X	svchest.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More] here
Indexing The System Files (Indexing Service)	X	winupdatez.exe	winupdatez.exe
Indexings Services	X	systen32.exe	Added by a variant of the W32/SDBOT WORM! Note: C:\Program Files\Common Files\Microsoft Shared\MSINFO\
Inicio de sesiÃ³n red	L	lsass.exe	Spanish Windows 2000 net logon
Input Service (Input_Service)	X	msiexecu.exe	Added by a variant of the Troj/Raser-AS TROJAN. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here
Input Virtual Component (AVCMSC)	X	msipsvc.exe	Added by a variant of the SdBot.aad family of TROJAN! Note: Located in C:\%WINDIR%\System32 (XP/WinNT/2K)
Install Driver Manager (Install Driver Table Manager)	X	wpablan.exe	Added by the W32/Sdbot-CWR TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder.
InstallDriver Service (ISDS)	X	csscv.exe	Added by the W32/Sdbot-CPL WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
InstallDriver Table Manager	L	IDriverT.exe	Related to Macrovision Corporation.
InstallShield Licensing Service	L	InstallShield Licensing Service.exe	Related to InstallShield_Licensing_Service from Macrovision. Create high-quality software installation engines.
InstantÃ¡as de volumen	L	vssvc.exe	Volume Shadow Copy Service found in Windows XP and 2003.
Instrumental de administraciÃ³e Windows	L	WinMgmt.exe	Spanish Windows 2000 windows management instrumentation
Integrated Multimedia Server	L	ImmsService.exe	Related to Integrated_Multimedia_Server MultiMedia Router from NetGear. Note: Located in C:\Program Files\NETGEAR\MEDIAS~1\
Intel Alert Handler	L	hndlrsvc.exe	Related to Intel Corp.
Intel Alert Originator	L	iao.exe	Related to Intel Corp.
Intel CI Manager	L	CiMgrLdr.exe	Related to Intel Corp.
Intel Client Instrumentation for DMI (ni_nic)	L	ni_nic.exe	Intel Client Instrumentation for DMI
Intel File Transfer	L	xfr.exe	Related to Intel Corp.
Intel IIDS	L	IIDS.exe	Related to Intel Corp.
Intel Local Scheduler Service	L	LOCALSCH.EXE	Part of LANDesk Management Suite.
Intel NCS NetService (NetSvc)	L	NetSvc.exe	Intel NCS NetService
Intel PDS	L	pds.exe	Related to Intel Corp.
Intel QIP Client Service	L	QIPCLNT.EXE	Part of LANDesk Management Suite.
Intel Speedstep Technology	X	intelst.exe	Win32/IRCBot.worm.128512.H
Intel SSM	L	ssm.exe	Related to Intel Corp.
Intel Targeted Multicast	L	tmcsvc.exe	Part of LANDesk Management Suite.
Intel(R) NMS	L	NMSSvc.exe	NIC Management Service - diagnostics program for Intel Pro family network cards
IntelÂ® Active Monitor (imonNT)	L	imonnt.exe	http://www.liutilities.com/products/wintaskspro/processlibrary/imonnt/
IntelÂ® NMS	L	NMSSvc.exe	Related to Intel Corp.
Intel® Alert Service (AlertService)	L	AlertService.exe	Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\CCU\
Intel® Application Tracker (MCLServiceATL)	L	MCLServiceATL.exe	Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\
Intel® Desktop Utilities Service (iHCService)	L	IDUServ.exe	Related to Intel® Desktop_Utilities service from OSA Technologies. Inc. Note: Located in C:\Program Files\Intel\IDU\ NoteNow owned by Avocent_Corporation, http://www.avocent.com/web/en.nsf/Content/04072004-F
Intel® Quick Resume Technology Drivers (ELService)	L	ELService.exe	Related to Intel® _Quick_Resume_Technology Drivers. Note: Located in C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\
Intel® Remoting Service (Remote UI Service)	L	Remote UI Service.exe	Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\
Intel® Software Services Manager (ISSM)	L	ISSM.exe	Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\
Intel® Viiv™ Media Server (M1 Server)	L	mediaserver.exe	Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\
Interbase Guardian	L	ibguard.exe	Interbase database server related
InterBase InterClient Server	L	interserver.exe	Interbase database server related
InterBase Server	L	ibserver.exe	Interbase database server
Internet Connection Manager	X	(random name).exe	Troj/Agent-ELW
Internet Connection Monitor Engine	L	ICMNT.EXE	User reports that it's for a Home Router from Deerfield Communications www.deerfield.com/
Internet Explorer (Internet Explorer)	X	Internet.exe	Added by the Troj/Feutel-AA TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Internet Proxy	L	InternetProxy.exe	Related to ICRAplus internet filter, parental control etc. Note: Located in C:\Program Files\ICRAplus\ICRAplus\
Internet Service Manager (INETSVC)	X	INETSVC.EXE	Added by the Backdoor.Win32.SdBot.xd detected by Kaspersky More: Here Note: This worm\trojan is located in C:\%WINDIR%\
Internet TCP Protocol (Win_ad)	X	TCPServer.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\wadsys\ (Win9x/Me), C:\%WINDIR%\wadsys\ (XP/WinNT/2K)
internew (internew)	X	system.exe	Added by the Troj/Cmjspy-BN TROJAN!
InterPlot IMF Printer Driver Service	L	pidrpcs.exe	InterPlot device drivers - See Here InterPlot/Overview.htm
Intespention (Win32)	X	IEXPLORE.exe	Added by the W32/Forbot-FL WORM!
Intranet Service (IntranetService)	X	intranet.exe	Owner:Brought to you by the Bandwidth Bandits. Location: C:\WINDOWS\SYSTEM32\intranet.exe
Intuit Entitlement Service v2	L	Intuit.Spc.Map.EntitlementClient.Server.Service.exe	Related to Intuit_Entitlement_Service Installed with Intuit QuickBooks Point Of Sale software. Note: Located in C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\
Intuit QuickBooks FCS (QBFCService)	L	Intuit.QuickBooks.FCS.exe	Part of Intuit QuickBooks software
InVircible Scheduler (IVScheduler)	L	IVSCHED.EXE	Security software package to protect personal computers and PC networks. Owner: NetZ Computing Ltd. Israel. InVircible
iolo DMV Service (ioloDMV)	L	ioloDMVSvc.exe	Part of system mechanic
iolo System Guard	L	IoloSGCtrl.exe	Related to System_Mechanic by Iolo
Iomega Active Disk	L	ADService.exe	Related to Iomega Corporation
Iomega Activity Disk2	L	ActivityDisk.exe	ActivityDisk Iomega Corporation SmartSoft ActivityDisk
Iomega App Services	L	AppServices.exe	Iomega related
IomegaAccess	L	IOMEGAACCESS.EXE	related to Iomega Backup
ION Java Daemon 2.0	L	ion_srv.exe	Related to ITT_Visual_Information_Solutions ION Script is a powerful tool for creating Web-based IDL visualization and analysis applications. Note: Located in C:\Program Files\RSI\IDL60\products\ion20\ion_java\bin\
ION Java Daemon 6.1	L	ion_srv.exe	Related to ITT_Visual_Information_Solutions ION Script is a powerful tool for creating Web-based IDL visualization and analysis applications. Note: Located in C:\Program Files\RSI\IDL61\products\ion61\ion_java\bin\
Ip4Sec (Ip4Sec)	X	ip.sys	Added by the Satiloler.E TROJAN! Read the link, rootkit type stealth involved.
Ip6Fw	X	ip6fw.sys	Troj/Agent-ELV
iPAHelper.exe	L	iPAHelper.exe	Related to iPod_Access for Windows. Note: Located in C:\Program Files\iPod Access for Windows\
iPassConnectEngine	L	iPassConnectEngine.exe	Related to iPassConnect Universal Client. iPass addresses the needs of both users and IT by making safe, simple and effective network access a reality, no matter where end users are located. Note: Located in C:\Program Files\iPass\iPassConnect iRAS\
iPod Service	L	iPodService.exe	Related to Apple iPod.
iPodSrv	L	iPodSrv.exe	Related to iPod Apple software. Note: located in C:\Program Files\iPod\bin\ in Windows 2000/XP/2003.
IPODT1000 (ssipod1)		ssipod1.sys	Troj/Goldun-FI
IPRIP	X	ipripst.dll	Detected as W32/Mofei-V Located in \ipripst.dll
IPRIP (IPRIP)	X	svchost.exe -k netsvcs	Added by the Backdoor.Ripgof TROJAN! Read the link, rootkit type stealth involved.
IPS Core Service (IPSSVC)	L	IPSSVC.EXE	A VPN client service found in Lenovo Thinkpad. Note: located in C:\WINDOWS\system32\
Ipswitch WS_FTP Queue (ftpqueue)	L	ftpsched.exe	Related to Part of WS_FTP Pro from Ipswitch. Note: Located in C:\Program Files\WS_FTP Pro\
Ipswitch WS_FTP Service (iFtpSvc)	L	iFtpSvc.exe	Related to Ipswitch_WS_FTP The main exe file of WS-FTP server. Note: Located in C:\iFtpSvc\
IPtable	X	ipconfig32.exe	Added by the W32/Tilebot-AP WORM! Note: This worm file is found in the Windows or Winnt folder.
IPv6 Helper Driver	X	csass.exe	Added by the AGOBOT.TC WORM!
IPX/SPX (NWLink)	X	usbmini.sys	Troj/Proxy-CY Note: Located in %windir%\system32\drivers Read the link, allows remote access
IrBridge User-Level Interface (USRBRIDG)	L	usrbridg.exe	Related to the Extended Systems infrared port, made by Extended_Systems Inc. This file should be located in the Windows\System32\ or Winnt\System32 folder.
ISAM SMT Service (ISAMsmt)	L	isamsmt.exe	Related to IBM Global Services - http://www.anti-spy.info/process/isamsmt.exe.html
iSeries Access for Windows Remote Command (Cwbrxd)	L	CWBRXD.EXE	Related to IBM Corporation. http://www.ibm.com/
ISEXEng	X	angelex.exe	Bargain Buddy variant
ISP Ampi Service	X	isampi.exe	Added by the W32/Tilebot-JJ WORM! Note: This worm is located in C:\%WINDIR%\ Read the link, allows remote access
ISSI EZUpdate (ISSIMon)	L	issimsvc.exe	Related to Ibm_Global_Services Used internally by IBM for automatic updating of software and microsoft patching Note: Located in c:\sdwork\
ISSvc	L	ISSVC.exe	Related to Norton Internet Security
Italian Grand Prix	X	grand.exe	Added by the W32/Spybot-MK WORM! Note: C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
iTunes Music Service (iTunesMusic)	X	iTunesMusic.exe	Added by W32.Spybot.NLX WORM! Rootkit Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
IWin service	X	iwinapp.exe	Added by a variant of the Trojan/Backdoor TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Ixia Endpoint (IxiaEndpoint)	L	endpoint.exe	Added by Ixia_Endpoint Note: Located in C:\PROGRA~1\NetIQ\Endpoint\
Jaguar	L	jagsrv.exe	Related to Sybase_EAServer Note: Located in C:\Sybase\EAServer\bin\
Java development Services	X	logins32.exe	Added by the W32/Tilebot-HC WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Steal information from Protected Storage
Java development Services	X	windows.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Java inetice	X	realetin.exe	Added by the Troj/Bckdr-PQM TROJAN! Note: This worm\trojan is located in C:\Program Files\Common Files\Microsoft Shared\MSINFO\
Java Sun Scheduler (JUSCHED)	X	jusched.exe	Added by the W32/Sdbot-CQC WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. More here
JavaPlatform64	X	JavaPlatform	Added by the W32/Kassbot-M WORM! Note: Located in C:\%WINDIR%\
JiurlPortHide (JiurlPortHide)	X	JiurlPortHide.sys	Added by the Troj/Progent-A TROJAN!
jsdaemon	L	jsdaemon.exe	Related to fax service from JetFax Inc.
Juniper Network Connect Service (dsNcService)	L	dsNcService.exe	Related to Juniper Networks Inc. Networking Platform.
K4NV	X	k4nv.exe	Added by a variant of the Trojan.K4NV.Process WORM! Note: located in C:\WINDOWS\k4nv.exe
K9 Time Synchronization	L	k9nt.exe	Related to HC Mingham-Smith Limited http://www.kaska.demon.co.uk/history.htm
Kaseya Agent	L	AgentMon.exe	Related to Kaseya Inc.
Kaspersky Anti-Virus 6.0 (AVP)	L	avp.exe	Related to Kaspersky_Anti-Virus Note: Located in C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\
Kaspersky Anti-Virus Service (KLBLMain)	L	kavmm.exe	Related to Kaspersky virus removal program.
KAV Monitor Service	L	avpm.exe	Kaspersky AntiVirus
kavsvc	L	kavsvc.exe	Kaspersky AntiVirus
kbdrv64	X	KBDRV64.SYS	Added by the TROJ_ROOTKIT.K TROJAN! Read the link, rootkit type stealth involved.
kdc	X	svchost.exe -k kdc	Added by the Fuwudoor TROJAN!
Kerberos Key Transaction Coordinator (kerbkey)	L	kerb.exe	Verify one computer's identity to another and to set up encryption keys for a secure connection between them. http://www.computerworld.com.au/index.php/id;886626422;fp;512;fpid;6860893
Kerio MailServer (KerioMailServer)	L	mailserver.exe	Related to Kerio_MailServer Note: Located in C:\Program Files\Kerio\MailServer\
Kerio Personal Firewall	L	persfw.exe	Kerio Firewall
Kerio Personal Firewall 4 (KPF4)	L	kpf4ss.exe	Related to Kerio Personal FireWall.
Kernell32	X	termsv.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Keyboard Service System Files (Keyboard Service)	X	navupdate64.exe	Added by a variant of the WIN32.RBOT WORM! Note: This worm file is found in the System32 folder.
Kingsoft Antivirus KWatch Service (KWatchSvc)	L	KWatch.EXE	Related to Kingsoft_Antivirus virus protection and content filtering. Note: located in C:\KAV***\ [ = 4 digits representing the year.]
Kingsoft Personal Firewall Service (KPfwSvc)	L	KPfwSvc.EXE	Related to Kingsoft_Antivirus virus protection and content filtering. Note: located in C:\KAV***\ [ = 4 digits representing the year.]
kingxxx	X	svchost.exe	Troj/PWS-ACY , http://www.sophos.com/security/analyses/trojpwsacy.html Note: Located in %programfiles%\windows media player
Knob Service (KNOBSERV)	L	KnobService.exe	File belongs to Acer_Inc
Kodak Camera Connection Software	L	KodakCCS.exe	Kodak Software to connect digital cameras
konfig	L	mcp.exe	Transbase® CD, http://www.transaction.de/ permits the distribution of data base contents on CD/DVD ROM and a following actualization of the data over the Web to Transbase® CD unites in ideal way variable and static data. Note: Located in c:\opt\MBCASE\pm\bin
KONICA MINOLTA PageScope Net Care (PageScope Net Care Service)	L	JavaService.exe	Related to KONICA_MINOLTA_PageScope a client-server network printer management utility included with all KONICA MINOLTA printers. Note: Located in C:\Program Files\KONICA MINOLTA\PageScope Net Care\
KSD2Service	X	ravsvc.exe	Win-Trojan/Downloader.8804
KSD2Service	X	notaped.exe	Troj/DownLd-ABB
KSD2Service	X	WINL0GON.exe	Troj/Dloadr-AXH
KService	?	KService.exe	Added by KService It's part of a peer to peer package people agree to when signing up with 'Sky By Broadband' but it seems to be causing afew concerns over bandwidth use, the recurring issue when this is in logs is slow speeds, it doesnt uninstall when you remove Sky By Broadband and does not have a Add/Remove screen entry but it is a genuine service as Sky clearly state what it is on their site and in the terms and conditions. Removal Application provided by Sky READ_THE_INSTRUCTIONS Note: Located in C:\Program Files\KService\
KService	L	KService.exe	"Kontiki Delivery Management System" The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers" NoteLocated in C:\Program Files\Kontiki
LANDesk Remote Control Service (ISSUSER)	L	issuser.exe	Related to LANDesk_Remote_Control Service. Note: Located in C:\Program Files\LANDesk\LDClient\
LANDesk® Management Agent	L	residentagent.exe	Part of LANDesk Management Suite.
lanmandrv	X	lanmandrv.sys	Troj/Agent-ELF
LanSafe Power Monitor (LanSafe PM)	L	PowerMonitor.exe	Related to LanSafe_Power_Monitor from Powerware. Uninterruptible Power Supply Note: Located in C:\Program Files\Powerware\LanSafe\Bin\
LanSafe Process Manager	L	xyntservice.exe	Related to LanSafe_Process_Manager from Powerware. Uninterruptible Power Supply Note: Located in C:\Program Files\Powerware\LanSafe\Bin\
Lavasoft Personal Firewall Service (LavasoftFirewall)	L	lpfw.exe	Related to Lavasoft_Personal_Firewall service. Note: Located in C:\Program Files\Lavasoft\Personal Firewall\
LckFldService	?	LckFldService.exe	? Could be related Proland Software. ? - http://www.pspl.com/
LCS	L	lcs.exe	Related to 3Com Wireless USB Utility Located in C:\Program Files\3COM Technology Corporation
LEC TranslateDotNet Server	L	LogoMedia TranslateDotNet Server.exe	Translates email, web pages, documents and instant messages. Made by the Language Engineering Company, for more information Click_Here File location is in the Program Files\Power Translator folder.
Leica Microsystems Data Container V1	L	LMSDataContainerServer.exe	Related to Leica_Microsystems Now Vistec_Semiconductor_Systems advanced technologies in optics.
Lexar JD31 (LxrJD31s)	L	LxrJD31s.exe	Lexar "JumpDrive" driver. From Lexar_Media_Inc
Lexar Secure II (LxrSII1s)	L	LxrSII1s.exe	Related to Lexar_Media Inc. removable flash memory cards, USB flash drives, card readers etc...
Lexar SG20	L	LxrSG20s.exe	Related to Lexar_Media Inc. Lexar offers a wide range of storage products. Note: Located in C:\WINDOWS\SYSTEM32\
LexBce Server	L	LEXBCES.EXE	Lexmark Printer Service
LibUsb-Win32 - Daemon, Version 0.1.8.0	L	libusbd-nt.exe	LibUsb open-source USB driver
LicCtrl Service	L	runservice.exe	Part of the eLicense Copy Protection scheme employed by some software and games. (Castlecops Startup List)
License Agent	L	cla.exe	License Agent for the HiPath 1220 digital PBX system from Siemens. For more information Click_Here File location is in the Program Files\Licensing\License Agent\bin folder.
License Management (CLMTomcatStarterSvc)	L	tomcat.exe	Related to Apache_Tomcat Owner: Alexandria Software Consulting.
License Management Service ESD	L	Licence Manager ESD.exe	Related to the Licence_Manager_ESD.exe is the element5 License Management Service, used by some software for license checking and management. Leave it alone to ensure the software installed on your computer working properly. Note: located in C:\Program Files\Common Files\element5 Shared\Service\
LicenseManagerSocket	L	LicenseManagerSocket.exe	Related to UIC License Manager a propriatiry Sofstware. Used to activate a software on customer computers for a specified length of time. Note: Located in C:\Program Files\Universal Instruments\License Manager\
LightScribeService Direct Disc Labeling Service (LightScribeService)	L	LSSrvc.exe	LightScribe related to Hewlett Packard
LiveShare P2P Server	L	RoxLiveShare.exe	Related to Roxio_Inc
LiveShare P2P Server 9 (RoxLiveShare9)	L	RoxLiveShare9.exe	Related to Roxio_Inc
LiveUpdate	L	LUCOMS~1.EXE	Related to Norton Internet securty suite and provides up to date antivirus data for your Norton Anti-virus product. (Filename is LUCOMSERVER.EXE, or LUCOMSERVER_2_5.EXE)
LiveUpdate Notice Service	L	PIFSvc.exe	Related to LiveUpdate_Notice_Service from Symantec Note: Located in C:\Program Files\Common Files\Symantec Shared\PIF\
LmHosts	X	svchost.exe -k LmHosts	Added by the Fuwudoor TROJAN!
LMMng (memlow)	X	memlow.sys	Added by the Troj/Haxdoor-AA TROJAN!
Loading Outpost Connections	X	cmdtel.exe	Win32.Bagz.i email virus
Local Network Service (algs)	X	gettfo.exe	Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. The filename can be different
Local Security Authority Server (LSaServ)	X	lsasrv.exe	Detected as W32/Hupigon.gen76 by F-Secure Note: Located in %windir%\cursors
Local Security Authority Subsystem Library (LSA Server)	X	lsasrv.exe	Added by the Win32/Amahkey.F TROJAN! Note: This trojan is located in C:\%WINDIR%\
Local Security Authority Subsystem Service (lsass)	X	lsass.exe	Added by the W32/Tilebot-AK or W32.Spybot.ABDO WORM! Note: This is not the legitimate Windows process lsass.exe (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder.
Local Security Authority System Service (lsass)	X	lsass.exe	Added by the W32/Rbot-AJA WORM! Note: This is not the legitimate Windows process lsass.exe (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Local Security Policy (Windows Local Security Policy)	X	wpablan.exe	Unidentified SDbot, probable variant of "W32/Sdbot-CWR".
Local Service (LocalSystem)	X	chfmon.exe	Added by the W32/Agobot-AIM WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Read the link, allows remote access, steal information ...
Logical Disk Manager Administrative Service	L	dmadmin.exe	Veritas logical disk manager
Logitech (Logitech Checker)	X	logitech.exe	Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder
Logitech Bluetooth Service (LBTServ)	L	LBTSERV.EXE	Related to bluetooth products from Logitech
Logitech MM50 Kernel Drivers	X	mm50krnl.exe	W32/Spybot-NT Read the link, allows remote access
Logitech Process Monitor (LVPrcSrv)	L	LVPrcSrv.exe	Related to Logitech QuickCam Provides additional configuration options for these devices.
LogMeIn	L	LogMeIn.exe	Related to LogMeIn LogMeIn Rescue is used by IT helpdesks to provide instant remote support to customers and employees. Note: located in C:\Program Files\LogMeIn\
Logon Process (WinLogon)	X	winlogon.exe	Added by a the Win32.IRCBot.zx Spyware WORM! a variant of the W32/IRCBot-UN Note: This worm\trojan is located in C:\%WINDIR%\
LOGON suport service	X	IES4SERVICE.SYS	Added by the Goldun.G TROJAN! Note: This trojan file is found in the System32 folder.
Logon Task Manager	X	symon.exe	Added by the Worm_Ircbot_Gen TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Logon Terminal Manager	X	spoolsc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
LogonSvc (LogonSvcID)	L	logonsvc.exe	Related to E-Pop web conferencing Note: Located in C:\Program Files\E-Pop\
Lookout Citadel Server (LkCitadelServer)	L	lkcitdl.exe	Related to Lookout_Citadel_Server From National Instruments, Inc. Note: Located in C:\WINDOWS\system32\
Lotus Notes Single Logon	L	nslsvice.exe	IBM Lotus Notes Single Logon Service - http://www.anti-spy.info/process/nslsvice.exe.html
Lpdriver (Lpdriver)	X	lpdriver.sys	Added by the W32/Tilebot-H or W32/Sdbot-ADG WORM! Note: This worm file is found in the System32 folder.
LSA Server	X	lsasrv.exe	Win32/IrmBot.worm.215040 Note: Located in %windir%
LSA Shel (Export Version)	X	lsass.exe	Added by the W32/Tilebot-HQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
LSA Shell Export-Version	X	lsass.exe	Added by the W32/Tilebot-IU WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
lsass (lsass)	X	lsass.exe	Added by the W32/Rbot-AIC WORM! Note: This is not the legitimate Windows process. (Which is always found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
lsass (Workstations)	X	autoexec.exe	Added by the W32/Sdbot-AFN WORM! Note: This worm file is found in the System32 folder.
LsassFTP daemon (LsassFTPD)	X	LsassFtpd.exe	Added by the SDBOT.CDW WORM! Read the link, rootkit type stealth involved.
LsassFTPzz daemon (LsassFTPDzz)	X	LsassFtpdz.exe	Added by the W32/Rbot-ARL WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Lsdiorw	L	lsdiorw.exe	Part of macdisk
LVSrvLauncher	L	SrvLnch.exe	Related to Logitech products
LWWLicenseService	L	LWWLicenseService.exe	Related to Wolters_Kluwer The Professional's First Choice for information, tools and solutions that help professionals make their most critical decisions. Note: located in C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\
lxbs_device	L	lxbscoms.exe	Related to LXB_Device LXB provides, secure backup.
lxbt_device	L	lxbtcoms.exe	Lexmark International services. http://www.lexmark.com/
lxbu_device	L	lxbucoms.exe	Related to Lexmark Printers. Provides additional configuration options for these devices
lxbx_device	L	lxbxcoms.exe	Related to Lexmark International, Inc Printer service. Note: located in C:\WINDOWS\System32\
lxby_device	L	lxbycoms.exe	Related to Lexmark Printer service. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
lxcc_device	L	lxcccoms.exe	Related to Lexmark International, inc. Communication module for Lexmark products. Disabling will cause loss of functionality.
lxcd_device	L	lxcdcoms.exe	Related to Lexmar Lexmark International, Inc. Printers Note: Located in C:\WINDOWS\System32\
lxce_device	L	lxcecoms.exe	Related to Lexmark, Inc. printers
lxcf_device	L	lxcfcoms.exe	Lexmark printer related
LXCGCustomerConnect	L	LXCGserv.exe	Related to Lexmark_Inkjet_printer Spool driver. Note: Located in C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
lxcg_device	L	lxcgcoms.exe	Related to Lexmark printer
lxcr_device	L	lxcrcoms.exe	Related to Lexmark 2400 series printer monitor software. Disabling will cause loss of functionality. Note: Located in C:\Program Files\Lexmark 2400 Series\
lxct_device	L	lxctcoms.exe	Related to Lexmark_International and its printer services. red]Note: Located in C:\WINDOWS\SYSTEM32\
Lync USB Auditor Service (LyncUSBServ)	L	lyncusb.exe	Related to Lync_USB A toolkit that delivers an integrated removable media device discovery and auditing solution for enterprise IT management applications.
M-Audio CMIDI Installer (MA_CMIDI_InstallerService)	L	MA_CMIDI_Inst.exe	Related to M-Audio_CMIDI Installer from Avid Technology, inc. Note: Located in C:\Program Files\M-Audio MA_CMIDI\
M-Audio Fast Track Installer (FastTrackInstallerService)	L	MAUSBFTInst.exe	Related to M-Audio_Fast_Track Installer from Avid Technology, inc. Note: Located in C:\Program Files\M-Audio\Fast Track USB\
M-Audio Ozone Installer (OzoneInstallerService)	L	ozinst.exe	Related to M-Audio_Ozone products. Note: Located in C:\Program Files\M-Audio\Ozone\Install\
M-BUS/M-NET Administration (MCONTROL)	L	mcontrol.exe	Related to Siemens Energy & Automation Platform. Note: located in C:\Program Files\ProcessSuite\MBUSDRVR\
M1 Licensing Helper (iLicenseSvc)	L	iLicenseSvc.exe	Related to Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\WINDOWS\Intellution\
mac128	X	mac128.sys	Added by the Troj/Klutz-A Trojan!
MacFormatService	L	FORMATM.EXE	Related to Conversions Plus from DataViz
Machine Debug Manager (MDM)	L	mdm.exe	Visual studio debuger, if you install vs2003, mdm.exe is found in c:/program files/common files/microsoft shared/vs7debug For more info Click_Here
Macromedia Licensing Service	L	Macromedia Licensing.exe	Related to Macromedia products: Flash, Dreamweaver, etc.
Macromedia Updater (mmupdate)	X	19D.tmp".exe	Added by a variant of the Win32.Small.oa TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ The filename is randum in the format xxxx.tmp".exe
MagicTuneEngine	L	MagicTuneEngine.exe	Related to MagicTune_Engine from Samsung. Magic Tune Premium is an update of MagicTune 3.6 for Samsung monitors. Note: Located in C:\Program Files\MagicTune Premium\
Mailgate Mail/Proxy Service	L	mgatesvc.exe	Mailgate Internet Connectivity Server
Manageer Network Connections	X	telcmd.exe	BAD - Look how manager is spelled.
Manageer Network Connections (Kern32)	X	telcmd.exe	A new service added by the Troj/Agent-CP TROJAN, with a display name of Manageer Network Connections.
Manager (Windows XP Manager)	X	msnmgr.exe	Added by the W32/Kassbot-L Read the link, rootkit type stealth involved.
Managing FAT and NTFS partitions (Defragmentation Manage)	X	dfrgfat16.exe	Added by the W32/Codbot-N WORM!
Mangomind Drive Repair (MindRepair)	L	dirtcon.exe	Related to Mangomind access your business critical files from anywhere, at any time, from any computer. Note: Located in C:\Program Files\Mango\Mind\Utilities\
mapi Helper	L	ImapiHelper.exe	ISO recorder
MarkVision Server (MvServer)	L	lexmvservice.exe	Related to MarkVison_Server From Lexmar. Note: Located in C:\WINDOWS\SYSTEM32\
MarkVision Web Server (MvWebServer)	L	lexwebservice.exe	Related to MarkVison_Server From Lexmar. Note: Located in C:\WINDOWS\SYSTEM32\
Mass Effect(TM) Xbox 360	X	mfxbox.exe	W32/Spybot-MS Read the link, allows remote access
Mass Effect™ Xbox 360	X	mfxbox.exe	Added by the W32/Spybot-MS WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling the automatic startup of other software
MATLAB Server (matlabserver)	L	matlabserver.exe	Related to The MathWorks Inc.
MaxBackServiceInt	L	MaxBackServiceInt.exe	Related to Maxtor_backup service. Note: Located in C:\Program\Maxtor\Maxtor Backup\
MaxSyncService (NTService1)	L	SyncServices.exe	Related to Maxtor_OneTouch service. Note: Located in C:\Program\Maxtor\OneTouch\Utils\
Maxtor Performance Analysis Tool	X	winrcn.exe	Troj/IRCBot-VY Read the link, allows remote access
Maya 6 PLE Documentation Server	L	wrapper.exe	Related to Alias Systems Corp.
MBackMonitor	L	MBackMonitor.exe	Mcafee related
MC/Empower i.collect	L	icserv.exe	an internet cleaning utility issued by various ISP's for their customers use
McAfee Agent	L	myAgtSvc.exe	Related to Network Associates, Inc.
McAfee Alert Manager (AlertManager)	L	amgrsrvc.exe	Related to McAfee_Alert_Manager , http://www.mcafee.com/ deals with alert management. Note: Located in C:\Program Files\Network Associates\Alert Manager\
McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware)	L	Msssrv.exe	Related to Network Associates, Inc.
McAfee AntiSpyware Service	L	massrv.exe	Related to McAfee AntiSpyware service.
McAfee Application Installer Cleanup	?	012703~1.EXE	Appears to be related to a mcafee uninstaller, if it is still present after a reboot, it should be removed
McAfee Desktop Firewall Service (FireSvc)	L	FireSvc.exe	Related to McAfee Desktop Firewall Service. Note: located in C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\
McAfee E-mail Proxy (Emproxy)	L	emproxy