www.vinodkeezhayil.com - Windows Services

List of Windows XP/NT services

Name	Status	Filename	Description
@%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc)	L	wmpnetwk.exe	Related to Windows_Media_Player Network Sharing Service. Note: Located in %ProgramFiles%\Windows Media Player\
@%SystemRoot%system32qwave.dll,-1 (QWAVE)	L	svchost.exe	Part of Windows Vista
Belgium Identity Card Service (BELGIUM_ID_CARD_SERVICE)	L	Belpic PCSC Service.exe	Belgium Identity Card Middleware from Zetes/CSC
Dell Printer Status Database (DLSDB)	?	DLSDBNT.EXE	Related to Dell_Printers Note: Located in C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\
license	L	lic_srv.exe	Transbase® CD, http://www.transaction.de/ permits the distribution of data base contents on CD/DVD ROM and a following actualization of the data over the Web to Transbase® CD unites in ideal way variable and static data. Note: Located in c:\opt\MBCASE\pm\bin
LXCCCustomerConnect	L	LXCCserv.exe	Related to Lexmark printers Note: Located in %windir%\System32\spool\DRIVERS\W32X86\3\\LXCCserv.exe
Network Windows Service (MSWindows)	X	urdvxc.exe	Added by the W32/Allaple-B WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
pcAnywhere Install Service - Symantec Corporation	L	pca_run.exe	Part of Symantec PCAnywhere
Remote Debug Services	X	smsc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Security Platform Management Service (IFXSpMgtSrv)	L	IFXSPMGT.exe	Related to Security_Platform_Management Service from Infineon Technologies. Note: Located in C:\WINDOWS\system32\
Shell Software Detection (ShellSWDetection)	X	shellsw.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
SolidWorks Licensing Service	L	SolidWorksLicensing.exe	Part of a SolidWorks product
Windows Zero Connection (WinZConn)	?	mswnt.exe	Probable backdoor trojan
Wireless Adapter Configurator	L	WirelessDaemon.exe	Related to BT's home hub products
$sys$aries	X	aries.sys	Added by the SonyBMG_First4DRM ROOTKIT! Read the link, rootkit type stealth involved. Thanks Sony.
%NVSVC.name%	L	nvsvc32.exe	NVidia driver
(Any service name)	O	srvany.exe	This utility allows running Windows NT\2000\XP applications as services. Can also be used to load Malware. See Explanation ... Example of how to find the file being loaded with Service name iOpusService
(non-roman characters)	X	sServer.exe	Added by the Troj/Feutel-AB TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
(random file name without extension)	X	(random file name).sys	Added by the TROJ_ROOTKIT.AI TROJAN! Read the link, rootkit type stealth involved.
(random name)	X	window.exe	Troj/Hupigon-BS Note: Located in %windir% Read the link, steals information and allows remote access
(Random) See description	X	irjit.dll	Added by the Backdoor.CVM TROJAN! Note: This trojan file is found in the System or System32 folder. Check the link for the list of random service names.
(special characters) (myserver)	X	myserver.exe	Added by the Troj/Dropper-BR TROJAN!
*Microsoft Update	X	wstcl.exe	No from Microsoft.
*Microsoft Update	X	wuytc.exe	unknown virus
*windows update	X	wsctl.exe	malware virus. possibly "Win32.Rbot.gen"
*windows update	X	wuaucrlt.exe	Added by the W32.Spybot.HUR WORM!
*wuauclt.exe	X	random	Related to WORM_RBOT.AKU or variant.
.NET Framework Service	X	svchost.exe	"Trojan-PSW.Win32.Sagic.15" Virus
.NET Framework Service (.NET Connection Service)	X	svchost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ Note The proper location for that operating file is in C:\%WINDIR%\System32
.NET Runtime Optimization Service v2.0.50215_X86 (clr_optimization_v2.0.50215_32)	L	mscorsvw.exe	Related to Microsoft_NET_Framework NET Runtime Optimization Service.
1784-PCIDS DeviceNet	?	PcidsService.exe	Appears to be from Rockwell software
1789-SIM Simulator Module (SimModuleService)	?	SimModuleService.exe	Appears to be from Rockwell software
19E7E238	X	19E7E238.EXE	Troj/Agent-ELX
32-bit Installation Host (inst32)	X	inst32.exe	Added by the W32/Chinegan-A WORM! Note: This worm is located in C:\Program Files\Common Files\inst32\
32-bit Registration Host (reghost32)	X	reghost32.exe	Added by the W32/Rbot-GKR WORM! Note: This worm is located in C:\Program Files\Common Files\System\
39672EA4	X	39672EA4.EXE	Troj/GrayBir-EW
3Com DMI Agent	L	3CDMINIC.EXE	3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
3ComBOOTP	L	3CBOOTPS.EXE	A 3Com Product Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment. Note: Located in Drive:\Program Files\3Com\Boot Services
3ComPXE	L	3CPXES.EXE	A 3Com Product Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment. Note: Located in Drive:\Program Files\3Com\Boot Services
3ComTFTP	L	3CTFTPS.EXE	A 3Com Product Allows network administrators to remotely manage client PCs on their network by allowing them to deploy an array of desktop management tasks in a pre-OS booting environment. Note: Located in Drive:\Program Files\3Com\Boot Services
3dkeybd	O	3dkeybd.exe	Unknown... No answers on the net.
64Bit architecture emulation (wrmsrvice)	X	WRMSRVICE.SYS	Added by the TROJ_ROOTKIT.AG TROJAN! Read the link, rootkit type stealth involved.
80xFire daemon (80xFire)	X	80xFire.exe	Added by the W32/Tilebot-BK WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
9F9DF57C	X	(random name)	Troj/DwnLdr-GUT
@%SystemRoot%ehomeehstart.dll,-101 (ehstart)	L	svchost.exe	Windows Media Center Service Launcher in the Windows Vista edition
@%SystemRoot%system32seclogon.dll,-7001 (seclogon)	L	svchost.exe	Part of Windows Vista
a-squared Free Service (a2free)	L	a2service.exe	Related to a-squared free edition, from Emsi Software GmbH
aaksrv	L	aaksrv.exe	Spydex Advanced Anti keylogger
AAMQDispatcher	L	AAMQDispatcherService.exe	Compuware Serversoftware
ABCSpell Helper Service	L	ABCSpellService.exe	Spell checker (Ect, ect) for Outlook Express. For more information Click_Here
Abel	X	Abel.exe	Source: http://www.pestpatrol.com/PestInfo/C/Cain.asp
abhcop	X	abhcop.sys	Added by the PigSearch Adware. Read the link, rootkit type stealth involved.
AC	X	acoustic.exe	Added by the SDBOT.CRN WORM! Read the link, rootkit type stealth involved.
Ac Profile Manager Service (AcPrfMgrSvc)	L	AcPrfMgrSvc.exe	Related to the Ac_Profile_Manager_Service installed as a part of ThinkPad Access Connections suite on ThinkPad laptops. Note: Located in C:\Program Files\ThinkPad\ConnectUtilities\
AC-DNAME (AC-DNAME)	X	acoustic.exe	Added by the SDBOT.CFN WORM! Read the link, rootkit type stealth involved.
Accenture Media Viewer (MediaViewer)	L	streamviewerservice.exe	Related to Accenture_Media_Viewer
Access Remote PC Service 4.3	O	rpcsetup.exe	Access_Remote_PC remote access software. Legitimate, but remote access could be considered dangerous unless monitored carefully.
ACMService (ACMService)	L		Added by the ACM SPYWARE! **Note this is a commercial computer monitoring software
ACNUSvc	L	acnupdatersvc.exe	Related to Accenture global management consulting, technology services and outsourcing company Note: Located in c:\program files\acnu\
Acronis Scheduler2 Service (AcrSch2Svc)	L	schedul2.exe	Related to Acronis_True_Image creates the exact copy of your hard disk and allows you to instantly restore the entire machine including operating system. Note: Located in C:\Program Files\Common Files\Acronis\Schedule2\
Active Virus Shield (AVP)	L	avp.exe	Related to Active_Virus_Shield from AOL. Note: Located in C:\Program Files\AOL\Active Virus Shield\
ActiveXperts Network Monitor (AxsNmSvc)	L	AxsNmSvc.exe	Added by ActiveXperts_Network_Monitor allows administrators to monitor the network for failures and irregularities. Note: Located in C:\Program Files\ActiveXperts\
Actuate Process Management Daemon 8 (__AC_PROCESS_MGMT_DAEMON8)	L	pmd8.exe	Actuate_Enterprise Reporting Applications for business intelligence analytic services
Ad-Aware 2007 Service (aawservice)	L	aawservice.exe	Related to Ad-Aware_2007 anti-spyware solution. This program can find and remove spyware and malware from your computer. Note: Located in C:\Program Files\Lavasoft\
Ad-Axis Client	L	aaclient.exe	Related to Lavasof's Ad-Aware SE Enterprise Edition 2005
Adaptador de rendimiento de WMI	L	wmiapsrv.exe	Windows Management Instrumentation Performance Adapter Service Windows XP and 2003. Note: Located in C:\WINDOWS\System32\wbem\wmiapsrv.exe
Adaptec I/O Manager Server	L	iomgr.exe	Related to Adaptec product
Adaptec RAID Remote Services Agent	L	afaagent.exe	Related to Adaptec, Inc.
Adaptec Storage Manager Notifier	L	notify.exe	Related to Adaptec procuct
Adaptec Web Server	L	arcpd.exe	Related to Adaptec procuct.
AdaptecStorageManagerAgent	L	StorServ.exe	Related to Adaptec Incorporated
Adapter Switching	L	RoamSvc.exe	Intel Adapter Switching
AddFiltr	L	AddFiltr.exe	Found on HP computers
ADF Installer Service (ADF Installer)	L	AgentSVC.exe	Related to Citrix Installation Manager Service
Admin Works Agent X8 (AWService)	L	awServ.exe	Related to AdminWorks from Avocent Corporation. A cost effective IT management software tool for small and medium size businesses. Note: Located in C:\Program Files\Intel\IDU\
AdministraciÃ³e aplicaciones	L	services.exe	Spanish Windows 2000 applications managing
Administrador de cuentas de seguridad	L	lsass.exe	Spanish Windows 2000 security accounts manager
Administrador de discos	L	services.exe	Spanish Windows 2000 disks manager
Administrador de sesiÃ³e Ayuda de escritorio remoto	L	sessmgr.exe	This service manages and controls Remote Assistance
Administrador de utilidades	L	UtilMan.exe	Spanish Windows 2000 utility manager
Adobe Active File Monitor	L	PhotoshopElementsFileAgent.exe	Related to Adobe photoshop.
Adobe LM Service	L	Adobelmsvc.exe	Required for PhotoshopCS
Adobe Update Manager (Adobe3M)	X	mshss.exe	Added by the Troj/Wollf-B TROJAN! Note: This worm\trojan file is found in the System32 folder.
Adobe Version Cue CS2	L	VersionCueCS2.exe	Related to Adobe Products
AdobeVersionCue	L	VersionCue.exe	Adobe related
ADSService	L	ADSSER~1.EXE	Related to Aluria_Active_Defense_Shield Service. An EarthLink Co. Note: Located in C:\Program Files\EarthLink\Protection Control Center\
Advanced Networking Service (hnmsvc)	L	hnm_svc.exe	Related to Advanced_Networking_Service from Dell. Note: Located in %\Program Files%\Dell Network Assistant\
Advantage Database Server	L	ADS.EXE	Related to Extended Systems' Advantage_Database_Server
AEClientHostService	L	AEClientHostService.exe	Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\Program Files\GE Fanuc\Alarm Viewer\Host\
Age of Empires III: The WarChiefs	X	ageofempires.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\dllcache\ (Win9x/Me), C:\%WINDIR%\dllcache\ (XP/WinNT/2K)
Agente de directivas IPSEC	L	lsass.exe	Spanish Windows 2000 IPSEC policy agent
Agere Modem Call Progress Audio (AgereModemAudio)	L	agrsmsvc.exe	Related to Agere_Modem Call Progress Audio. (Now owned by LSI Corp.) Note: Located in C:\Windows\system32\
Agere Service (AgrSrvce)	L	AgrSrvce.exe	Related to Proxim_Corp Client manager software associated with the ORiNOCO wireless LAN card.
AIM (AIM)	X	aim.exe	Added by the W32/Rbot-AGC or W32/Sdbot-BFX WORM! Read the link, rootkit type stealth involved.
Aim Version 6 (Aimv6)	X	aim6.exe	Identified as the Rbot.cgu infection. This infection is part of the family of worms and IRC backdoors. Note: This worm is located in C:\WINDOWS\Cursors\
aim.ex	X	IEXPLORER.EXE	Added by the SDBOT.COW WORM! Read the link, rootkit type stealth involved.
Alerter	L	svchost.exe	Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
AlfaCleanerService	X	ACServer.exe	AlfaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware. This program tends to be installed with other known Smitfraud infections.
ALGE	X	Hacker.com.cn.exe	Troj/GrayBr-CP Read the link, allows remote access
Almacenamiento protegido	L	services.exe	Spanish Windows 2000 protected storage
Altera JTAG Server (JTAGServer)	L	JTAGServer.exe	Related to Altera Quartus II Software. Note: Located in C:\altera\quartus50\bin\
Alternative User Input Services (Ctfmon)	X	ctfmon.exe	Added by the W32/Tilebot-JR WORM! Note: This worm is located in C:\%WINDIR%\ Note This is not the cftmon.exe normally found in C:\WINDOWS\System32\
Altiris Agent (AeXNSClient)	L	AeXNSAgent.exe	Related to Alteris services. http://www.altiris.com
Altiris Carbon Copy (CarbonCopy32)	L	ccsrvc.exe	Related to Alteris services. http://www.altiris.com
Altiris Client Service	L	ACLIENT.exe	Related to Altiris, Inc.
Altiris eXpress NS Client (AeXNSClient)	L	AeXNSClient.exe	Related to Altiris_eXpress NS Database and SVS (Software Virtualization Services).
Altiris eXpress NS Client Transport (AeXNSClientTransport)	L	AeXNSClientTransport.exe	Related to Altiris_eXpress NS Database and SVS (Software Virtualization Services).
Aluria Message Service (MsgSrvService)	L	AluriaMsgSrv.exe	Aluria security center
Aluria Security Center Spyware Eliminator Service (ASCService)	X	ascserv.exe	Aluria Spyware Eliminator "Spyware remover" a rogue program of dubious repute - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "Alura"
Aluria Spyware Eliminator Service	O	ASEServ.exe	Aluria Spyware Eliminator
AL_ADSService	X	AL_ADSService.exe	Aluria Spyware Eliminator "Spyware remover" a rogue program of dubious repute - for more information, search the Spywarewarrior_List of non-Recommended anti parasite sites/software for "Alura"
Amadeus Automatic Update	L	AutoUpdate.exe	Related to Amadeus powerful front office travel management tool. Note: Located in C:\Program Files\Automatic Update\
AMD PowerNow! . Technology Service (GemServ)	L	GemServ.exe	Related to Advanced Micro Devices, Inc. - http://www.amd.com/
Ampi32 (wdfmgr)	X	msvcrt.exe	Added by the W32/Tilebot-Q WORM! Note: This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Analysis Server (MSSQLSERVER) (MSSQLServerOLAPService)	L	msmdsrv.exe	Related to Microsoft_SQL_server suite.
ANIWZCSd Service	L	ANIWZCSdS.exe	Related to Alpha_Networks
AntiSpyUltra (Zonelaps)	X	vsmom.exe	Added by the W32/Tilebot-E WORM! Read the link, rootkit type stealth involved.
AntiVir PersonalEdition Classic Guard (AntiVirService)	L	avguard.exe	Part of Antivir
AntiVir Scheduler (AntiVirScheduler)	L	sched.exe	Related to AntiVir antivirus program.
AntiVir Service	L	AVGUARD.EXE	AntiVir antivirus
AntiVir Update	L	AVWUPSRV.EXE	AntiVir Antivirus
antivirus32	X	antivirus32.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
antivirusdll	X	winmsgslive.exe	Added by the W32/Sdbot-CXQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Modifies some FTP files, read the link
ANTS Profiler service	L	RedGate.Profiler.Service.exe	Related to Red Gate Software Ltd
AnyPoint Service - Intel Corporation	L	APSERVER.EXE	Belongs to Intel_Anypoint home networking system
AOL Antivirus Update Service (aolavupd)	L	aolavupd.exe	Related to AOL Antivirus Update Service.
AOL Connectivity Service	L	AOLAcsd.exe	Owner: America Online. Description: AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Also shown as AOL Connectivity Service (AOL ACS).
AOL Connectivity Service	L	acsd.exe	AOL related
aol software (Aol Software)	X	smss.exe	Added by the W32/Tilebot-FM WORM! Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Allows a remote intruder to gain access and control over the computer, read the link.
AOL Spyware Protection Service	L	aolserv.exe	Related to AOL
AOL TopSpeed Monitor	L	aoltsmon.exe	AOL Topspeed
Apache	L	Apache.exe	Apache Web Server Software
Apache2	L	Apache.exe	Apache Web Server
APACS+ NIM32 (NIM32)	L	Nim32.exe	Related to Siemens Energy & Automation Platform. Note: located in C:\Program Files\ProcessSuite\NIM\
APC PBE Server	L	pbeserver.exe	APC PowerChute Business Edition Server (For UPS)
APC UPS Service	L	mainserv.exe	Related to American Power Conversion Corporation
AppExpress Client	L	ece.exe	Related to Endeavros Technology, Inc and Microsoft_Encarta
Application Layer Gateway (Application Gateway Service)	X	WeRecl.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. More here
Application Layer Gateway Manager (AppLayerGatewayMgr)	X	alg.exe	Added by W32/Tilebot-EU WORM!, Note: not to be confused with see_Here located in C:\Windows\System32\ this infection is locate in C:\Windows\
Application Layer Gateway Service (ALG)	L	alg.exe	Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall located in C:\Windows\System32\
Application Layer Gateway Services	X	alg.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\
Application Layer Gateway System (ALGS)	X	algsys.exe	Added by the W32/Rbot-DDF WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Application Layer Service	X	weRecv.exe	Added by the SystemPoser TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Application Layer Service (algserv)	X	algserv.exe	Troj/Agent-ECW Note: Located in %windir%\system32
Application Layer Service Control (applilserv)	X	applayer.ex	W32/Rbot-GHL Note: Located in %windir%\system32 Read the link, allows remote access
Application State Service (AppSvc)	X	apsvc.exe	Added by the W32/Rbot-FWW WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
AppMgmt	X	svchost.exe -k AppMgmt	Added by the Fuwudoor TROJAN!
AppnNode	L	appnnode.exe	Related to IBM_Server Note: Located in C:\WINDOWS\system32\Drivers\
ARC Plugin (ARCPLUG)	X	arci.exe	Added by the W32/Tilebot-HB WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Steal information from Protected Storage
ArcaBit NetMonitor (ABNetMon)	L	NetMonSV.exe	ArcaVir an AntiVirus software from Poland. A procuct of ArcaBit Sp. z o.o
ArchestrA Logger (aaLogger)	L	aaLogger.exe	Related to ArchestrA Software architecture for the integration of your automation systems.
Ares Chatroom server (AresChatServer)	L	chatServer.exe	Related to the Ares P2P software
Argos Billing Dialog	L	WorkstationMonitor.exe	Related to Argos_Billing_Dialog from Sepialine inc. Print Monitor. Note: Located in c:\Program Files\Sepialine\Argos Print Monitor\
ArGoSoft Mail Server Plus	L	mailservernt.exe	Related to ArGo Software Design Mail Server
Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9)	L	arr_srvs3,0,1,9.exe	Related to SSL_VPN SSL VPN Secure Access Gateways from Array Networks. Anytime, anywhere secure access. Note: Located in C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\
Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3)	L	arr_isrv4,0,1,3.exe	Related to SSL_VPN SSL VPN Secure Access Gateways from Array Networks. Anytime, anywhere secure access. Note: Located in C:\Program Files\Array Networks\Common\4,0,1,3\
Ascent Capture Service	L	acsvc.exe	Related to Kofax Image Products.
ASF Agent	L	ASFAgent.exe	Intel Alert Standard Format Console - asfagent.exe is a part of a systems management suite bundled with other applications, mainly Dell's OpenManage.
AshampooDefragService	L	aDefragService.exe	Related to Ashampoo Magic Defrag Utility
ASMAgent	L	ASMAgent.exe	Related to ASAP_eSMART Smart Asset Management tool.
ASNFTP daemon (ASNFTPD)	X	AsnFtpd.exe	Added by the W32/Tilebot-BD WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
ASP.NET (State Service)		ASP.NET.exe	Troj/GrayBir-EC Note: Located in %windir% Read the link allows remote access
ASP.NET State Service (aspnet_state)	L	aspnet_state.exe	Related to Microsoft Windows Operating System and is the ASP State Service.
Asset Insight Client (AICLIENT)	L	Aiclient.EXE	Asset Insight from Tangram - http://castlecops.com/s1883-AICLIENT_EXE.html
Asset Management Agent	L	UMCSTUB.EXE	Related to Unicenter Asset Management by Computer_Associates
Asset Management Daemon	L	dtsslsrv.exe	Display configuration software used by several manufacturers under differing names such as Image Tune or EZTune etc... Note: located in C:\Program Files\...
Asus Motherboard Utility (Asus)	X	asus.exe	Added by the WORM_SPYBOT.IY WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
ASUSKeyboardService	L	asuskbservice.exe	Added by ASUS_Keyboard Service and provides additional configuration options for these devices. Note: located in C:\%WINDIR%\
ASWLSVC	L	ASWLSVC.exe	Relate to the ASUS_Wireless_LAN_Card_Services
Asynchronous Load Balance (ySvcHst)	X	srvnst.exe	Added by ServiceThreadHandler.Process TROJAN! Note: located in C:\WINDOWS\System32\
Asynchronous UPnP Support Services	X	UPnPSvc.dll	Troj/PWS-ANB Read the link, steals information
AT Host Service	L	atnthost.exe	Related to WebEx
Atheros Configuration Service	L	acs.exe	related to Atheros Wireless LAN
Ati HotKey Poller	L	Ati2evxx.exe	ATI Video Card Control Panel
ATI Smart	L	ati2sgag.exe	ATI Video Card Control Panel
ATIintergrated (ATIintergrated)	X	atigraphics.exe	Added by the SDBOT.CRX WORM! Read the link, rootkit type stealth involved.
ATK Keyboard Service (ATKKeyboardService)	L	ATKKBService.exe	Related to ASUSTeK_Computer Inc. ASUS Keyboards and provides additional configuration options for these devices.
Audio Adapter (VGADown)	X	avp.exe	Added by an unidentified TROJAN!. Note: This worm\trojan is located in C:\%WINDIR%\
Auto HotKey Poller	X	winpol.exe	Added by a variant of the W32/Malware Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
AutoComplete Service	L	autocomp.exe	Tracks Eraser Pro
Autodata Limited License Service	L	ADCDLicSvc.exe	Related to Autodata Limited
Autodesk Data Management Job Dispatch	L	Connectivity.WindowsService.JobDispatch.exe	Related to Autodesk_Data_Management Web Server. Note: Located in C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\
Autodesk EDM Server	L	Connectivity.EDMWS.Server.exe	Related to Autodesk_Data_Management Web Server. Note: Located in C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\
Autodesk Licensing Service	L	AdskScSrv.exe	Related to Autodesk, Inc.
Autodesk MapGuide® Server 6.3 (MapServer6.3)	L	MapServer.exe	Related to Autodesk Inc.
Autodesk Network Licensing Service	L	AdskNetSrv.exe	Related to Autodesk_Network Licensing service. Note: Located in C:\Program Files\Common Files\Autodesk Shared\Service\
AutoMate 5 (AutoMate5)	L	AutoMate5Svc.exe	Related to Automate from Network Automation, Inc. A Task Service. Note: Located in C:\Program Files\automate\
AutoMate 6 (AutoMate6)	L	AMTS.exe	Related to AutoMate from Network Automation. Tools necessary to completely automate business processes. Note: Located in C:\Program Files\AutoMate 6\
Automatic LiveUpdate Scheduler	L	ALUSchedulerSvc.exe	Related to to the Symantec LiveUpdate service which updates your Symantec products periodically.
Automatic Update Service (Automatic Update)	X	wuapi.exe	Added by the W32/Codbot-AC WORM! Note: This worm\trojan file is found in the System32 folder.
AutoStore (autostore)	L	batch.exe	Related to NSi's AutoStore from Notable Solutions, Inc. Capture documents and securely saving the content in your business applications.
AutoUpdate (Windows Server AutoUpdate)	X	Winupdate.exe	Troj/GrayBrd-CF Note: Located in %windir%\system32 Read the link, allows remote access and logs keystrokes
Av Update Monitor (AvSvcMonitor)	L	AvMonitor.exe	Avast
avast! Antivirus	L	ashServ.exe	Related to Avast AntiVirus
avast! iAVS4 Control Service	L	aswUpdSv.exe	Related to Avast AntiVirus
avast! Mail Scanner	L	ashMaiSv.exe	Related to Avast AntiVirus
avast! Web Scanner	L	ashWebSv.exe	Related to AWIL Software http://www.avast.com/
Avast32 Start as Service	?	avserver.exe	seems to belong to Avast anti-virus software
AVCore (SrvMain)	X	avservice.exe	As of yet Unknown Worm, Trojan or Malware. The file (avservice.exe) is found in the Documents and Settings\All Users\Application Data folder.
Aventail Connect (As32Svc)	L	as32svc.exe	Related to Aventail_Corp
AVG Anti-Spyware Guard (Anti-Malware Development a.s)	L	guard.exe	AVG Anti-virus product.
AVG E-mail Scanner	L	avgemc.exe	Related to AVG anti-virus
AVG Firewall (AVGFwSrv)	L	avgfwsrv.exe	Related to AVG_Firewall Note: located in C:\PROGRA~1\Grisoft\AVG7\
AVG6 Service	L	avgserv.exe	AVG 6 Anti virus
AVG7 Alert Manager Server	L	avgamsvr.exe	Related to AVG Anti-Virus.
AVG7 Resident Shield Service (AvgCoreSvc)	L	avgrssvc.exe	Related to Grisoft_AVG_Resident Shield Service. Note: Located in C:\PROGRAM Files\Grisoft\AVG7\
AVG7 Update Service	L	avgupsvc.exe	Used by the AVG 7 Antivirus program to keep your definitions up to do date. Note : For more information see AVG
avgav.exe (AVG)	X	avgav.exe	W32/Sdbot-DCT Read the link, allows remote access
Avid SDM Service (AvidSDMService)	L	AvidSDMService.exe	Related to Avid_SDM_Service from Avid Technology Note: Located in C:\WINDOWS\system32\
Avid Startup	L	AvidStartup.exe	Associated with Avid_Digital_Media Products
avinitnt	L	avinitnt.exe	Related to Command AntiVirus for Windows Component, made by Command Software Systems, Inc. Which merged with Authentium in 2002.
AVKernel	X	AVKernel.exe	Rouge Anti-Virus Program. Made by WinSoftware, Ltd. For more information on WinAntiVirus 2005 Click_Here Note: Not recommended.
AVM FRITZ!web Routing Service (de_serv)	L	de_serv.exe	Installed alongside DSL drivers from AVM Fritz's range of modem products. http://www.liutilities.com/products/wintaskspro/processlibrary/de_serv/
AVM IGD CTRL Service	L	IGDCTRL.EXE	Related to AVM_IGD_CTRL DSL Service. Note: Located in C:\Program Files\FRITZ!DSL\
AVM WLAN Connection Service	L	WlanNetService.exe	Related to broadband products from avm.de
AVP Control Centre Service	L	avpcc.exe	Kaspersky AntiVirus
AVP UPDATE IONTERFACE A6 (avA6)	X	AVA6.SYS	Added by the DLOADER.AJQ TROJAN! Note: This has also been seen using the Display name AVP update interface A6. This trojan file is found in the System32 folder.
AVP-SE	X	avp-32.exe	WORM_AGOBOT.FS Read the link, allows remote access
AVPX TCP (avpx32)	X	avpx32.sys	Added by the Troj/Haxdoor-AH TROJAN! Read the link, rootkit type stealth involved.
AVPX64 TCP (avpx64)	X	avpx64.sys	Added by the Troj/Haxdoor-AH TROJAN! Read the link, rootkit type stealth involved.
avsinc	L
avsuite (mssuite)	X	msuite.exe	Added by the W32/Sdbot-ABC WORM! Read the link, rootkit type stealth involved.
AVSync Manager	L	Avsynmgr.exe	From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application
AVupdate service interface X2 (avupdate2)	X	avupdate2.sys	Added by the Troj/Hanlo-A TROJAN! Note: This trojan file is located in the System32 folder.
AvUpdSvc	L	avupdsvc.exe	Part of Avast! anti-virus software
â€œRDRIVâ€Â (rdriv)	X	RDRIV.SYS	Added by the TROJ_ROOTKIT.E TROJAN! Read the link, rootkit type stealth involved.
B's Recorder GOLD Library General Service (bgsvcgen)	L	bgsvcgen.exe	Related to B_H_A_Corp B' Recording Gold for CD/DVD burning and authoring software.
BackOnTrack Callback Service (BOTCbs)	L	bcbs_xp.exe	Related to BackOnTrack from System OK. Note: Located in C:\Program Files\SystemOK\BackOnTrack\WinXP\
Backup Exec 8.x Alert Server (BackupExecAlertServer)	L	alertServer.exe	Related to Veritas Software backup tool.
Backup Exec 8.x Notification Server (BackupExecNotificationServer)	L	nsvr.exe	Related to Veritas Software backup tool.
Backup Exec Agent Browser (BackupExecAgentBrowser)	L	benetns.exe	Related to the Backup Exec application from Veritas http://www.liutilities.com/products/wintaskspro/processlibrary/benetns/
Backup Exec Device & Media Service (BackupExecDeviceMediaService)	L	pvlsvr.exe	Related to Veritas Backup Exec and offers essential functionality for Backup Exec. http://www.processlibrary.com/directory/files/pvlsvr/index.php
Backup Exec Job Engine (BackupExecJobEngine)	L	bengine.exe	Backup service for Veritas Backup Exec. This program is essential in keeping backups up to date and should not be terminated. http://www.processlibrary.com/directory/files/bengine/index.php
Backup Exec Naming Service (BackupExecNamingService)	L	benser.exe	Veritas Software Corporation. This is the Backup Exec naming service which is needed in order to achieve some backups and restores. http://www.processlibrary.com/directory/files/benser/index.php
Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator)	L	beremote.exe	process that belongs to Backup Exec from Veritas http://www.liutilities.com/products/wintaskspro/processlibrary/beremote/
Backup Exec Server (BackupExecRPCService)	L	beserver.exe	Related to Veritas Backup Exec. This program is essential in keeping backups up to date and should not be terminated. http://www.processlibrary.com/directory/files/beserver/index.php
BackupClientSvc	L	BackupClientSvc.exe	Related to NovaNet_WEB NovaStor Corp. Online Backup Services.
bbc (cnn)	X	imsins.exe	Troj/Hupigon-U
bbserver	X	bbserver.exe	Troj/Hupigon-PS Note: Located in %windir% Read the link, allows remote access
bcrcogqrkyko	X	mueyzrua5.exe
BeatJam Music Server - HTTP (BeatJamMusicStreamingServer)	L	BeatJamHttpService.exe	See_BeatJam BeatJam Music Server Edition.
BeatJam Music Server - UPnP (BeatJamUPnPMusicServer)	L	BeatJamUPnPService.exe	See_BeatJam Justsystem audio software BeatJam.
Bell & Howell Database Manager (dbmang)	L	DBMANG.EXE	Related to Bell_and_Howell
Bell & Howell Monitor Service (BHMonitorService)	L	monitor.exe	Related to Bell_and_Howell
BelMonitor Service (BelMonitorService)	L	BANTMonitorSvc.exe	Related to Belarc, inc.
BES Client (BESClient)	L	BESClient.exe	Related to BESClient by BigFix Inc
Beyond Remote Server	O	BRServer.exe	Beyond Remote Remote Legitimate, but allows remote access so should be removed if it was not intentionally installed
BGS_SDService	L	BGS_SDservice.exe	Related BMC Software, Inc. - http://www.bmc.com/
bh611	L	NT611SVC.EXE	Related to Bell_and_Howell
BigPond Broadband Cable Login	L	bpcService.exe	Telstra's BIGPOND_BROADBAND_CABLE
Biometric Authentication Service	L	DpHost.exe	Related to DigitalPersona, Inc.
BitDefender Communicator	L	xcommsvr.exe	Related to bitdefender Antivirus
BitDefender Desktop Update Service	L	livesrv.exe	Update service for BitDefender_Antivirus
BitDefender Scan Server	L	bdss.exe	Related to Bitdefender antivirus
BitDefender Virus Shield	L	vsserv.exe	Related to bitdefender (Virusshield)
Black Hole Professional Version (wmupdate)	X	svch0st.exe	Detected as Backdoor.Win32.Ciadoor.123.d by Kaspersky
Black Hole2005 Professional Version (Black Hole2005 Professional)	X	QQ.exe	Added by the Troj/BlackHol-C TROJAN!
Black Hole2005 Professional Version (Black Hole2005 Professional)	X	server.exe	Added by the Troj/Singu-W TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
BlackICE	L	blackd.exe	Black Ice firewall
Blue Coat K9 Web Protection (WebFilter)	L	k9filter.exe	Related to K9 Web Protection
Bluesocket IPSec Service (BlueService)	L	BlueService.exe	Related to Bluesocket WLAN service. Note: Located in C:\Program Files\Bluesocket MS IPSec Config Tool\
BlueSoleil Hid Service	L	BTNtService.exe	BlueSoleil is a Bluetooth device manager for Windows. Made by the IVT_Corporation The file associated with this service is found in the Program Files\IVT Corporation\BlueSoleil folder.
Bluetooth Notification Service (Btnfserv)	X	btserv.exe	Added by the W32/Sdbot-CSD WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Bluetooth Service	L	btwdins.exe	Bluetooth Service
bobo	L	momo	panda platinium antivirus
Boeing Permissions Elevator	L	elevate.exe	The Boeing Company (internal use)
Boingo Monitor Service	L	wmonitor.exe	Boingo's Free_Wi-Fi_Software
Bonjour Service	L	mDNSResponder.exe	Create's a network of computers and smart devices. Made by Apple Computer, Inc. For more information Click_Here File location is in the Program Files\Gizmo Project folder.
BoolTern (BoolTern)	X	svch0st.exe	Added by the W32/Tilebot-U WORM! Note: This (svch0st.exe) is not the legitimate Windows process (Which is always found in the System32 folder, also notice the difference in the spelling.) The legitimate Windows process (svchost.exe) should not be seen in Msconfig or as a Startup item. This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Boonty Games	X	Boonty.exe	Boonty_Games Used with Boonty box. Will not uninstall from Add/Remove programs. This is from their Privacy Policy. "We also may share payment information with third parties who provide payment services and share aggregate data regarding the type and number of videogames you download, your age, gender, occupation, education level, geographic location, computer equipment data and on-line and video game interests, activities and practices to game publishers. In addition, we share e-mail addresses with third party e-mail carriers who assist us in sending out our e-mails to many of our customers at the same time. Subsidiaries and controlled affiliates are not viewed as third parties for the purpose of data transfers, and hence personal information may be shared within those subsidiaries and affiliates without obtaining additional consent."
Broadcom ASF IP monitoring service v3.0.1	L	basfipm.exe	Related to Broadcom communications - hardware.
Brother BidiAgent Service for Resource manager (brmfbags)	L	BrmfBAgS.exe	Related to Brother_BidiAgent Service products, from Brother Industries. Note: Located in C:\WINDOWS\System32\
Brother Popup Suspend service for Resource manager	L	Brmfrmps.exe	Brother printer related
Browser	X	svchost.exe -k Browser	Added by the Fuwudoor TROJAN!
BrSplService	L	brsvc01a.exe	related to Brother Industries Ltd
BT Modem Lock	L	ModemLock.exe	Related to NetProtector Parental control.
BUFFALO Wireless Configuration Service (bwcsrv)	L	bwcsrv.exe	Related to BUFFALO_Wireless Configuration Service Note: Located in C:\WINDOWS\System32\Drivers\
Buffalo Wireless Service (BWSVC)	L	bwsvc.exe	Related to Buffalo_Wireless_Service The Multimedia Combo Set by SANSUN Industries. Note: Located in C:\Program Files\BUFFALO\Client Manager 2\
BullGuard Email Monitoring (BsMailProxy)	L	svchost.exe	Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\
BullGuard File Monitoring (BsFileSpy)	L	svchost.exe	Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\
BullGuard Firewall (BsFirewall)	L	svchost.exe	Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\
BullGuard LiveUpdate (BGLiveSvc)	L	BullGuardUpdate.exe	Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\
BullGuard Main (BGMainSvc)	L	svchost.exe	Related to BullGuard Antivirus. Note: located in C:\Program Files\BullGuard Software\
BusinessC (BusinessContinuity)	X	msstl.exe	Added by the SDBOT.CJR WORM! Read the link, rootkit type stealth involved.
Bytemobile Web Configurator (bmwebcfg)	L	bmwebcfg.exe	Related to Bytemobile Inc. Mobile Content Filtering.
C-DillaCdaC11BA	O	CDAC11BA.EXE	copy protection software
C-DillaSrv	L	CDANTSRV.EXE	C-Dilla License Management software from MacroVison
CA ISafe	L	isafe.exe	Related to Computer Associates virus software.
CA License Client	L	lic98rmt.exe	Computer Associates
CA License Server	L	lic98rmtd.exe	Computer associates
CA Pest Patrol Realtime Protection Service (ITMRTSVC)	L	ITMRTSVC.exe	Related to CA_Pest_Patrol Realtime Protection Service Note: Located in C:\Program Files\CA\PPRT\bin\
CaCCProvSP	L	ccprovsp.exe	Related to eTrust_Internet_Security_Suite from Computer Associates International Inc. Note: Located in C:\Program Files\CA\eTrust Internet Security Suite\
CachemanXP	L	CachemanXP.exe	CachemanXP Memory Manager
CAILI	L	caili.exe	related to CarryIco Software, installed by a flash card reader driver setup utility.
CAISafe	L	ISafe.exe	Part of eTrust EZ Antivirus
CanerServer	X	caner.exe	Troj/Hupigon-ES
Canon BJ Memory Card Manager	L	Bjmcmng.exe	Canon Bubblejet Memory Card Utility
Canon Camera Access Library 8 (CCALib8)	L	CALMAIN.exe	Canon digital camera software that provides additional configuration options for the devices.
Canon Driver Information Assist Service	L	CnxDIAS.exe	CANON Driver Information Assist Core Module. This file should be found in the Program Files\Canon\DIAS folder.
Canon PIXMA iP6000D Memory Card Manager	L	PDUiP6000DMemCrdMgr.exe	Related to Canon PIXMA iP6000D Bubble Jet printer
Capture Device Service	L	DevSvc.exe	Related to Capture_Device InterVideo Service. Note: Located in C:\Program Files\Common Files\InterVideo\
Capture Service (CaptureService)	L	CaptureService.exe	Related to Impact_360 from Witness Systems, Inc. Workforce management. Note: Located in C:\WINDOWS\system32\DirectX\
Carbon Copy Scheduler (CarbonCopyScheduler)	L	schdsrvc.exe	Related to Alteris services. http://www.altiris.com
CarboniteService	L	carboniteservice.exe	Related to Carbonite_online_backup automatically backs up all the the files on your computer.
Card Adapter (NETDown)	X	smss.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This is not the legitimate Windows Process smss.exe. (Which is found in the System32 folder.) This worm/trojan file (smss.exe) is found in the Windows or Winnt folder.
cdmonsvc32	X	cmmonsvc32.exe	Worm.Opanki_Variant.Process Note: Located in %windir%
Cdsys (Cdsys)	X	cdcd.sys	Added by the Troj/Agent-IA TROJAN! Note: This trojan file is found in the System32 folder.
CE-Infosys Security System (CE-Infosys Security Service)	?	ceisvc.exe	Seems to be legit, belongs to this company Ce-infosys_suite It will be left as unknown until more is found out about the company.
CeEPwrSvc	L	CeEPwrSvc.exe	Related to TOSHIBA and COMPAL ELECTRONIC INC.
CelInDrv	X	CelInDriver.sys	Win32/Agent.ABF Note:Located in %system% Read the link, collects sensitive information
CentennialClientAgent	L	CAgent32.exe	Related to Centennial UK Limited - http://www.centennial.co.uk/
CentennialIPTransferAgent	L	xferwan.exe	Related to Centennial UK Limited - http://www.centennial.co.uk/
cFosSpeed System Service (cFosSpeedS)	L	spd.exe	cFos_Software Internet acceleration program related. Note: May be necessary for the software to work properly.
change me please (VIRUS)	X	sysdat.exe	Added by the W32/Tilebot-L WORM!
Changed me (Patch)	X	systemz32.exe	W32/Tilebot-JD Read the link, allows remote access and uses rootkit stealth
Charter High-Speed Security Suite	O	SERVIC~1.EXE	Related to F-Secure, Backweb application
chckntfs	X	chckntfs.exe	Added by the W32/Tilebot-EF WORM! Note: This worm\trojan is located in C:\%WINDIR%\
chkext(chkext) (chkext)	X	chkext.exe	Added by the W32/Sdbot-CRW WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Chong3 Me (MlCR0SOFTS UPDATE)	X	N0RTAN.EXE	Added by the SDBOT.CNM WORM! Read the link, rootkit type stealth involved.
Chong3 Me (MlCR0SOFTS UPDATEe)	X	lexplarer.exe	Added by the SDBOT.CWB WORM! Read the link, rootkit type stealth involved.
cics.REGION1	L	cicssvc.exe	Related to IBM Corp.
cics.REGION2	L	cicssvc.exe	Related to IBM Corp.
cicssfs.SCMMC223	L	cicssfssvc.exe	Related to IBM Corp.
cidaemon	L	.exe	Microsoft Indexing Service filter daemon
cidaemon	L	cidaemon.exe	Microsoft Indexing Service filter daemon
Cisco Configuration Service (CCS)	L	ccs.exe	Related to Related to Cisco_Systems Note: Located in C:\WINDOWS\system32\
Cisco Systems, Inc. STC Agent (STCAgent)	L	agent.exe	Related to Cisco Systems inc. SSL VPN Client, Note: located in C:\Program Files\Cisco Systems\SSL VPN Client\
Cisco Systems, Inc. VPN Service	L	cvpnd.exe	part of Cisco VPN
Citrix CPU Utilization Mgmt/CPU Rebalancer (CTXCPUBal)	L	ctxcpubal.exe	Related to Citrix MetaFrame
Citrix CPU Utilization Mgmt/Resource Mgmt (ctxcpuSched)	L	ctxcpusched.exe	Related to Citrix MetaFrame
Citrix CPU Utilization Mgmt/User-Session Sync (CTXCPUUsync)	L	ctxcpuusync.exe	Related to Citrix MetaFrame
Citrix Print Manager Service (cpsvc)	L	CpSvc.exe	Related to Citrix MetaFrame, control Printer Management.
Citrix SMA Service	L	SmaService.exe	Related to Citrix MetaFrame
Citrix Virtual Memory Optimization	L	CtxSFOSvc.exe	Related to Citrix MetaFrame, Monitors all DLLs on a server to find where collisions are occurring
Citrix WMI Service (CitrixWMIService)	L	ctxwmisvc.exe	Related to Citrix MetaFrame
Citrix XML Service (CtxHttp)	L	ctxxmlss.exe	Related to Citrix MetaFrame
Citrix XTE Server (CitrixXTEServer)	L	XTE.exe	Related to Citrix MetaFrame
CL500_510 Remote Server	L	KaNTSRV.exe	Related to Panasocic_Color_Laser_Printer server. Note: Located in C:\PROGRAM FILES\PANASONIC\REMOTE SERVER\
Client Debug Manager	X	spoolvc.exe	W32/Sdbot-DCX Read the link, allows remote access
Client Disk Manager	X	symon.exe	Added by the W32/Tilebot-IN WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Client IP-IPX	X	svchosts.exe	Added by a variant of the W32/SDBOT WORM! Note: Located in C:\%WINDIR%\System32\drivers\ (XP/WinNT/2K)
Client Network (CdmService)	L	cdmsvc.exe	Related to Citrix MetaFrame, maps client drives and peripherals for access in ICA sessions.
Client Server Runtime Proces	X	csrss.exe	Added by the WORM_SDBOT.BTI WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Malicious activities read the topic. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder.
Client Server Runtime Process	L	csrss.exe	Microsoft Client Server Runtime Process
Client Server Runtime Service (csrss32)	X	csr.exe	Added by the W32/Sdbot-AFM WORM! Note: This worm file is found in the Windows or Winnt folder.
Client Update Service for Novell	L	cusrvc.exe	Related to Novel server.
Client/Server Runtime Server Subsystem (CSRSS)	X	csrss.exe	W32/IRCBot-UN Note: Located in %windir%, not to be confused with the legitimate file in %windir%\system32 (%windir%\system on windows 98/ME) Read the link, allows remote access and steals information
Client32	L	client32.exe	NetSupport Manager by "NetSupport Ltd.".
Cliente de seguimiento de vinculos distribuidos	L	services.exe	Spanish Windows 2000 distributed links tracking client
Cliente DHCP	L	services.exe	Spanish Windows 2000 DHCP client
Cliente DNS	L	services.exe	Spanish Windows 2000 DNS client
Clients Server Runtime Process	X	csrss.exe	Added by the W32/Sdbot-CPF WORM! Note: This worm\trojan is located in C:\%WINDIR% This is not the legitimate Windows Process. (Which is found in the System32 folder.)
Clients Server Runtime Process (Windows Internet)	X	csrss.exe	Added by the W32/Sdbot-CPF WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
clmss (Content List Management Sub System)	X	clmss.exe	Added by the W32/Tilebot-AO WORM! Note: This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Cobian Backup 8 service (CobBMService)	L	cbService.exe	Related to Cobian_Backup An Open Source projects. Note: Located in C:\Program Files\Cobian Backup 8\ Note Open souce project can be modified. Make sure you scan the program with a Virus protection program before using.
Codec	X	WINCODEC.EXE	Added by the SDBOT.CJO WORM! Read the link, rootkit type stealth involved.
Cognos ReportNet	L	cogbootstrapservice.exe	Related to Cognos_ReportNet Business Intelligence software. Note: located in C:\Program Files\Cognos\crn\bin\
ColdFusion Graphing Server	L	JRun.exe	Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc.
ColdFusion Management Repository Server (ColdFusion Management Repository)	L	jrun.exe	Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc.
ColdFusion Management Service	L	CANamingAdapter.exe	Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc.
ColdFusion Monitoring Service (ClusterCATS Service)	L	ccmgr.exe	Related to MacroMedia_ColdFusion products. Made by MacroMedia,Inc.
ColdFusion MX Application Server	L	jrunsvc.exe	Related to Macromedia Cold Fusion software.
ColdFusion MX ODBC Server	L	swstrtr.exe	Related to Macromedia Cold Fusion software.
COM Host	L	comHost.exe	Related to Norton/Symantec Internet Security
COM Message Transfer (mscommt)	X	svchost.exe -k mscommt	Added by the Troj/Dbit-A TROJAN!
COM+ Component Service (COMCSVC)	X	winmgnt.exe	Added by unknown malware, the file winmgnt.exe may be a Serv-U FTP server used to download other malicious files to your computer. File location is in the System32 folder.
COM+ Interface (svcmngr)	X	svcgirl.exe	Added by an unknown malware. Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder.
COM+ Messages	X	svchosts.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
COM+ System Client (ComSysCnt)	X	cmsvc.exe	Identified as the SdBot.bis worm Note: This worm is located in C:\WINDOWS\repair\
COM+ System Service (COMSS)	X	SSMS.EXE	Added by unknown malware. File location is in the System32 folder.
COM+ System Service (DLLHOST)	X	dllhost.exe	Added by the Backdoor.Win32.SdBot.xd as identified by Kaspersky TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
COM+ System Source (COMSysSRC)	X	vmnat.exe	W32/Tilebot-JE Note: Located in %windir%\system32 Read the link, allows remote access
Command Service (cmdService)	X	command.exe	Adware
CommServer	L	CommSvr.exe	Related to the HiPath 1220 digital PBX system from Siemens. For more information Click_Here File location is in the Program Files\Siemens\HiPath 1220\CommServer2.0 folder.
Comodo Application Agent (CmdAgent)	L	cmdagent.exe	Related to Comodo_Firewall from Comodo. Note: Located in C:\Program Files\Comodo\Firewall\
Compaq Advisor	L	compaq-rba.exe	Related to Compaq
Compaq DMI Web Agent	L	WebDmi.exe	Related to Compaq Computer.
Compaq Local Alerter	L	cpqalert.exe	Related to Compaq Computer. Allows for "fault, performance, and configuration management". Recommended for corporate users only.
Compaq Local Alerter (CPQALERT)	L	CPQAlert.exe	Related to compaq products
Compaq Presario SSH	X	cpsd.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K)
Compaq Remote Diagnostics Enabling Agent	O	Cpqdfwag.exe	Related to Compaq diagnostics utility.
Compuware Open Server	L	cwjboss.exe	Compuware Serversoftware
comrepl	X	comrepl32.exe	Added by the W32/Rbot-DNH WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
comrepl	X	comreplsvc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Config Loader	X	scvhost.exe	several Agobot variants
ConfigFree Service	L	CFSvcs.exe	Toshiba related
Configuration Loader (bF)	X	wincrt32.exe	Virus and Trojan tools. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JP&VSect=Sn
Configuration Loading	X	svchos1.exe	several Agobot variants
Connected Agent Service (AgentSrv)	L	AgentSrv.EXE	Related to Connected Corporation. - http://www.connected.com/
Connected Launcher	L	CBlaunch.exe	Connected backup software
Connected RegCap	L	CBRegCap.EXE	Connected backup software
Connection Rese	X	webadmin.exe	W32/Forbot-FY adds this, with a display name of Website Administrator Info.
Content Index service	L	cisvc.exe	Microsoft Content Index service
Content Monitoring Tool	L	msCMTSrvc.exe	Compaq CMTS
ContentProtect (CwCpSvc20)	L	cwsvc.exe	Related to ContentWatch Parental Control Internet Filter.
Contivity VPN Service	L	Extranet_serv.exe	Related to Novel server.
Contour Shuttle Device Engine (ShuttleEngine)	L	ShuttleEngine.exe	Related to Contou_Design
Control Services	X	expl0rer.exe	Win-Trojan/BlackHole.125440
Control Task Manager	X	cvsys.exe	Added by an unidentified TROJAN! Note: of the IRC/bot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
COSIDS_TB	L	TbMux32.exe	Related to http://www.transaction.de/
coste	O	martinr.coste@neuf.fr	antivirus
Cox High Speed Internet Security Suite System Service (AuthSysSvc)	L	SysSvcNt.exe	Related to Cox High Speed Internet Security Suite System Service. Note: Located in C:\Program Files\Cox\Applications\app\
cpanelx (Microsoft Control Panel)	X	cpanelx.exe	Added by a variant of the W32/SDBOT WORM! Note: This worm file is found in the Windows or Winnt folder.
cpqdmi	L	cpqdmi.exe	Compaq version of the Desktop Management Interface
CPUCooLServer Service (CPUCooLServer)	L	CooLSrv.exe	Part of CPUCooL
CQG Installation Service	L	cqginsts.exe	Related to CQG, Inc. CQG provides extensive historical data online for charting and technical analysis.
crauto	L	crauto.exe	Background task of the Paragon Encrypted Disk software which enables you to have encrypted virtual hard disks to store sensitive data. (answers that work)
Creative Labs Licensing Service	L	CreativeLicensing.exe	Related to Creative Labs Licensing Service. Note: located in C:\Program Files\Common Files\Creative Labs Shared\Service\
Creative Service for CDROM Access	L	CTsvcCDA.exe	Creative Service for CDROM Access
crss32.exe	X	crss32.exe	Added by the W32/Tilebot-GT WORM! Note: This worm\trojan is located in C:\%WINDIR%
Crypkey License	L	crypserv.exe	CrypKey Software Licensing System from Cobalt Systems
Cryptainer service (ssoftservice)	L	ssoftsrv.exe	Owner:Cypherix Cypherix Encryption Software
Cryptic Protected Storage (CryptProtectedService)	X	cpstorage.exe	Added by the W32/Tilebot-HO WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Cryptographic Engine (EngSvc)	X	csvc.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Crystal APS (CrystalAPS)	L	CrystalAPS.exe	Related to Crystal_APS Now owned by Business Objects. Note: Located in C:\Program Files\Seagate Software\Enterprise\x86\
Crystal Cache Server (CacheServer)	L	cacheserver.exe	Crystal_Decisions_Cache_Server Now owned by Business Objects
Crystal Event Server	L	EventServer.exe	Crystal Decisions Event Server
Crystal Input File Repository Server (CrystalInputFileServer)	L	inputfileserver.exe	Crystal_Decisions_File_Repository_Server Now owned by Business Objects.
Crystal Management Server	L	CrystalMS.exe	Crystal Decisions Management Server
Crystal Output File Repository Server (CrystalOutputFileServer)	L	outputfileserver.exe	Crystal_Decisions_Output_File_Repository_Server Now owned by Business Objects
Crystal Program Job Server	L	ProgramServer.exe	Crystal Decisions Job Server
Crystal Report Application Server	L	crystalras.exe	Crystal Decisions Report Application Server
Crystal Report Job Server (JobServer_Report)	L	JobServer.exe	Crystal_Decisions_Report_Job_Server Now owned by Business Objects
Crystal Web Component Server (WebCompServer)	L	WebCompServer.exe	Related to Crystal Decisions Enterprise software. Now owned by Business_Objects Note: Located in C:\Program Files\Seagate Software\WCS\
CsdDriver	X	CsdDriver.sys	Troj/Goldun-EE
CTI Central Management	X	cti.exe	Lowers IE security settings
Curtains for Windows System Service (CurtainsSysSvc)	L	CurtainsSysSvcNt.exe	Related to Authentium, Inc. http://www.authentium.com/
CVSNT 2.5.01.1927 Dispatch service (cvsnt)	L	cvsservice.exe	Related to CVS_on_NT service Machines. From March Hare Software. Note: Located in C:\Program Files\CVSNT\
CVSNT 2.5.01.1927 locking service (cvslock)	L	cvslock.exe	Related to CVS_on_NT service Machines. From March Hare Software. Note: Located in C:\Program Files\CVSNT\
CWAFAdminController	L	CWAFAdminController.exe	Compuware Seversoftware
CWAFAdminMonitor	L	CWAFAdminMonitor.exe	Compuware Serversoftware
CWAFEventRouter	L	cwafservice.exe	Compuware Serversoftware
CWAFNotesService	L	CWAFNotesService.exe	Compuware Serversoftware
CWAFReportScheduler	L	CWAFSchedService.exe	Compuware Serversoftware
CWAFRmiRegistry	L	CWAFRmiRegistry.exe	Compuware Serversoftware
CWShredder Service	L	CWShredder.exe	CWShredder tool from Trend Micro.
CXPT_Service - Cyberspace Headquarters, LLC	L	wcservice.exe	Related to Internet_Security Suite from COSMI Corp.
CyberArmor Run Service	L	casvc.exe	CyberArmor an Enterprise Class Personal Firewall
Cyberhawk	L	CHService.exe	Related to Cyberhawk from Novatix, Protects against Viruses, Spyware, Identity Theft. Note: Located in C:\Program Files\Novatix\Cyberhawk\
CyberLink Background Capture Service (CBCS) (CLCapSvc)	L	CLCapSvc.exe	Related to CyberPower Systems, Inc. - http://www.powercinema.com/english/index.jsp
CyberLink Media Library Service	L	CLMLServer.exe	Related to CyberPower Systems, Inc. - http://www.powercinema.com/english/index.jsp
Cyberlink RichVideo Service(CRVS) (RichVideo)	L	RichVideo.exe	CyberLink RichVideo is an advanced technology designed to save precious video editing time.
CyberLink Task Scheduler (CTS) (CLSched)	L	CLSched.exe	Related to CyberPower Systems, Inc. - http://www.powercinema.com/english/index.jsp
CYGWIN cygserver (cygserver)	L	cygrunsrv.exe	Related to Cygwin_RedHat powerful tools to assist developers in migrating applications from UNIX®/Linux to the Microsoft® Windows®; platform. Note: located in C:\Apps\cygwin\bin\
CypressLink	L	CypressLinkService.exe	Related to Related to CypressViewer from Siemens. Medical software. Note: Located in C:\Program Files\Acuson\CypressViewer\Bin\Release\
D-Link IP servellience Launcher (D-Link_ST3402)	L	Launcher_DL.exe	Related to D-link Software. Note: Located in C:\Program Files\D-Link\IP surveillance\
DameWare Mini Remote Control	L	DWRCS.EXE	Related to DameWare Development
DameWare NT Utilities 2.6 (DNTUS26)	L	DNTUS26.EXE	Related to Dameware_NT_Utilities program that allows remote access and control of a computer. This is a common program for hackers to install on a computer, so if it is installed, and you did not install it, it should be removed. Note: Located in C:\%WINDIR%\System32 (XP/WinNT/2K)
dashsvc	L	Dashsvc.exe	Motion computer pen interface. :Owner: Motion Computing Inc.
Data Protector Inet	L	OmniInet.exe	Related to Hewlett-Packard OpenView OmniBack II
Datakey's Log Service (DkLogger)	L	DkLog.exe	Made by Datakey, Inc.
Datakey's Token Service (DkTknSrv)	L	dkcktkn.exe	Made by Datakey, Inc.
DataSvr	L	DataServer.exe	Related to Wave_Systems_Corp An identity protection application that is configured to use digital certificates.
Datax Sagef Server (SagefServer)	L	Datax.Sagef.Server.exe	Related to DataX Server. Note: Located in C:\Program Files\Datax\Servidor Sagef\
DB2 - DB2 (DB2)	L	db2syscs.exe	Related to IBM Corp.
DB2 - DB2DAS00 (DB2DAS00)	L	db2syscs.exe	Related to IBM Corp.
DB2 Governor (DB2GOVERNOR)	L	db2govds.exe	Related to IBM Corp.
DB2 JDBC Applet Server	L	db2ccs.exe	Unknown.Found in an IBM application.
DB2 JDBC Applet Server (DB2JDS)	L	db2jds.exe	Unknown, found in a IBM application.
DB2 Remote Command (DB2REMOTECMD)	L	db2rcmd.exe	Related to IBM Corp.
DB2 Security Server (DB2NTSECSERVER)	L	db2sec.exe	Related to IBM Corp.
DB2DAS - DB2DAS00	L	db2dasrrm.exe	IBM DB2 related. The DB2 Admin Server process. This process supports both local and remote administration requests using the DB2 Control Center.
Dcfssvc	L	dcfssvc.exe	Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can\'t load pictures from your camera/dock - Kodak\'s dock is an example
Dcom Helper (DcmHlp)	X	dcmhelp.exe	Addec by the W32/Sdbot-AJA WORM! Note: This worm\trojan is located in C:\%WINDIR%\
DCOM PC Service (mspcdcom)	X	mspcdcom.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
DCPFLICS	L	DCPFLICS.exe	Related to: Discreet Turbosquid/3dsmax Plugin Protection
DCS Loader	L	OPHALDCS.EXE	Print spooler service for Oki_Data printer
dcznetv2 (dcznetv2)	X	dcznetv2.exe	Added by the W32/Tilebot-O WORM! Note: This worm/trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
DDE de red	L	netdde.exe	Spanish Windows 2000 network DDE
Debug Config System	X	lrsys.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here
Debug System Manager	X	spoolvc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Deepsight Extractor	L	ExtractorService.exe	Symantec Security Analyser
DeepSight Extractor CC Service	L	ccExtractorService.exe	Related to Symentec corp.
DeepSight Extractor Service for NPF03	L	ExtractorServiceNPF03.exe	Symantec Security Analyser
DeepSight Extractor Service for NPF04	L	ExtractorServiceNPF04.exe	Symantec Security Analyser
Defragmentation Management Handler (FAT Defragmentation)	X	dfrgfat32.exe	Added by the W32/Codbot-AB WORM! Note: This worm\trojan file is found in the System32 folder.
DefWatch	L	defwatch.exe	Symantec Antivirus related
Dell Printer Status Watcher (DLPWD)	L	DLPWDNT.EXE	Related to Dell_Printers Note: Located in C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\
Dell Wireless WLAN Tray Service (wltrysvc)	L	WLTRYSVC.EXE	Related to wireless networking for Broadcom wireless network cards, found on Dell PCs
DellDmi	L	DellDmi.exe	Related to Dell's OpenManage software.
DEventAgent	L	EventAgt.exe	Related to: Dell OpenManage and used for server management.
DEVICEMAP	X	DEVICEMAP.SYS	Added by the TROJ_ROOTKIT.O TROJAN! Read the link, rootkit type stealth involved.
DF5Serv	L	DF5Serv.exe	By Faronics Corporation
dgtsys (dgtsys)	X	dgtsys.sys	Added by Adware-DigitalNames
DHCP Client (Ulead Service)	X	dhcpclient.exe	Added by the W32/Codbot-AG WORM!
Diagnostic Facility COM Server (CdfSvc)	L	CdfSvc.exe	Related to Citrix MetaFrame Presentation Server
DiamondCS Process Guard Service v3.000	L	dcsuserprot.exe	process guard
DigiCtrl	L	digisc.exe	Related to Matrox_Electronic_Systems DigiSuite Service Control
Digidesign MME Refresh Service (DigiRefresh)	L	MMERefresh.exe	Related to Digidesgin Protocols Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R
digiSPTIService	L	digiSPTIService.exe	Related to Pro_Tools digital audio workstation (DAW) technology.
Digitizer Service (Digitizer)	L	digtizer.exe	Related to Digitizer_Service from Wacom Tech. Note: Located in C:\%WINDIR%\System32 (XP/WinNT/2K)
Dimension4	L	D4.exe	Related to Dimension4 Thinking Man Software - Note: Located in C:\Program Files\D4\
direct sound rss (dsrss)	X	dsrss.exe	Added by the Backdoor.SdBot.xd as identified by ewido. Note: This worm\trojan is located in C:\%WINDIR%\
DirectUpdate engine	L	DUService.exe	Direct Update - registers dynamic IPs to a fixed hostname
DirectX Debug Service (DXDebug)	L	DXDebugService.exe	Related to the Microsoft DirectX SDK and offers a debug facility for this development suite.
DirectX Drivers	X	D1rectX.exe	Added by the SDBOT.CIF WORM! This should not be confused with Microsoft DirectX files. Read the link, rootkit type stealth involved.
DirectX Graphics (dxdmain)	X	dxdmain.exe	Added by the W32/Codbot-O WORM!
DirectX Service (Cakad)	X	explorer.exe	Troj/DwnLdr-GTD Read the link, allows remote access
DirectX Service (DirectFezt)	X	explorer.exe	Troj/Crybot-G Note: Located in the downloaded program files folder Read the link, allows remote access
DirectX Service (DirectService)	X	directx.exe	Added by the Troj/Crybot-B TROJAN! This should not be confused with Microsoft DirectX files. Note: Allows a remote intruder to gain access and control over the computer through IRC channels.
DirectX Service (DirectValk)	X	explorer.exe	Added by the Troj/Crybot-F TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
DirectX Service (DirectXopm)	X	explorer.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\COMMAND\ Folder. Note This should not be confused with C:\%WINDIR%\explorer.exe which is the Microsoft Operating file.
directx.exe	X	directx.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder.
DIRECWAY Webcast (DPC_SRV_WEBCAST)	L	dpcproxy.exe	Related to DIRECWAY Webcast - http://www.directway.com/
DirMS_Defragmentation	L	DirmsService.exe	Related to DirMS_Defragmentation from DIRMS. Allows the user to defragment hard drives with a user-friendly GUI. Note: Located in C:\Program Files\MATCO\
Disk Checker Service (Check Disk)	X	chkdsk.exe	Added by the W32/Tilebot-IS WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Read the link
Disk Indexing Service (DiSVC)	X	disvc.exe	Added by the Troj/IRCBot-UX TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Disk Management Service (VxSvc)	L	VxSvc.exe	Related to Dell Open Management system. http://www.what-process.com/process-info.aspx?p=VxSvc.exe
Disk Monitor Services (DiskMon32)	X	svchost.exe -k dmon	Added by the Hanmon TROJAN! Note: This trojan file is found in the System32 folder.
Diskeeper	L	DkService.exe	Executive Software's Diskeeper (Defragmenter)
Distributed Link Tracking Extensions	X	kernel32dll.exe	Added by the W32/Myfip-I worm.
Distributed Link Tracking Service (TrkWksvc)	X	TrkWksvc.exe	Added by the W32.Toxbot.B WORM!
Distributed Transaction Coordinator (MSDTC)	L	msdtc.exe	Related to the Distributed_Transaction_Coordinator on Windows 2003. Note: Located in C:\%WINDIR%\System32\
Distributed Transaction Server (MSDCT)	X	msdtc.exe	Troj/Hupigo-SJ Read the link, allows remote access
distributed.net client	X	iosdt.exe	You have a Trojan virus on your PC . IOSDT.EXE is its main file. You most probably tried to download illegal copies of Microsoft software, and got infected by this trojan virus as a result (it gives access to your PC from the Internet).
distributed.net client (dnetc)	L	dnetc.exe	Client part of the dstributed.net general-purpose distributed computing project.
DK2 Network Server (DNServer32)	L	DNSrv32.exe	Related to DESkey_Hardware reliable and flexible means to protect your software from piracy. Note: Located in C:\Program Files\DESkey\DK2 Network Server\
DkeySync	L	syncservice.exe	Related to GE_Security_Supra Note: Located in c:\program files\ge security supra\
dlbt_device	L	dlbtcoms.exe	Something by Dell Computers
dlbu_device	L	dlbucoms.exe	Related to Dell computers
dlbx_device	L	dlbxcoms.exe	Related to Dell computers.
dlcc_device	L	dlcccoms.exe	Dell printer related. File is found in the System32 folder.
dlcg_device	L	dlcgcoms.exe	Related to Dell_Printer Communication System Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
dlcj_device	L	dlcjcoms.exe	Related to Dell Photo AIO Printer, may be the driver.
DLL Manager (mswindll)	X	mswindll32.exe	Added by the W32/Tilebot-AQ WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
dllmgr64	X	dllmgr64.exe	Added by a Backdoor.SdBot.xd trojan identified by EWIDO. Note: This worm\trojan is located in C:\%WINDIR%\
DLT - Dell Computer Corporation	L	DLT.exe	Related to Dell OpenManage system management software
DM Primer (DMPrimer)	L	dmprimer.exe	Related to Unicenter_Remote_Control_Host From Computer Associates Note: Located in C:\Program Files\CA\SharedComponents\DesktopCommonServices\DMPrimer\
DM1Service	L	DM1Service.exe	Related to OLYMPUS Corporation
dmisrv	L	dmisrv.exe	Appears to be part of Dell OpenManage_Client_Instrumentation Software.
dmserver	X	svchost.exe -k dmserver	Added by the Fuwudoor TROJAN!
DNS Client Service	X	svshost.exe	Identified as the SdBot.awe worm Note: This worm is located in C:\%WINDIR%\System32\
DNS Manager (dnsmgr)	X	dnsmgr.exe	Added by a variant of W32.Wargbot WORM! Note: This worm is located in C:\%WINDIR%\System32
DNS Server (DNS Server)	X	svchost.exe	Added by the Troj/Feutel-Y TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This trojan file is found in the Windows or Winnt folder.
DNS4Me Client (DNS4MeClient)	L	DNS4MeClient.exe	Related to Dynamic_DNS_service from RhinoSoft.com that makes it possible for you to start hosting your own web site, FTP server, mail server, and more.
DNSCacheReader	X	j[random number].exe	Troj/TinyDL-J Note: Located in C:\Windows\System32
DNSexit	L	dnsexit_srv.exe	Provides reliable DNS Services free of charge to top level domains for both business and internet users. http://www.dnsexit.com/
dnWhoDisp	L	dnwhodisp.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
Documentum Desktop Component Installer	L	DcComponentInstaller.exe	Related EMC_Corporation Content management software.
Download Manager Lite Service (DownloadManagerLite)	L	dm.exe	Related to Net_Cable TV. Note: Located in C:\Program Files\NCTV\bin\
DPI Assistant Service (srvdpi)	L	srvdpi.exe	Related to Ositech_Communiction Service. Note: Located in C:\WINDOWS\System32\
Dragon Age - Bioware	X	dragonage.exe	Added by the W32/Vanebot-M WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ dllcache\ (XP/WinNT/2K) Will try to teminate virus protections software.
Driver Cache (Driver Cache)	X	Driver Cache.exe	Added by the Troj/Feutel-S TROJAN!
DSDM de DDE de red	L	netdde.exe	Spanish Windows 2000 network DDE DSDM
dservice	X	dservices.exe	W32/Spybot-NM Note: Located in %windir%\system32\dllcache Read the link, allows remote access
DTS Agent	L	tngdta.exe	Computer Associates Data Transport Service Agent
DTS Browser	L	tngdoba.exe	Computer Associates Data Transport Service Browser
DTS Metrics Gatherer	L	tngdtmg.exe	Computer Associates Data Transport Service
DUN Manager Service	?	dmservc.exe	Dial-up and routed networking enhancement - http://www.magsys.co.uk/dunman/
DUN_SERVICE3	X	dun3.exe	Added by the Trojan.Sokiron TROJAN!
DVD-RAM_Service	L	DVDRAMSV.exe	DVD driver
DVDrealm (DVDrealm)	X	DVDrealm.sys	Added by the Troj/Rootkit-AA TROJAN! Read the link, rootkit type stealth involved.
DvpApi	L	dvpapi.exe	Command Software Systems, Inc. - anti Virus
dx32hhec	X	dx32hhlp.exe	Added by the Nemog TROJAN!
Dynamic Library Host (DLLHOSTS)	X	dllhost.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: Note: This worm\trojan is located in C:\%WINDIR%\ More here
DynamicHost (DLHOST)	X	dlhost.exe	Added by the W32/Tilebot-BO WORM! Note: This worm file is found in the Windows or Winnt folder.
E6F7BD90	X	Random_Name.exe	Troj/BDoor-ADP
E8CA85CC	X	E8CA85CC.EXE	Troj/JD-A Read the link, steals information
EarthLink Firewall Process Path Service (ElnkFWPPService)	L	EFWPPS~1.EXE	Related to EarthLink_Firewall Process. Note: Located in C:\Program Files\EarthLink\Protection Control Center\
EarthLink Protection Control Center Service (ELNKService)	L	ELNKServ.exe	Related to EarthLink_Protection_Control Center Service. Note: Located in C:\Program Files\EarthLink\Protection Control Center\
EarthLinkSafeConnectAgent	L	SanaAgent.exe	Part of the EarthLink protection center
Earthworks License Manager	L	ewlicense_manager_nt.exe	Software application for mining and related extractive industries and produces two ranges of products under the Datamine and Earthworks labels. Note: Located in C:\Program Files\Common Files\Earthworks
Earthworks License Services	L	LicenseServicesNT.exe	Software application for mining and related extractive industries and produces two ranges of products under the Datamine and Earthworks labels. Located in C:\Program Files\Common Files\Earthworks
Easy File & Folder Protector (ACDService)	L	EFPAP.exe	Easy_File_&_Folder_Protector Deny access to certain files and folders, or to hide them securely from viewing and searching
EC2007 Service 1.40 (EC2007Service)	L	ec27ser.exe	Electronic_Chart_Display_and_Information System (ECDIS). Data production for Electronic Navigational Charts. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
ECA (cpanel)	X	javapanel.exe	Added by the W32/Tilebot-Y WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
eEye Application Bus (eeyeevnt)	L	eeyeevnt.exe	Related to eEye Digital Security
eEye Retina Engine (RetinaEngine)	L	RetinaEngine.exe	Related to eEye Digital Security
Electronic Arts Licensing Service	L	EA Licensing Service.exe	Related to EA_Licensing_Service.exe is installed with some games from Electronic Arts. It is required for the games to run. Leave it alone if you want to play any games from EA Note: located in C:\Program Files\Common Files\Electronic Arts Shared\
ELNK Update Service (ELNKUpdateService)	L	UpdateService.exe	Related to EarthLink's protection centre
EloSystemService	L	EloSrvce.exe	Elo TouchSystems, Inc. - http://www.elotouch.com
EloTouchscreen	L	EloTouch.exe	Related to Elo TourchSystems, Inc.
elpow_spy	X	elpow_spy.sys	Added by the ElpowKeylogger Spyware! Note: This file is found in the System32\drivers folder. Read the link, rootkit type stealth involved.
Emagic EMI System Tray Service (emitray)	L	emitray.exe	The tray icon of the emagic EMI 2/6 USB audio interface
EMCliSrv	L	EMCliSrv.exe	Related to Express_Metrix PC inventory and software usage tracking. Note: Located in C:\WINDOWS\system32\wex4962\
Empty (m_hook)	X	m_hook.sys	Troj/BagleDl-CJ Note: Located in %windir%\system32 Read the link, rootkit stealth involved
Enables Java Support (Java)	X	winjava.exe	Added by the W32/Codbot-AA WORM! Note: This worm/trojan file is found in the System32 folder. (May use various filenames and will startup with system even in Safe mode.)
Enables Javascript Support (Javascript)	X	javascript.exe	Added by the W32/Codbot-V WORM!
Encryption Service	L	encsvc.exe	Related to Citrix MetaFrame
end task (Taskend)	X	Taskend.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\
Entrust Login Interface (ELIService)	L	etlisrv.exe	Related to Entrust Login Interface service, Made by Entrust Technologies Ltd. This file is found in the Windows or Winnt folder.
ENUFF Server (ENXPSVR)	L	ENSERVS.EXE	Enuff Parental Control Software by Akrontech
ENUFF XP Service (ENXPSVC)	L	CVSEXPSS.EXE	Enuff Parental Control Software by Akrontech
EP2005-SAGEM Usb Switcher (EpMonitor)	?	EpMonitor.exe	Appears to be related to EpMonitor from "Eightfold Technologies"
EPrint III Service	L	LPSVS03N.EXE	Related to LEADTOOLS_ePrint From Lead Tech. Perform additional processing to your print job before sending it to the driver.
EPS Printer Driver	X	EPSONSYS.SYS	Added by the Goldun.I TROJAN! Note: This trojan file is found in the System32 (NT/2000/XP) folder. Also look for Winlogon Notify: printpnp - printpnp.dll
EPSON ESC/POS Status Service (EPSON ESCPOS Status Service)	L	EpStsSrv.exe	Related to EPSON_ESC/POS Status service by SEIKO EPSON Corp. Note: Located in C:\WINDOWS\SYSTEM32\
Epson Printer Status Agent (StatusAgent)	L	SAgentNT.exe	Related to Epson_Printer Status agent. Note: Located in C:\Program Files\Common Files\EPSON\EBAPI\
EPSON Printer Status Agent2	L	SAgent2.exe	detects and configures an Epson Printer Port where applicable
Epson Printer Status Agent4 (StatusAgent4)	L	SAgent4.exe	Related to Epson Corp.
EPSON V3 Service2(02) (EPSON_PM_RPCV2_02)	L	E_S00RP2.EXE	Related to the EPSON Status Monitor 3
EPSON V3 Service2(03) (EPSON_PM_RPCV2_01)	L	E_S00RP1.EXE	Related to the EPSON Status Monitor 3
EPSON V3 Service4(01) (EPSON_PM_RPCV4_01)	L	E_S30RP1.EXE	Epson status monitor
EpsonBidirectionalService	L	eEBSVC.exe	Related to Epson printers.
eRecovery Service (eRecoveryService)	L	eRecoveryService.exe	Related to eRecoveryService Management from Acer Empowering Technology Note: Located in C:\Acer\Empowering Technology\eRecovery\
eScan Monitor Service	L	avpm.exe	eScan Antivirus
eScan Server-Updater	L	TRAYSSER.EXE	eScan antivirus
Escritorio remoto compartido de NetMeeting	L	mnmsrvc.exe	Spanish Windows 2000 Netmeeting remote desktop sharing service
Esker FTPD (ftpds)	L	WFTPDSNT.EXE	Related to Esker software
Esker License Control (EskerLicenseControl)	L	eslcbcst.exe	Related to Esker License control
Esker LPD (lpds)	L	WLPDSNT.EXE	Related to Esker software
Esker NFSD (nfsds)	L	WNFSDSNT.EXE	Related to Esker software
EstaciÃ³e trabajo	L	services.exe	Spanish Windows 2000 "workstation"
ET54FG	X	ET54FG.SYS	Added by the TROJ_ROOTKIT.N TROJAN! Read the link, rootkit type stealth involved.
eToken Notification Service (ETOKSRV)	L	eTSrv.exe	Related to eToken Notification Service from Aladdin Knowledge Systems, Ltd. Authentication and password management. Note: Located in C:\WINDOWS\system32\
eTrust Antivirus Job Server	L	InoTask.exe	Associated with eTrust Antivirus/InoculateIT
eTrust Antivirus Realtime Server	L	InoRT.exe	Related to eTrust's AntiVirus Internet Security solution.
eTrust Antivirus RPC Server	L	InoRpc.exe	Associated with eTrust Antivirus/InoculateIT
EUQ_Monitor	L	EUQMonitor.exe	Related to a Trend Micro product
Event Log Watch	L	LogWatNT.exe	Computer Associates
Event Monitor (evmon)	X	spoolcll.exe" -netcvs	Added by the W32.Spybot.IVQ WORM!
EvtEng	L	EvtEng.exe	Related to Intel Corporation http://www.what-process.com/process-info.aspx?p=EvtEng.exe
ewido anti-spyware 4.0 guard	L	guard.exe	Related to ewido_suite Note: located C:\Program Files\ewido anti-spyware 4.0/
ewido security suite control	L	ewidoctrl.exe	Related to ewido networks
ewido security suite guard	L	ewidoguard.exe	Related to ewido networks
Examinador de equipos	L	services.exe	Spanish Windows 2000 computers browser
ExecView Communication Module (ECM) (ECM Service)	L	ECM.exe	Related to VERITAS_ExecView
Exten. controlador Instrumental de admon. de Windows	L	services.exe	Spanish Windows 2000 windows management instrumentation drive extension
Extend360 Agent (ServiceMgr)	L	ServiceMgr.exe	Related to Fiberlink's Extend360 TM mobile Note: Located in C:\Program Files\Fiberlink\Extend360\
Extended Windows Security (Microsoft Extended Windows Security)	X	elRecvr.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\ (Win9x/Me), C:\%WINDIR%\ (XP/WinNT/2K)
Externtelecom	X	extel.exe	Added by the W32/Sdbot-AAX WORM! Read the link, rootkit type stealth involved.
F-Prot Antivirus Update Monitor	L	fpavupdm.exe	Related F-Prot Antivirus Update Monitor by FRISK_Software_International
F-Secure 2006 (BackWeb Plug-in - 4476822)	L	SERVIC~1.EXE	Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder.
F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822)	L	SERVIC~1.EXE	Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder.
F-Secure Anti-Virus Firewall Daemon	L	fsdfwd.exe	Related to F-Secure Corporation.
F-Secure Authentication Agent (FSAA)	L	FSAA.EXE	Related to F-Secure antivirus
F-Secure Automatic Update Agent (FSAUA)	L	fsaua.exe	Related to F-Secure Corporation. Note: Located in C:\Program Files\F-Secure\FSAUA\program\
F-Secure BackWeb LAN Access	O	fsbwlan.exe	Related to F-Secure_BackWeb LAN Access. This File should be found in the Program Files\F-Secure Internet Security\backweb\7681197\program folder.
F-Secure Gatekeeper Handler Starter	L	fsgk32st.exe	Related to F-Secure Anti-Virus Prog.
F-Secure HTTP Server (fshttps)	L	fshttps.exe	F-Secure Corporation http://www.what-process.com/process-info.aspx?p=fshttps.exe
F-Secure Management Agent	L	FSMA32.EXE	Related to F-Secure Anti-Virus Prog.
F-Secure Network Request Broker	L	FNRB32.EXE	Related to F-Secure_Anti-Virus software. This File should be found in the Program Files\F-Secure\Common\ folder.
FactoryTalk Diagnostics CE Receiver (RNADiagReceiver)	L	RNADiagReceiver.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
FactoryTalk Diagnostics Local Reader (RNADiagnosticsService)	L	RNADiagnosticsSrv.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
fan.eeewl.com	X	nsvce32.exe	Added by the TROJ_AGENT.IOF TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Fast Track Installer (FastTrackInstallerService)	L	GBInst.exe	Related to Fast_Track_USB from M-Audio. Note: Located in C:\Program Files\M-Audio Fast Track\
FastUserSwitchingCompatibil (Fast User Switching Compatibil)	X	svchost.exe	Added by the Troj/Keylog-AT TROJAN! Note: This is not the legitimate Windows process svchost.exe (Which is always found in the System32 folder.) This trojan file is found in the Windows or Winnt folder.
Fear Service (FSVC)	X	fear32.exe	Added by the W32/Tilebot-T WORM! Note: This worm file is found in the Windows or Winnt folder.
Fiberlinkcomm Wireless Engine	L	BWEngine.exe	Related to Fiberlink's Extend360 TM mobile Note: Located in C:\Program Files\Fiberlink\Extend360\WENGINE2\
FIFA WORLD CUP 2007	X	fifa2007.exe	Added by the W32/Spybot-MQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\(XP/WinNT/2K) Steal information from Protected Storage and terminate certain anti-virus and security software
File and Folder Protector	L	ffpsrv.exe	Related to SoftHeap.Com a software shop of Atlantic Coast PLC http://www.softheap.com/
FileCabinet CS Print Service (FCPrintService)	L	csifcsvc.exe	Related to FileCabinet_CS Print Service Note: Located in C:\%WINDIR%\
FileChecker	L	filechecker.exe	Related to FileChecker from Javacool software. Watches important system files for changes, modifications, or tampering (by malicious programs).
FileZilla Server FTP server (FileZilla Server)	L	FileZilla Server.exe	Related to FileZilla A FTP and SFTP client for Windows from SourceForge.net
Firebird Guardian	L	fbguard.exe	Firebird Guardian
Firebird Server	L	fbserver.exe	Firebird Database Server
FireDaemon Service: events (events)	X	FireDaemon.EXE	Reported by Ewido security suite as Backdoor.SdBot.nj. Note: FireDaemon is a legitimate product that has been included, illegally, as part of the payload in a series of Worms and Trojans that exploit various security holes in Microsoft's Operating System products. For More information including cleanup Click_Here
FireDaemon Service: rundll (rundll)	X	FireDaemon.EXE	Reported by Ewido security suite as Backdoor.SdBot.nj. Note: FireDaemon is a legitimate product that has been included, illegally, as part of the payload in a series of Worms and Trojans that exploit various security holes in Microsoft's Operating System products. For More information including cleanup Click_Here
firefox auto update	X	firefox.exe	Added by the W32/Tilebot-DN WORM!, Note: Located in C:\%WINDIR%\
Firewall service (FWSvc)	X	FWSvc.exe	Related to WinAntiVirus Pro - rogue "antivirus"
Fix-It Task Manager (mxserver)	L	mxserver.exe	Related to Ontrack Inc. Data Recovery service.
Flash Communication Admin Service (FlashComAdmin)	L	FlashComAdmin.exe	Appears to be modem driver related, Made by Macromedia, Inc.
Flash Communication Server (FlashCom)	L	FlashCom.exe	Appears to be modem driver related, Made by Macromedia, Inc.
FLEXlm server for PTC	L	lmgrd.exe	lmgrd.exe is a process associated with the Macrovision application-generic license server.
FLEXnet Licensing Service	L	FNPLicensingService.exe	Related to FLEXnet_Publisher from Macrovision. Note: Located in C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\
Folder Size (FolderSize)	L	FolderSizeSvc.exe	Related to Folder_Size Adds an other column to your folder view. Note: Located in C:\Program Files\FolderSize\
Folding@Home (FAH@C:+FAH+fah-service+FAH502-Console.exe)	L	FAH502-Console.exe	Related to Stanford University - Folding@home is a distributed client computing effort by Stanford University http://tech-report.com/etc/folding/
Font Cache Downlevel	L	FontCacheService.exe	Service installed by the Microsoft Avalon open beta.
ForceWare Intelligent Application Manager (IAM)	L	nSvcAppFlt.exe	Related to Nvidia Corp. Intelligent Application Manager.
ForceWare IP service (nSvcIp)	L	nSvcIp.exe	Related to Nvidia Corp. Network Access Manager.
ForceWare user log service (nSvcLog)	L	nSvcLog.exe	Related to Nvidia Corp. Network Access Manager.
Fortech Proxy+	L	ProxyPlus.exe	FORTECH Ltd. http://www.proxyplus.cz/
Fortinet Service Scheduler (FA_Scheduler)	L	scheduler.exe	Related to Fortinet security systems are the new generation of real time network protection systems. Note: located in C:\Program Files\Fortinet\FortiClient\
Framework	O	srvany1234.exe	Unknown owner: Location C:\WINDOWS\system32\srvany1234.exe
Freeloader Monthly Subscription Service	L	Freeloader Monthly Subscription Service File.exe	Related to freeloader.com Online game services.
FreePOPs	L	freepopsservice.exe	FreePOPs is distributed by the GNU General Public License is intended to guarantee your freedom to share and change free software. Make sure your copy is not adware or includes a virus. Note: Located in C:\Program Files\FreePOPs\
FreeSSHDService	L	FreeSSHDService.exe	Related to OpenSSH A free SSH/SecSH protocol suite providing encryption for network services like remote login or remote file transfer. Note: located in C:\Program Files\freeSSHd\
FreezeScreenSaver	X	FreezeScreenSaver.exe	FREEZESCREENSAVER.EXE_is_Adware Note: Located in C:\WINDOWS\system32\
frepdll.exe	X	FREPDLL.EXE	Added by the W32/Tilebot-D WORM! Note: Gives the fake description "ET dll Locator tool". Read the link, rootkit type stealth involved.
FS Service Control	L	NTServApp.exe	Related to ArchestrA Software architecture for the integration of your automation systems.
fsbwsys	L	fsbwsys.exe	Related to F-Secure_Antivirus Made by F-Secure Corp. This File should be found in the Program Files\F-Secure Internet Security\backweb\4476822\program folder.
Fujitsu Services VPN Manager (FS_VPNmanager)	?	FSVPNManager.exe	Appears to be software from Fujitsu
FUS_Server (USEPigeonServer)	X	FTPServer.exe	Added by the Troj/Hunpigon-RO TROJAN! Note: This trojan file is found in %windir%
FW Configuration Interpreter	L	UmxCfg.exe	Tiny Firewall
FW Event Manager	L	UmxAgent.exe	Tiny Firewall
FW Live Update	L	umxlu.exe	Tiny Firewall
FW Policy Manager	L	UmxPol.exe	Tiny Firewall
FW User to IP Address Translation	L	umxuta.exe	Tiny Firewall
FW User-Mode Helper (UmxFwHlp)	L	UmxFwHlp.exe	Tiny Software Firewall User-Mode Helper. Made by Tiny Software, Inc. A subsidiary of Computer_Associates_International The file associated with this service is located in the Program Files\Tiny Firewall folder.
fwnet64 (fwnet)	X	fwnet64.exe	Added by Backdoor.SDBot.gen Note: This worm\trojan is located in C:\%WINDIR%\
FwSRService	L	fwsrservice.exe	CheckPoint SecuRemote
gb	X	ibm*****.dll	Trojan-PSW:W32/Sinowal.CP Read the link, steals information Note: ***** is a 5 digit random number
GB-PVR Recording Service	L	gbpvrrecordingservice.exe	Part of GB-PVR Personal video recorder software
GBPoll	L	GBPoll.exe	Seems to be Roxio GoBack related
GbpSv	X	svchost.exe	Troj/Banker-EFM Read the link, steals information Note: Located in %windir%
GCX Service	X	GCXSRVC.EXE	Added by the RBOT.CUE WORM! Read the link, rootkit type stealth involved.
GEARSecurity	L	GEARSEC.EXE	Related to GEAR software.
Gene6 FTP Server	L	G6FTPSERVER.EXE	Related to Gene6 Sarl. http://www.g6ftpserver.com/
General Network Service	X	winsocks32.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here
generic host process (svchost)	X	svchost.exe	Added by the W32/Tilebot-BB WORM! Note: This is not the legitimate Windows process svchost.exe (Which is always found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Generic Host Process (svchost)	X	SVCHOST.EXE	Added by the SDBOT.CNK WORM! Note: This is not the legitimate Windows process svchost.exe (Which is always found in the System32 folder.) This trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Generic Host Process For Win32 Services (Generic Host Process)	X	svchost.exe	Added by the W32/Tilebot-DM WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.)
Generic Service for HID Keyboard Input Collections (GenericHidService)	L	HIDSERVICE.exe	Enhanced Driver for Keyboards and Windows http://www.microsoft.com/whdc/device/input/w2kbd.mspx
GFI LANguard N.S.S. 7.0 Attendant Service	L	lnssatt.exe	Related to GFI_LANguard_Network Security Scanner from GFi. Note: Located in C:\Program Files\GFI\LANguard Network Security Scanner 7.0\
GFI LANguard System Integrity Monitor 3 agent service	L	cfservice.exe	GFI LANguard System Integrity Monitor is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/XP system. Made by GFI_Software_Ltd File location is in the Program Files\GFI\System Integrity Monitor 3 folder.
GhostStartService	L	GHOSTS~2.EXE	Related to Norton. GHOSTSTARTSERVICE is the background support task/service for Ghost for Windows.
Giga Pocket Hardware Detector	L	shwserv.exe	Sony computers
gldr	X	gldr.exe	Trojan Related
Google Updater Service (gusvc)	L	GoogleUpdaterService.exe	Related to Google_Updater_Service Note: Located in C:\Program Files\Google\Common\Google Updater\
GoogleDesktopManager	L	GoogleDesktopManager.exe	Related to Google_Desktop_Manager Note: Located in C:\Program Files\Google\Google Desktop Search\
GoToMyPC	L	g2svc.exe	Related to Citrix Online
GoverLAN Service (GOVsrv)	L	GOVsrv.EXE	Owner:PJ Technologies Inc. See_Here
Gray (Pigeon)	X	Scrsss.exe	Added by the Troj/GrayBrd-AM TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
GrayPigeonServer	X	in.exe	Added by a variant of the Troj/GrayBrd-AP TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
GrayPigeonServer	X	G_Server2006.exe	Added by the Troj/Graybrd-EI TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder. More: delete this file also G_Server2006Key.DLL
GrayPigeon_Hacker.com.cn	X	winlogoin.exe	Added by the Troj/GrayBrd-BA TROJAN! Added by an unknown malware. Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder.
Gray_Pigeon (GrayPigeon)	X	.exe	Added by the Troj/GrayBrd-EH TROJAN! Note: This worm\trojan file is found in the Program Files folder.
Gray_Pigeon (GrayPigeon)	X	G_Server2.0.exe	Troj/Hupigon-CH Note: Located in %windir% Read the link, allows remote access
Gray_Pigeon_Serve (GrayPigeonServer)	X	G_Server.exe	Added by the Troj/Feutel-I or Troj/Feutel-AI TROJAN!
Gray_Pigeon_Server (GrayPigeonServer)	X	G_Server1.2.exe	Added by the Troj/GrayBrd-AP TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
Gray_Pigeon_Server1.236 (GrayPigeonServer1.236)	X	G_Server1.236.exe	Troj/Hupigon-RW Read the link, allows remote access
Gray_Pigeon_Server2.0 (GrayPigeonServer2.0)	X	G_Server2.0.exe	Added by the Troj/GrayBird-O TROJAN!
GreenBorder Client Manager Service (clnt_ClientMan)	L	ClientMan.exe	Related to GreenBorder Secure your browsing activities on the internet. Note: Located in C:\Program Files\GreenBorder\
GridIron X-Factor After Effects Peer #1 (XFACTORAE1)	L	xlr8d.exe	Related to GridIron Nucleo For digital post production professionals using Adobe® After Effects® on a multi-processor or new multi-core computer
Groove Installer Service	O	GrooveInstallerService.exe	???
GS30s	L	GS30s.exe	Related to Gizmo!_Secure USB flash drive software by Crucial
handle (handle)	X	handle.exe	Added by the SDBOT.CDD WORM! Read the link, rootkit type stealth involved.
Handling the DHCP requests (DHCP Client)	X	dhcpclient.exe	Most likely a W32.Toxbot_variant
Hardware Clock Driver (hwclock)	X	hwclock.exe	Added by the W32/Hwbot-A WORM!
Hardware Detection (Serv-U)	X	svchost.exe	Reported by Kaspersky Anti-Virus as Win32.Serv-U.gen Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This file is found in the System32\drivers\etc\data\ folder.
Hardware Monitor Service (Hardware Monitor)	X	mshms.exe	Added by the Troj/Wollf-A TROJAN!
Hardware Monitoring Program (ADMService)	L	admServ.exe	Related to Avocent Embedded Software and Solutions Division
Harmony	L	RSOBSERV.EXE	Related to Rockwell_Automation Inc. FactoryTalk suite
haxdrv	X	haxdrv.sys	Added by the Troj/Rootkit-U TROJAN! Read the link, rootkit type stealth involved.
hcalway	X	hcalway.sys	Added by the PigSearch Adware. Read the link, rootkit type stealth involved.
hexadecimal (HexadecimaRepresentation)	X	Edit.exe	Added by the W32/Sdbot-AAY WORM! Note: File name may be different. Read the link, rootkit type stealth involved.
HF30Service	L	HF30Service.exe	Related to Lock_Folder Password protection for files, folders, and drives. Note: Located in c:\Program Files\Everstrike Software\Hide Folder 3.1\
hgz	X	Hacker.com.cn.exe	Added by a variant of the Troj/Feutel-CJ TROJAN Note: This worm\trojan is located in C:\%WINDIR%\HgzServer\ Folder.
Hibernation	L	hibserv.exe	Related to Compaq-Hewlett Packard hibernation service.
HICOM LAN Bridge VCapiDrv (vcapidrv)	?	vcapintsvc.exe	Could be related to a new version of HICOM LAN Bridge?
HID Input Service WIN32 (HID_Input_Service_WIN32)	X	msiexecu.exe	Added by the Troj/Raser-AS TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Creates this file SndSystem.sys which acts as a rootkit.
HID Output Service (HODSrv)	X	hpsvc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Horario de Windows	L	services.exe	Spanish Windows 2000 "windows time"
host (host)	X	host.exe	Added by the Troj/GrayBrd-AR TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
host Service For Windows (mshost)	X	mshost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\
Host Services (Host Services)	X	svhosts.exe	Added by the W32/Tilebot-AC WORM! Note: This is not the legitimate Windows process svchost.exe (Notice the difference in the spelling.) This worm\trojan file (svhosts.exe) is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Host Services (Host Services)	X	myhost.exe	Added by the W32/Tilebot-AT WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Hotplug Devices Manager	X	hotplug.exe	Added by the W32.Orpheus.A WORM!
Hotspot Shield Service (HotspotShieldService)	L	openvpnas.exe	Related to Hotspot_Shield helps secure your computer, your anonymity and your online communications when using free wi-fi. Note: Located in C:\Program Files\Hotspot Shield\bin\
Houdini License Client (HoudiniServer)	L	hserver.exe	Related to Houdini_License_Server from Side Effects Software Inc. Note: Located in C:\WINDOWS\system32\
Houdini License Server (HoudiniLicenseServer)	L	sesinetd.exe	Related to Houdini_License_Server from Side Effects Software Inc. Note: Located in C:\WINDOWS\system32\
HP Configuration Interface Service	L	HPConfig.exe	HPConfig Module
HP Hard Drive Thermal	L	HDThermal.exe	Related to Hewlett-Packard company.
HP Insight Event Notifier (CIMnotify)	L	cimntfy.exe	Related to HP products
HP Insight Foundation Agents (CqMgHost)	L	cqmghost.exe	Related to HP products
HP Insight NIC Agent (CpqNicMgmt)	L	cpqnimgt.exe	Related to HP products
HP Insight Server Agents (CqMgServ)	L	cqmgserv.exe	Related to HP products
HP Insight Storage Agents (CqMgStor)	L	cqmgstor.exe	Related to HP products
HP OpenView Trace Service	L	OVTrace.exe	HP OpenView Internet Services
HP Port Resolver	L	hpbpro.exe	Related to Hewlett-Packard Company
HP ProLiant Remote Monitor Service (CpqRcmc)	L	CpqRcmc.exe	Related to HP_ProLiant_Remote_Monitor_Service Note: This file is located in C:\%WINDIR%\
HP ProLiant System Shutdown Service (sysdown)	L	sysdown.exe	Related to HP products
HP RF Device Service	L	HpRfDev.exe	support for HP managing wireless devices
hp service (Hpsys)	X	hpsys.exe	Added by the W32/Codbot-AF WORM! Note: This service has nothing to do with HP. This worm\trojan file is found in the System32 folder.
HP Status	L	hpb2ksrv.exe	Related to Hewlett-Packard Company
HP Status Print	L	hpbhksrv.exe	Related to Hewlett-Packard company.
HP Status Server	L	hpboid.exe	Related to Hewlett-Packard Company
HP System Management Homepage (SysMgmtHp)	L	smhstart.exe	Related to HP products
HP Version Control Agent (cpqvcagent)	L	vcagent.exe	Related to HP products
HP WMI Interface (hpqwmi)	L	HPQWMI.exe	Related to Hewlett-Packard
hpdj	?	hpdj.exe	Maybe HP related? Sits in TEMP folder.
hpdj	L	hpztsb04.exe	Hewlett Packard printer toolbox, sits in taskbar. Path to executable file - %windir%\system32\spool\drivers\w32x86\3\
hpdriver	X	hpdriver.sys	Added by the Troj/Rootkit-AA TROJAN! Note: This trojan file is found in the System32 folder. Read the link, rootkit type stealth involved.
HpPrinter	X	hpserver.exe	Added by the Troj/CmjSpy-W Trojan!
hpqwmiex	L	hpqwmiex.exe	Related to HP_ProtectTools security manager
HPR34K8	X	hpr34k8.sys	Added by the Troj/Rootkit-AA TROJAN! Read the link, rootkit type stealth involved.
HPWirelessMgr	L	HPWirelessMgr.exe	Located in HP Notebook Utilities - guessing for wireless connection.
HTTP SSL (HTTPFilter)	L	lsass.exe	Related to Application_Isolation_Mode_Functions Microsoft IIS 6.0. Note: Located in C:\%WINDIR%\System32\
huapeak	?	huapeak.exe	Unknown origin.
Hummingbird Inetd (HCLInetd)	L	inetd32.exe	Related to Hummingbird Ltd. - http://www.hummingbird.com/
Hummingbird Jconfig Daemon (Jconfigd)	L	jconfigdnt.exe	Related to Hummingbird Ltd. - http://www.hummingbird.com/
HXD Service 100 (HackerDefender100)	X	newka.exe	Virus http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39265
H_Server (H_Server)	X	G_Server.exe	Added by the Troj/GrayBird-W TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
i386p	X	I386P.SYS	Added by the Backdoor.Rustock TROJAN! Found in the System32\drivers folder. Read the link, rootkit type stealth involved.
IAA Event Monitor	L	iaantmon.exe	Intel related
Iap	L	Iap.exe	Related to Dell OpenManage Client Instrumentation.
IBM Automatic Server Restart Executable (ibmasrex)	L	ibmasrex.exe	Unknown owner :Location C:\WINDOWS\system32\ibmasrex.exe Related to IBM servers.
IBM CICS Transaction Gateway (IBMCICSTransactionGateway)	L	CTGSERVICE.EXE	Related to IBM Corp.
IBM CICS Universal Client (CICSClient)	L	cclserv.exe	Related to IBM Corp.
IBM Enterprise Extender (ldlcserv)	L	ldlcserv.exe	Related to IBM Corp. - http://www.anti-spy.info/process/ldlcserv.exe.html
IBM HDD APS Logging Service (TPHDEXLGSVC)	L	TPHDEXLG.EXE	Related to IBM's Active_Protection_System Made by the IBM_Corporation The file associated with this service is located in the System32 folder.
IBM KCU Service	L	TpKmpSVC.exe	related to IBM ThinkPad
IBM Mobility Client DHCP Control (artdhcp)	L	artdhcp.exe	Related to IBM_Mobility_Client DHCP Control Note: Located in C:\Program Files\IBM\Mobility Client\
IBM MQSeries	L	amqsvc.exe	IBM WebSphereÂ® MQ to exchange information across different platforms
IBM PM Service	L	ibmpmsvc.exe	Power management driver for IBM laptops
IBM PSA Access Driver Control	L	PsaSrv.exe	related to Professional Services Automation (PSA) from SharpOWL
IBM Rapid Restore Ultra Service	L	rrpcsb.exe	related to Xpoint Technologies
IBM Trace Facility (TrcBoot)	L	trcboot.exe	Related to IBM Corp.
IBM User Verification Manager	L	uvmserv.exe	Related to IBM_User_Verification_Manager (UVM) secure logon interface. Note: located in C:\Program Files\IBM\Security\
IBM WebSphere Application Server V5 - server1 (IBMWAS5Service - server1)	L	wasservice.exe	Related to IBM WebSpere server.
IBWin Service	L	IBWin Service.exe	Related to IBackUp_for_Windows Backup on character sets other than US/English. Note: Located in C:\Program Files\IBackup For Windows\
iClarityQoSService	L	QosServM.exe	Related to Avaya_IP Softphone. Note: Located in C:\WINDOWS\system32\
ICONICS License Server (GenRegistrar) (GenRegistrar)	L	GenRegistrarServer.exe	Related to ICONICS Inc. Visualization and Automation software products
ICQ Update Service (ICQUPD)	X	kpsf.sys	Detected as Backdoor.HackDefender. Rootkit type stealth involved.
ICRAplus	L	ICRAplus.exe	Related to ICRAplus internet filter, parental control etc. Note: Located in C:\Program Files\ICRAplus\ICRAplus\
icrss manager 32bit (icrss)	X	icrss.exe	Added by the W32/Rbot-FZB WORM! Note: Located in C:\WINDOWS\system\
icservice - ONTRACK Data International, Inc.	L	icserv.exe	Related to SuperAdBlocker
iD2 Smart Card Server (id2scaps)	L	id2scaps.exe	iD2 is a client product that brings security, user authentication and digital signatures to standard Internet browsers by utilising Smart Cards and the client-side of the SSL protocol.
ieupdater (Microsoft IE Updater)	X	ieupdate.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Documents and Settings\user name\Local Settings\Temp\
ieupdater1 (Microsoft IEUpdater1)	X	ie_updater.exe	Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\
ieupdater2 (Microsoft IE Updater2)	X	~tmp0374.exe	Related to a variant of the Malware.IFN.dropper family. Note: Located in C:\Documents and Settings\(user name)...\ Note: filename is random.
ieupdater2 (Microsoft IEUpdater2)	X	ie_updater.exe	Added by the Troj/Bckdr-QGB TROJAN! Note: This Trojan is located in C:\ ROOT folder.
ieupdater21 (Microsoft IEUpdater21)	X	ie_updater.exe	Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\
ieupdater22 (Microsoft IEUpdater22)	X	ie_updater.exe	Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\
iexplorer (iexplorer)	X	iexplorer.exe	Added by the Troj/Singu-U TROJAN! Note: This trojan file is found in the System32 folder
IgniteService.exe	L	IgniteService.exe	Related to Accenture_Media_Viewer
Image Converter video recording monitor for VAIO Entertainment	L	IcVzMon.exe	Related to Sony_VAIO computers.
ImagePath (VGADown)	X	avp.exe	Troj/Maran-AA Read the link, steals information
ImagePath (win32ssr)	X	win32ssr.exe	Added by the W32/Sdbot-AMA WORM! Read the link, rootkit type stealth involved.
IMail FINGER Server (FINGRD32)	L	FINGRD32.exe	Related to Ipswitch Inc. Network Management.
IMail IMAP4 Server (IMAP4D32)	L	IMAP4D32.exe	Related to Ipswitch Inc. Network Management.
IMail LDAP Service (OpenLDAP-slapd)	L	slapd.exe	Related to Ipswitch Inc. Network Management.
IMail Monitor Service (IMONITOR)	L	IMonitor.exe	Related to Ipswitch Inc. Network Management.
IMail POP3 Server (POP3D32)	L	POP3D32.exe	Related to Ipswitch Inc. Network Management.
IMail PWD Server (PSERVE)	L	PSERVE.exe	Related to Ipswitch Inc. Network Management.
IMail Queue Manager Service (QUEUEMGR)	L	queuemgr.exe	Related to Ipswitch Inc. Network Management.
IMail SMTP Server (SMTPD32)	L	smtpd32.exe	Related to Ipswitch Inc. Network Management.
IMail Sys Logger Service (SYSLOGD)	L	SYSLOGD.exe	Related to Ipswitch Inc. Network Management.
IMail Web Calendar Service (IWEBCAL)	L	IWebCal.exe	Related to Ipswitch Inc. Network Management.
IMail Web Service (IWEBMSG)	L	iwebmsg.exe	Related to Ipswitch Inc. Network Management.
IMail WHOIS Server (WHOISD32)	L	WHOISD32.exe	Related to Ipswitch Inc. Network Management.
IMAPI CD-Burning COM Service	L	ImapiRox.exe	IMAPI CD-Burning COM Service
IMAPI CD-Burning COM Service (ImapiService)	L	imapi.exe	Related to recording of CDs.
IMountSRV	L	IMountSRV.exe	Related to Paragon hard_disk_manager
Inbound Distributor Service	L	inbounddistributorservice.exe	Related to Inbound_Logistics
InCD File System	L	InCDsrv.exe	InCD Packet Writer related.
InCD Helper	L	InCDsrv.exe	InCD Packet Writer service from Nero Burning ROM (Ahead Software)
Independent Management Architecture (IMAService)	L	ImaSrv.exe	Related to Citrix MetaFrame
Index Service (b3)	X	dllhost32.exe	Added by the WORM_AGOBOT.CH WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Indexing Helps (Indexingbox)	X	svchest.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More] here
Indexing The System Files (Indexing Service)	X	winupdatez.exe	winupdatez.exe
Indexings Services	X	systen32.exe	Added by a variant of the W32/SDBOT WORM! Note: C:\Program Files\Common Files\Microsoft Shared\MSINFO\
Inicio de sesiÃ³n red	L	lsass.exe	Spanish Windows 2000 net logon
Input Service (Input_Service)	X	msiexecu.exe	Added by a variant of the Troj/Raser-AS TROJAN. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here
Input Virtual Component (AVCMSC)	X	msipsvc.exe	Added by a variant of the SdBot.aad family of TROJAN! Note: Located in C:\%WINDIR%\System32 (XP/WinNT/2K)
Install Driver Manager (Install Driver Table Manager)	X	wpablan.exe	Added by the W32/Sdbot-CWR TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ folder.
InstallDriver Service (ISDS)	X	csscv.exe	Added by the W32/Sdbot-CPL WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
InstallDriver Table Manager	L	IDriverT.exe	Related to Macrovision Corporation.
InstallShield Licensing Service	L	InstallShield Licensing Service.exe	Related to InstallShield_Licensing_Service from Macrovision. Create high-quality software installation engines.
InstantÃ¡as de volumen	L	vssvc.exe	Volume Shadow Copy Service found in Windows XP and 2003.
Instrumental de administraciÃ³e Windows	L	WinMgmt.exe	Spanish Windows 2000 windows management instrumentation
Integrated Multimedia Server	L	ImmsService.exe	Related to Integrated_Multimedia_Server MultiMedia Router from NetGear. Note: Located in C:\Program Files\NETGEAR\MEDIAS~1\
Intel Alert Handler	L	hndlrsvc.exe	Related to Intel Corp.
Intel Alert Originator	L	iao.exe	Related to Intel Corp.
Intel CI Manager	L	CiMgrLdr.exe	Related to Intel Corp.
Intel Client Instrumentation for DMI (ni_nic)	L	ni_nic.exe	Intel Client Instrumentation for DMI
Intel File Transfer	L	xfr.exe	Related to Intel Corp.
Intel IIDS	L	IIDS.exe	Related to Intel Corp.
Intel Local Scheduler Service	L	LOCALSCH.EXE	Part of LANDesk Management Suite.
Intel NCS NetService (NetSvc)	L	NetSvc.exe	Intel NCS NetService
Intel PDS	L	pds.exe	Related to Intel Corp.
Intel QIP Client Service	L	QIPCLNT.EXE	Part of LANDesk Management Suite.
Intel Speedstep Technology	X	intelst.exe	Win32/IRCBot.worm.128512.H
Intel SSM	L	ssm.exe	Related to Intel Corp.
Intel Targeted Multicast	L	tmcsvc.exe	Part of LANDesk Management Suite.
Intel(R) NMS	L	NMSSvc.exe	NIC Management Service - diagnostics program for Intel Pro family network cards
IntelÂ® Active Monitor (imonNT)	L	imonnt.exe	http://www.liutilities.com/products/wintaskspro/processlibrary/imonnt/
IntelÂ® NMS	L	NMSSvc.exe	Related to Intel Corp.
Intel® Alert Service (AlertService)	L	AlertService.exe	Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\CCU\
Intel® Application Tracker (MCLServiceATL)	L	MCLServiceATL.exe	Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\
Intel® Desktop Utilities Service (iHCService)	L	IDUServ.exe	Related to Intel® Desktop_Utilities service from OSA Technologies. Inc. Note: Located in C:\Program Files\Intel\IDU\ NoteNow owned by Avocent_Corporation, http://www.avocent.com/web/en.nsf/Content/04072004-F
Intel® Quick Resume Technology Drivers (ELService)	L	ELService.exe	Related to Intel® _Quick_Resume_Technology Drivers. Note: Located in C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\
Intel® Remoting Service (Remote UI Service)	L	Remote UI Service.exe	Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\
Intel® Software Services Manager (ISSM)	L	ISSM.exe	Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\
Intel® Viiv™ Media Server (M1 Server)	L	mediaserver.exe	Related to Intel® _Alert Service from Intel Corporation. Note: Located in C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\
Interbase Guardian	L	ibguard.exe	Interbase database server related
InterBase InterClient Server	L	interserver.exe	Interbase database server related
InterBase Server	L	ibserver.exe	Interbase database server
Internet Connection Manager	X	(random name).exe	Troj/Agent-ELW
Internet Connection Monitor Engine	L	ICMNT.EXE	User reports that it's for a Home Router from Deerfield Communications www.deerfield.com/
Internet Explorer (Internet Explorer)	X	Internet.exe	Added by the Troj/Feutel-AA TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Internet Proxy	L	InternetProxy.exe	Related to ICRAplus internet filter, parental control etc. Note: Located in C:\Program Files\ICRAplus\ICRAplus\
Internet Service Manager (INETSVC)	X	INETSVC.EXE	Added by the Backdoor.Win32.SdBot.xd detected by Kaspersky More: Here Note: This worm\trojan is located in C:\%WINDIR%\
Internet TCP Protocol (Win_ad)	X	TCPServer.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\wadsys\ (Win9x/Me), C:\%WINDIR%\wadsys\ (XP/WinNT/2K)
internew (internew)	X	system.exe	Added by the Troj/Cmjspy-BN TROJAN!
InterPlot IMF Printer Driver Service	L	pidrpcs.exe	InterPlot device drivers - See Here InterPlot/Overview.htm
Intespention (Win32)	X	IEXPLORE.exe	Added by the W32/Forbot-FL WORM!
Intranet Service (IntranetService)	X	intranet.exe	Owner:Brought to you by the Bandwidth Bandits. Location: C:\WINDOWS\SYSTEM32\intranet.exe
Intuit Entitlement Service v2	L	Intuit.Spc.Map.EntitlementClient.Server.Service.exe	Related to Intuit_Entitlement_Service Installed with Intuit QuickBooks Point Of Sale software. Note: Located in C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\
Intuit QuickBooks FCS (QBFCService)	L	Intuit.QuickBooks.FCS.exe	Part of Intuit QuickBooks software
InVircible Scheduler (IVScheduler)	L	IVSCHED.EXE	Security software package to protect personal computers and PC networks. Owner: NetZ Computing Ltd. Israel. InVircible
iolo DMV Service (ioloDMV)	L	ioloDMVSvc.exe	Part of system mechanic
iolo System Guard	L	IoloSGCtrl.exe	Related to System_Mechanic by Iolo
Iomega Active Disk	L	ADService.exe	Related to Iomega Corporation
Iomega Activity Disk2	L	ActivityDisk.exe	ActivityDisk Iomega Corporation SmartSoft ActivityDisk
Iomega App Services	L	AppServices.exe	Iomega related
IomegaAccess	L	IOMEGAACCESS.EXE	related to Iomega Backup
ION Java Daemon 2.0	L	ion_srv.exe	Related to ITT_Visual_Information_Solutions ION Script is a powerful tool for creating Web-based IDL visualization and analysis applications. Note: Located in C:\Program Files\RSI\IDL60\products\ion20\ion_java\bin\
ION Java Daemon 6.1	L	ion_srv.exe	Related to ITT_Visual_Information_Solutions ION Script is a powerful tool for creating Web-based IDL visualization and analysis applications. Note: Located in C:\Program Files\RSI\IDL61\products\ion61\ion_java\bin\
Ip4Sec (Ip4Sec)	X	ip.sys	Added by the Satiloler.E TROJAN! Read the link, rootkit type stealth involved.
Ip6Fw	X	ip6fw.sys	Troj/Agent-ELV
iPAHelper.exe	L	iPAHelper.exe	Related to iPod_Access for Windows. Note: Located in C:\Program Files\iPod Access for Windows\
iPassConnectEngine	L	iPassConnectEngine.exe	Related to iPassConnect Universal Client. iPass addresses the needs of both users and IT by making safe, simple and effective network access a reality, no matter where end users are located. Note: Located in C:\Program Files\iPass\iPassConnect iRAS\
iPod Service	L	iPodService.exe	Related to Apple iPod.
iPodSrv	L	iPodSrv.exe	Related to iPod Apple software. Note: located in C:\Program Files\iPod\bin\ in Windows 2000/XP/2003.
IPODT1000 (ssipod1)		ssipod1.sys	Troj/Goldun-FI
IPRIP	X	ipripst.dll	Detected as W32/Mofei-V Located in \ipripst.dll
IPRIP (IPRIP)	X	svchost.exe -k netsvcs	Added by the Backdoor.Ripgof TROJAN! Read the link, rootkit type stealth involved.
IPS Core Service (IPSSVC)	L	IPSSVC.EXE	A VPN client service found in Lenovo Thinkpad. Note: located in C:\WINDOWS\system32\
Ipswitch WS_FTP Queue (ftpqueue)	L	ftpsched.exe	Related to Part of WS_FTP Pro from Ipswitch. Note: Located in C:\Program Files\WS_FTP Pro\
Ipswitch WS_FTP Service (iFtpSvc)	L	iFtpSvc.exe	Related to Ipswitch_WS_FTP The main exe file of WS-FTP server. Note: Located in C:\iFtpSvc\
IPtable	X	ipconfig32.exe	Added by the W32/Tilebot-AP WORM! Note: This worm file is found in the Windows or Winnt folder.
IPv6 Helper Driver	X	csass.exe	Added by the AGOBOT.TC WORM!
IPX/SPX (NWLink)	X	usbmini.sys	Troj/Proxy-CY Note: Located in %windir%\system32\drivers Read the link, allows remote access
IrBridge User-Level Interface (USRBRIDG)	L	usrbridg.exe	Related to the Extended Systems infrared port, made by Extended_Systems Inc. This file should be located in the Windows\System32\ or Winnt\System32 folder.
ISAM SMT Service (ISAMsmt)	L	isamsmt.exe	Related to IBM Global Services - http://www.anti-spy.info/process/isamsmt.exe.html
iSeries Access for Windows Remote Command (Cwbrxd)	L	CWBRXD.EXE	Related to IBM Corporation. http://www.ibm.com/
ISEXEng	X	angelex.exe	Bargain Buddy variant
ISP Ampi Service	X	isampi.exe	Added by the W32/Tilebot-JJ WORM! Note: This worm is located in C:\%WINDIR%\ Read the link, allows remote access
ISSI EZUpdate (ISSIMon)	L	issimsvc.exe	Related to Ibm_Global_Services Used internally by IBM for automatic updating of software and microsoft patching Note: Located in c:\sdwork\
ISSvc	L	ISSVC.exe	Related to Norton Internet Security
Italian Grand Prix	X	grand.exe	Added by the W32/Spybot-MK WORM! Note: C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
iTunes Music Service (iTunesMusic)	X	iTunesMusic.exe	Added by W32.Spybot.NLX WORM! Rootkit Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
IWin service	X	iwinapp.exe	Added by a variant of the Trojan/Backdoor TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Ixia Endpoint (IxiaEndpoint)	L	endpoint.exe	Added by Ixia_Endpoint Note: Located in C:\PROGRA~1\NetIQ\Endpoint\
Jaguar	L	jagsrv.exe	Related to Sybase_EAServer Note: Located in C:\Sybase\EAServer\bin\
Java development Services	X	logins32.exe	Added by the W32/Tilebot-HC WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Steal information from Protected Storage
Java development Services	X	windows.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Java inetice	X	realetin.exe	Added by the Troj/Bckdr-PQM TROJAN! Note: This worm\trojan is located in C:\Program Files\Common Files\Microsoft Shared\MSINFO\
Java Sun Scheduler (JUSCHED)	X	jusched.exe	Added by the W32/Sdbot-CQC WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. More here
JavaPlatform64	X	JavaPlatform	Added by the W32/Kassbot-M WORM! Note: Located in C:\%WINDIR%\
JiurlPortHide (JiurlPortHide)	X	JiurlPortHide.sys	Added by the Troj/Progent-A TROJAN!
jsdaemon	L	jsdaemon.exe	Related to fax service from JetFax Inc.
Juniper Network Connect Service (dsNcService)	L	dsNcService.exe	Related to Juniper Networks Inc. Networking Platform.
K4NV	X	k4nv.exe	Added by a variant of the Trojan.K4NV.Process WORM! Note: located in C:\WINDOWS\k4nv.exe
K9 Time Synchronization	L	k9nt.exe	Related to HC Mingham-Smith Limited http://www.kaska.demon.co.uk/history.htm
Kaseya Agent	L	AgentMon.exe	Related to Kaseya Inc.
Kaspersky Anti-Virus 6.0 (AVP)	L	avp.exe	Related to Kaspersky_Anti-Virus Note: Located in C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\
Kaspersky Anti-Virus Service (KLBLMain)	L	kavmm.exe	Related to Kaspersky virus removal program.
KAV Monitor Service	L	avpm.exe	Kaspersky AntiVirus
kavsvc	L	kavsvc.exe	Kaspersky AntiVirus
kbdrv64	X	KBDRV64.SYS	Added by the TROJ_ROOTKIT.K TROJAN! Read the link, rootkit type stealth involved.
kdc	X	svchost.exe -k kdc	Added by the Fuwudoor TROJAN!
Kerberos Key Transaction Coordinator (kerbkey)	L	kerb.exe	Verify one computer's identity to another and to set up encryption keys for a secure connection between them. http://www.computerworld.com.au/index.php/id;886626422;fp;512;fpid;6860893
Kerio MailServer (KerioMailServer)	L	mailserver.exe	Related to Kerio_MailServer Note: Located in C:\Program Files\Kerio\MailServer\
Kerio Personal Firewall	L	persfw.exe	Kerio Firewall
Kerio Personal Firewall 4 (KPF4)	L	kpf4ss.exe	Related to Kerio Personal FireWall.
Kernell32	X	termsv.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Keyboard Service System Files (Keyboard Service)	X	navupdate64.exe	Added by a variant of the WIN32.RBOT WORM! Note: This worm file is found in the System32 folder.
Kingsoft Antivirus KWatch Service (KWatchSvc)	L	KWatch.EXE	Related to Kingsoft_Antivirus virus protection and content filtering. Note: located in C:\KAV***\ [ = 4 digits representing the year.]
Kingsoft Personal Firewall Service (KPfwSvc)	L	KPfwSvc.EXE	Related to Kingsoft_Antivirus virus protection and content filtering. Note: located in C:\KAV***\ [ = 4 digits representing the year.]
kingxxx	X	svchost.exe	Troj/PWS-ACY , http://www.sophos.com/security/analyses/trojpwsacy.html Note: Located in %programfiles%\windows media player
Knob Service (KNOBSERV)	L	KnobService.exe	File belongs to Acer_Inc
Kodak Camera Connection Software	L	KodakCCS.exe	Kodak Software to connect digital cameras
konfig	L	mcp.exe	Transbase® CD, http://www.transaction.de/ permits the distribution of data base contents on CD/DVD ROM and a following actualization of the data over the Web to Transbase® CD unites in ideal way variable and static data. Note: Located in c:\opt\MBCASE\pm\bin
KONICA MINOLTA PageScope Net Care (PageScope Net Care Service)	L	JavaService.exe	Related to KONICA_MINOLTA_PageScope a client-server network printer management utility included with all KONICA MINOLTA printers. Note: Located in C:\Program Files\KONICA MINOLTA\PageScope Net Care\
KSD2Service	X	ravsvc.exe	Win-Trojan/Downloader.8804
KSD2Service	X	notaped.exe	Troj/DownLd-ABB
KSD2Service	X	WINL0GON.exe	Troj/Dloadr-AXH
KService	?	KService.exe	Added by KService It's part of a peer to peer package people agree to when signing up with 'Sky By Broadband' but it seems to be causing afew concerns over bandwidth use, the recurring issue when this is in logs is slow speeds, it doesnt uninstall when you remove Sky By Broadband and does not have a Add/Remove screen entry but it is a genuine service as Sky clearly state what it is on their site and in the terms and conditions. Removal Application provided by Sky READ_THE_INSTRUCTIONS Note: Located in C:\Program Files\KService\
KService	L	KService.exe	"Kontiki Delivery Management System" The Kontiki Delivery Management System (DMS) is a secure delivery network for distribution of video, software, audio, documents, and other digital media. The Kontiki DMS enables enterprises to efficiently publish, secure, deliver and track digital media to employees, partners, and customers" NoteLocated in C:\Program Files\Kontiki
LANDesk Remote Control Service (ISSUSER)	L	issuser.exe	Related to LANDesk_Remote_Control Service. Note: Located in C:\Program Files\LANDesk\LDClient\
LANDesk® Management Agent	L	residentagent.exe	Part of LANDesk Management Suite.
lanmandrv	X	lanmandrv.sys	Troj/Agent-ELF
LanSafe Power Monitor (LanSafe PM)	L	PowerMonitor.exe	Related to LanSafe_Power_Monitor from Powerware. Uninterruptible Power Supply Note: Located in C:\Program Files\Powerware\LanSafe\Bin\
LanSafe Process Manager	L	xyntservice.exe	Related to LanSafe_Process_Manager from Powerware. Uninterruptible Power Supply Note: Located in C:\Program Files\Powerware\LanSafe\Bin\
Lavasoft Personal Firewall Service (LavasoftFirewall)	L	lpfw.exe	Related to Lavasoft_Personal_Firewall service. Note: Located in C:\Program Files\Lavasoft\Personal Firewall\
LckFldService	?	LckFldService.exe	? Could be related Proland Software. ? - http://www.pspl.com/
LCS	L	lcs.exe	Related to 3Com Wireless USB Utility Located in C:\Program Files\3COM Technology Corporation
LEC TranslateDotNet Server	L	LogoMedia TranslateDotNet Server.exe	Translates email, web pages, documents and instant messages. Made by the Language Engineering Company, for more information Click_Here File location is in the Program Files\Power Translator folder.
Leica Microsystems Data Container V1	L	LMSDataContainerServer.exe	Related to Leica_Microsystems Now Vistec_Semiconductor_Systems advanced technologies in optics.
Lexar JD31 (LxrJD31s)	L	LxrJD31s.exe	Lexar "JumpDrive" driver. From Lexar_Media_Inc
Lexar Secure II (LxrSII1s)	L	LxrSII1s.exe	Related to Lexar_Media Inc. removable flash memory cards, USB flash drives, card readers etc...
Lexar SG20	L	LxrSG20s.exe	Related to Lexar_Media Inc. Lexar offers a wide range of storage products. Note: Located in C:\WINDOWS\SYSTEM32\
LexBce Server	L	LEXBCES.EXE	Lexmark Printer Service
LibUsb-Win32 - Daemon, Version 0.1.8.0	L	libusbd-nt.exe	LibUsb open-source USB driver
LicCtrl Service	L	runservice.exe	Part of the eLicense Copy Protection scheme employed by some software and games. (Castlecops Startup List)
License Agent	L	cla.exe	License Agent for the HiPath 1220 digital PBX system from Siemens. For more information Click_Here File location is in the Program Files\Licensing\License Agent\bin folder.
License Management (CLMTomcatStarterSvc)	L	tomcat.exe	Related to Apache_Tomcat Owner: Alexandria Software Consulting.
License Management Service ESD	L	Licence Manager ESD.exe	Related to the Licence_Manager_ESD.exe is the element5 License Management Service, used by some software for license checking and management. Leave it alone to ensure the software installed on your computer working properly. Note: located in C:\Program Files\Common Files\element5 Shared\Service\
LicenseManagerSocket	L	LicenseManagerSocket.exe	Related to UIC License Manager a propriatiry Sofstware. Used to activate a software on customer computers for a specified length of time. Note: Located in C:\Program Files\Universal Instruments\License Manager\
LightScribeService Direct Disc Labeling Service (LightScribeService)	L	LSSrvc.exe	LightScribe related to Hewlett Packard
LiveShare P2P Server	L	RoxLiveShare.exe	Related to Roxio_Inc
LiveShare P2P Server 9 (RoxLiveShare9)	L	RoxLiveShare9.exe	Related to Roxio_Inc
LiveUpdate	L	LUCOMS~1.EXE	Related to Norton Internet securty suite and provides up to date antivirus data for your Norton Anti-virus product. (Filename is LUCOMSERVER.EXE, or LUCOMSERVER_2_5.EXE)
LiveUpdate Notice Service	L	PIFSvc.exe	Related to LiveUpdate_Notice_Service from Symantec Note: Located in C:\Program Files\Common Files\Symantec Shared\PIF\
LmHosts	X	svchost.exe -k LmHosts	Added by the Fuwudoor TROJAN!
LMMng (memlow)	X	memlow.sys	Added by the Troj/Haxdoor-AA TROJAN!
Loading Outpost Connections	X	cmdtel.exe	Win32.Bagz.i email virus
Local Network Service (algs)	X	gettfo.exe	Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. The filename can be different
Local Security Authority Server (LSaServ)	X	lsasrv.exe	Detected as W32/Hupigon.gen76 by F-Secure Note: Located in %windir%\cursors
Local Security Authority Subsystem Library (LSA Server)	X	lsasrv.exe	Added by the Win32/Amahkey.F TROJAN! Note: This trojan is located in C:\%WINDIR%\
Local Security Authority Subsystem Service (lsass)	X	lsass.exe	Added by the W32/Tilebot-AK or W32.Spybot.ABDO WORM! Note: This is not the legitimate Windows process lsass.exe (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder.
Local Security Authority System Service (lsass)	X	lsass.exe	Added by the W32/Rbot-AJA WORM! Note: This is not the legitimate Windows process lsass.exe (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Local Security Policy (Windows Local Security Policy)	X	wpablan.exe	Unidentified SDbot, probable variant of "W32/Sdbot-CWR".
Local Service (LocalSystem)	X	chfmon.exe	Added by the W32/Agobot-AIM WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Read the link, allows remote access, steal information ...
Logical Disk Manager Administrative Service	L	dmadmin.exe	Veritas logical disk manager
Logitech (Logitech Checker)	X	logitech.exe	Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder
Logitech Bluetooth Service (LBTServ)	L	LBTSERV.EXE	Related to bluetooth products from Logitech
Logitech MM50 Kernel Drivers	X	mm50krnl.exe	W32/Spybot-NT Read the link, allows remote access
Logitech Process Monitor (LVPrcSrv)	L	LVPrcSrv.exe	Related to Logitech QuickCam Provides additional configuration options for these devices.
LogMeIn	L	LogMeIn.exe	Related to LogMeIn LogMeIn Rescue is used by IT helpdesks to provide instant remote support to customers and employees. Note: located in C:\Program Files\LogMeIn\
Logon Process (WinLogon)	X	winlogon.exe	Added by a the Win32.IRCBot.zx Spyware WORM! a variant of the W32/IRCBot-UN Note: This worm\trojan is located in C:\%WINDIR%\
LOGON suport service	X	IES4SERVICE.SYS	Added by the Goldun.G TROJAN! Note: This trojan file is found in the System32 folder.
Logon Task Manager	X	symon.exe	Added by the Worm_Ircbot_Gen TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Logon Terminal Manager	X	spoolsc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
LogonSvc (LogonSvcID)	L	logonsvc.exe	Related to E-Pop web conferencing Note: Located in C:\Program Files\E-Pop\
Lookout Citadel Server (LkCitadelServer)	L	lkcitdl.exe	Related to Lookout_Citadel_Server From National Instruments, Inc. Note: Located in C:\WINDOWS\system32\
Lotus Notes Single Logon	L	nslsvice.exe	IBM Lotus Notes Single Logon Service - http://www.anti-spy.info/process/nslsvice.exe.html
Lpdriver (Lpdriver)	X	lpdriver.sys	Added by the W32/Tilebot-H or W32/Sdbot-ADG WORM! Note: This worm file is found in the System32 folder.
LSA Server	X	lsasrv.exe	Win32/IrmBot.worm.215040 Note: Located in %windir%
LSA Shel (Export Version)	X	lsass.exe	Added by the W32/Tilebot-HQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
LSA Shell Export-Version	X	lsass.exe	Added by the W32/Tilebot-IU WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
lsass (lsass)	X	lsass.exe	Added by the W32/Rbot-AIC WORM! Note: This is not the legitimate Windows process. (Which is always found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
lsass (Workstations)	X	autoexec.exe	Added by the W32/Sdbot-AFN WORM! Note: This worm file is found in the System32 folder.
LsassFTP daemon (LsassFTPD)	X	LsassFtpd.exe	Added by the SDBOT.CDW WORM! Read the link, rootkit type stealth involved.
LsassFTPzz daemon (LsassFTPDzz)	X	LsassFtpdz.exe	Added by the W32/Rbot-ARL WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Lsdiorw	L	lsdiorw.exe	Part of macdisk
LVSrvLauncher	L	SrvLnch.exe	Related to Logitech products
LWWLicenseService	L	LWWLicenseService.exe	Related to Wolters_Kluwer The Professional's First Choice for information, tools and solutions that help professionals make their most critical decisions. Note: located in C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\
lxbs_device	L	lxbscoms.exe	Related to LXB_Device LXB provides, secure backup.
lxbt_device	L	lxbtcoms.exe	Lexmark International services. http://www.lexmark.com/
lxbu_device	L	lxbucoms.exe	Related to Lexmark Printers. Provides additional configuration options for these devices
lxbx_device	L	lxbxcoms.exe	Related to Lexmark International, Inc Printer service. Note: located in C:\WINDOWS\System32\
lxby_device	L	lxbycoms.exe	Related to Lexmark Printer service. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
lxcc_device	L	lxcccoms.exe	Related to Lexmark International, inc. Communication module for Lexmark products. Disabling will cause loss of functionality.
lxcd_device	L	lxcdcoms.exe	Related to Lexmar Lexmark International, Inc. Printers Note: Located in C:\WINDOWS\System32\
lxce_device	L	lxcecoms.exe	Related to Lexmark, Inc. printers
lxcf_device	L	lxcfcoms.exe	Lexmark printer related
LXCGCustomerConnect	L	LXCGserv.exe	Related to Lexmark_Inkjet_printer Spool driver. Note: Located in C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
lxcg_device	L	lxcgcoms.exe	Related to Lexmark printer
lxcr_device	L	lxcrcoms.exe	Related to Lexmark 2400 series printer monitor software. Disabling will cause loss of functionality. Note: Located in C:\Program Files\Lexmark 2400 Series\
lxct_device	L	lxctcoms.exe	Related to Lexmark_International and its printer services. red]Note: Located in C:\WINDOWS\SYSTEM32\
Lync USB Auditor Service (LyncUSBServ)	L	lyncusb.exe	Related to Lync_USB A toolkit that delivers an integrated removable media device discovery and auditing solution for enterprise IT management applications.
M-Audio CMIDI Installer (MA_CMIDI_InstallerService)	L	MA_CMIDI_Inst.exe	Related to M-Audio_CMIDI Installer from Avid Technology, inc. Note: Located in C:\Program Files\M-Audio MA_CMIDI\
M-Audio Fast Track Installer (FastTrackInstallerService)	L	MAUSBFTInst.exe	Related to M-Audio_Fast_Track Installer from Avid Technology, inc. Note: Located in C:\Program Files\M-Audio\Fast Track USB\
M-Audio Ozone Installer (OzoneInstallerService)	L	ozinst.exe	Related to M-Audio_Ozone products. Note: Located in C:\Program Files\M-Audio\Ozone\Install\
M-BUS/M-NET Administration (MCONTROL)	L	mcontrol.exe	Related to Siemens Energy & Automation Platform. Note: located in C:\Program Files\ProcessSuite\MBUSDRVR\
M1 Licensing Helper (iLicenseSvc)	L	iLicenseSvc.exe	Related to Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\WINDOWS\Intellution\
mac128	X	mac128.sys	Added by the Troj/Klutz-A Trojan!
MacFormatService	L	FORMATM.EXE	Related to Conversions Plus from DataViz
Machine Debug Manager (MDM)	L	mdm.exe	Visual studio debuger, if you install vs2003, mdm.exe is found in c:/program files/common files/microsoft shared/vs7debug For more info Click_Here
Macromedia Licensing Service	L	Macromedia Licensing.exe	Related to Macromedia products: Flash, Dreamweaver, etc.
Macromedia Updater (mmupdate)	X	19D.tmp".exe	Added by a variant of the Win32.Small.oa TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\TEMP\ The filename is randum in the format xxxx.tmp".exe
MagicTuneEngine	L	MagicTuneEngine.exe	Related to MagicTune_Engine from Samsung. Magic Tune Premium is an update of MagicTune 3.6 for Samsung monitors. Note: Located in C:\Program Files\MagicTune Premium\
Mailgate Mail/Proxy Service	L	mgatesvc.exe	Mailgate Internet Connectivity Server
Manageer Network Connections	X	telcmd.exe	BAD - Look how manager is spelled.
Manageer Network Connections (Kern32)	X	telcmd.exe	A new service added by the Troj/Agent-CP TROJAN, with a display name of Manageer Network Connections.
Manager (Windows XP Manager)	X	msnmgr.exe	Added by the W32/Kassbot-L Read the link, rootkit type stealth involved.
Managing FAT and NTFS partitions (Defragmentation Manage)	X	dfrgfat16.exe	Added by the W32/Codbot-N WORM!
Mangomind Drive Repair (MindRepair)	L	dirtcon.exe	Related to Mangomind access your business critical files from anywhere, at any time, from any computer. Note: Located in C:\Program Files\Mango\Mind\Utilities\
mapi Helper	L	ImapiHelper.exe	ISO recorder
MarkVision Server (MvServer)	L	lexmvservice.exe	Related to MarkVison_Server From Lexmar. Note: Located in C:\WINDOWS\SYSTEM32\
MarkVision Web Server (MvWebServer)	L	lexwebservice.exe	Related to MarkVison_Server From Lexmar. Note: Located in C:\WINDOWS\SYSTEM32\
Mass Effect(TM) Xbox 360	X	mfxbox.exe	W32/Spybot-MS Read the link, allows remote access
Mass Effect™ Xbox 360	X	mfxbox.exe	Added by the W32/Spybot-MS WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling the automatic startup of other software
MATLAB Server (matlabserver)	L	matlabserver.exe	Related to The MathWorks Inc.
MaxBackServiceInt	L	MaxBackServiceInt.exe	Related to Maxtor_backup service. Note: Located in C:\Program\Maxtor\Maxtor Backup\
MaxSyncService (NTService1)	L	SyncServices.exe	Related to Maxtor_OneTouch service. Note: Located in C:\Program\Maxtor\OneTouch\Utils\
Maxtor Performance Analysis Tool	X	winrcn.exe	Troj/IRCBot-VY Read the link, allows remote access
Maya 6 PLE Documentation Server	L	wrapper.exe	Related to Alias Systems Corp.
MBackMonitor	L	MBackMonitor.exe	Mcafee related
MC/Empower i.collect	L	icserv.exe	an internet cleaning utility issued by various ISP's for their customers use
McAfee Agent	L	myAgtSvc.exe	Related to Network Associates, Inc.
McAfee Alert Manager (AlertManager)	L	amgrsrvc.exe	Related to McAfee_Alert_Manager , http://www.mcafee.com/ deals with alert management. Note: Located in C:\Program Files\Network Associates\Alert Manager\
McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware)	L	Msssrv.exe	Related to Network Associates, Inc.
McAfee AntiSpyware Service	L	massrv.exe	Related to McAfee AntiSpyware service.
McAfee Application Installer Cleanup	?	012703~1.EXE	Appears to be related to a mcafee uninstaller, if it is still present after a reboot, it should be removed
McAfee Desktop Firewall Service (FireSvc)	L	FireSvc.exe	Related to McAfee Desktop Firewall Service. Note: located in C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\
McAfee E-mail Proxy (Emproxy)	L	emproxy.exe	Related to McAfee_Email_Proxy c:\program files\common files\mcafee\EmProxy\
McAfee Firewall	L	CPD.EXE	Related to Network Associates
McAfee Framework Service (McAfeeFramework)	L	FrameworkService.exe	McAfee/CA related
McAfee HackerWatch Service	L	HWAPI.exe	Related to McAfee_HackerWach Service installed by the McAfee Internet Security suite and whose role is to update the HackerWatch.org website with any suspected hacker attack which you decide to report to the HackerWatch service run by McAfee. Down to end-user preference. Note, however, that this service, introduced in mid-2006, has a tendency to gobble up memory on some PCs, from 30Mb to 50Mb. Read the recommandations. Note: Located in C:\Program Files\Common Files\McAfee\HackerWatch\
McAfee Log Manager (McLogManagerService)	L	mclogsrv.exe	Related to McAfee_SecurityCenter Log Manager. Note: Located in C:\Program Files\McAfee\MSC\
McAfee Network Agent (McNASvc)	L	mcnasvc.exe	Related to McAfee_Network_Agent Note: Located in c:\program files\common files\mcafee\mna\
McAfee Personal Firewall Service (MpfService)	L	MPFSrv.exe	Related to McAfee_Personal_Firewall Service. Note: Located in C:\Program Files\McAfee\MPF\
McAfee Privacy Service (GuardDogEXE)	L	GUARDDOG.EXE	Belongs to the software McAfee Internet Security or McAfee Privacy Service. For more information Click_Here
McAfee Privacy Service (MPS9)	L	mps.exe	Related to McAfee_Privacy_Service Includes many features for families online including Internet content filtering, blocking personal information from being sent, an event log, and Internet time limits. Note: Located in C:\Program Files\McAfee\MPS\
McAfee Protection Manager (mcpromgr)	L	mcpromgr.exe	Related to McAfee_Integrated_Security Platform. Note: Located in C:\Program Files\McAfee\MSC\
McAfee Proxy Service (McProxy)	L	mcproxy.exe	Related to McAfee Proxy Service Note: Located in c:\Program Files\COMMON~1\mcafee\mcproxy\
McAfee Real-time Scanner (McShield)	L	mcshield.exe	Related to McAfee_Virus_Shield Note: Located in C:\Program Files\McAfee\VIRUSSCAN\
McAfee Redirector Service (McRedirector)	L	redirsvc.exe	Related to McAfee_Redirector Service Module. Note: Located in c:\program files\common files\mcafee\redirsvc\
McAfee Scanner (McODS)	L	mcods.exe	Related to McAfee_VirusScan On Demand Scan. Note: Located in C:\Program Files\McAfee\VIRUSSCAN\
McAfee SecurityCenter Update Manager	L	mcupdmgr.exe	McAfee Antivirus updater
McAfee SecurityCenter Update Manager (mcupdmgr.exe)	L	mcupdmgr.exe	McAfee Update manager - http://castlecops.com/s5681-MCUPDMGR_EXE.html
McAfee Services (mcmscsvc)	L	mcmscsvc.exe	Related to mcafee
McAfee SpamKiller Server (MskService)	L	MSKSrvr.exe	Part of McAfee Spamkiller. http://computercops.biz/s6154-MSKSrvr_exe.html
McAfee SpamKiller Service (MSK80Service)	L	MskSrver.exe	Related to McAfee SpamKiller Note: Located in C:\Program Files\McAfee\MSK\
McAfee SystemGuards (McSysmon)	L	mcsysmon.exe	Related to McAfee_SystemGuards Service. Note: Located in C:\Program Files\McAfee\VIRUSSCAN\
McAfee Task Scheduler (McTskshd.exe)	L	mctskshd.exe	Related to McAfee_Task_Scheduler Note: Located in C:\Program Files\McAfee\MSC\
McAfee Update Manager (mcmispupdmgr)	L	mcupdmgr.exe	Related to McAfee_SecurityCenter Update Manager. Note: Located in C:\Program Files\McAfee\MSC\
McAfee User Manager (mcusrmgr)	L	mcusrmgr.exe	Related to McAfee_SecurityCenter MISP User Manager. Note: Located in C:\Program Files\McAfee\MSC\
McAfee Wireless Security Service (MwlSvc)	L	MwlSvc.exe	Related to McAfee_Wireless_Security_Service Note: located in C:\PROGRA~1\McAfee\MWL\
McAfee WSC Integration (McDetect.exe)	L	mcdetect.exe	Related to McAfee WSC Integration.
McAfee.com McShield	L	mcshield.exe	Related to McAfee
McAfee.com Personal Firewall Service	L	MPFSERVICE.exe	Related to McAfee.com Personal Firewall
McAfee.com VirusScan Online Realtime Engine	L	mcvsrte.exe	McAfee AntiVirus
MCFservice (mcfdrv)	X	mcfdrv.sys	Added by the TROJ_ROOTKIT.R TROJAN! Read the link, rootkit type stealth involved.
mchInjDrv	X	mc2A.tmp	Added by the Dialer.ICcontrol DIALER! Note: This malware can make the modem dials long-distance phone numbers that were not configured in the system. This malware file can be found in the Documents and Settings\[CURRENT USER]\Local Settings\Temp folder.
mcmmng32 (Microsoft Control Manager)	X	mcmmng32.exe	Added by the W32/Tilebot-HK WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. disabling the automatic startup of other software
mcp	L	mcp.exe	Transbase® CD, http://www.transaction.de/ permits the distribution of data base contents on CD/DVD ROM and a following actualization of the data over the Web to Transbase® CD unites in ideal way variable and static data. Note: Located in c:\opt\MBCASE\pm\bin\mcp
McShield	L	Mcshield.exe	this process is associated with McAfee's Internet Security suite. More specifically, it is essential to the Antivirus software and should not be removed
MD Simple Burner Service (NetMDSB)	L	NetMDSB.exe	Sony Corp. MiniDisk Simple Burner
MDaemon - Alt-N Technologies, Ltd.	L	MDAEMON.EXE	Related to MDaemon,a Windows-based email server.
MdeRy	X	rpe.sys	Added by the Backdoor.Ryejet TROJAN! Read the link, rootkit type stealth involved.
MEAOI Service (MEAOI)	X	_meaoi.exe	Added by the W32/Tilebot-AM WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
media playr (mediaply)	X	mediaply32.exe	Added by a variant of the IRCbot family of worms and IRC backdoors. Note: located in C:\%WINDIR%\
Mediabee (Mediabee Desktop Server)	L	MbXmlRpcServer.exe	Related to Mediabee Group Planner & Dashboard
MediaMax XL Service (MediaMaxXLService)	L	MediaMaxXLService.exe	Related to MediaMax_XL from Streamload, Inc. An application that automatically backs up your files and syncs files between computers. Note: Located in C:\Program Files\Streamload\MediaMax XL\
Medie Sariel Number Services	X	moviemk.exe	Added by the Troj/DownLd-AAP TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
MemDRV (vdnt32)	X	vdnt32.sys	Added by the Troj/Haxdoor-AA TROJAN!
Memeo (BMUService)	L	MemeoService.exe	Related to Memeo backup service. Note: Located in C:\Program Files\Tanagra\Memeo\
Memorex Network Analysis Tool	X	winsntp.exe	Added by the W32/Vanebot-AT WORM! Note: This worm is located in C:\%WINDIR%\dllcache\
Memory Check Service (AcerMemUsageCheckService)	L	MemCheck.exe	Found on Acer laptops
mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32)	L	raysat_3dsmax9_32server.exe	Related to Autodesk_3ds_Max_9_3D_animation Create rich and complex design visualization. Note: Located in D:\3dsMax9\mentalray\satellite\
Merak Mail Server Control (MerakControl)	L	control.exe	Related to Merak_Mail_Server Software. A high performance mail server software suite for Windows or Linux
Merak Mail Server POP3/IMAP (MerakPOP3)	L	pop3.exe	Related to Merak_Mail_Server Software. A high performance mail server software suite for Windows or Linux
Merak Mail Server SMTP (MerakSMTP)	L	smtp.exe	Related to Merak_Mail_Server Software. A high performance mail server software suite for Windows or Linux
MERANT XDB Server for NX 3.1	L	xsrvnx.exe	Related to SERENA Software, Inc. - http://www.serena.com/
Messaging Application Programming Interface (Mapi)	X	mapi.exe	Added by the W32/Sdbot-DFC Worm Read the link, allows remote access
Messenger	X	svchost.exe -k Messenger	Added by the Fuwudoor TROJAN!
Messenger	X	kernel32.exe	Added by the Troj/Kyth-A TROJAN! Note: Replaces any existing services named Messenger.
Messenger	X	sys.exe	Added by the Troj/PcClient-H TROJAN! Note: This worm\trojan file is found in the System32 folder.
Messenger	X	KB08953265.exe	Added by the Esteems.F TROJAN! Note: Drops multiple files.
Messenger (Messenger)	X	(TROJAN FILE NAME)	Added by the Trojan.Neasemal TROJAN! Note: This trojan file will be found in the System32 folder and may have one of the following file extensions: .kop or .del or .axs
Messenger (Messenger)	X	hacker.exe	Added by the Troj/PcClient-M TROJAN! Note: This trojan file is found in the System32 and Temp folders.
Messenger Sharing Folders USN Journal Reader service (usnjsvc)	L	usnsvc.exe	Related to Messenger_Sharing_Folders_USN_Journal Reader service from Microsoft. Note: Located in C:\Program Files\MSN Messenger\
MetaFrame COM Server (MFCom)	L	mfcom.exe	Related to Citrix MetaFrame
MGABGEXE	L	mgabg.exe	Matrox BIOS Guard. What does it do and is it required?
MGACtrl	L	mgasc.exe	Related to products from Matrox graphics
MgiSvr	L	uMgiSvr.exe	Related to Magic-i from ArcSoft A powerful webcam application designed to enhance users' video chat experience. Note: Located in C:\Program Files\ArcSoft\Magic-i 3\
MICR0SOFT SVCH0ST (MS_SVCH0ST)	X	SVCH0ST.EXE	Detected by BitDefender as Trojan.Spy.Agent.PV
Microsoft Agent	X	rschost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K)
Microsoft Agent	X	snchost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) More: here
Microsoft Agent	X	ffchost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: Located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Microsoft Agent	X	lpohost.exe	Added by the W32/Sdbot-CWQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Microsoft Agent	X	qxchost.exe	Added by the W32/Sdbot-CWP WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Microsoft Agent	X	lkmhost.exe	W32/Vanebot-AD Note: Located in %windir%\system32\dllcache Read the link, allows remote access
Microsoft Agent	X	xnchost.exe	Added by an unidentified TROJAN! of the Sdbot family.
Microsoft Agent	X	ppchost.exe	Added by a variant of the W32/Sdbot-CYE WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Microsoft Agent	X	suchost.exe	W32/Sdbot-DDD Read the link, allows remote access
Microsoft AntiSpyware (Beta 1)	L	gcasDtServ.exe	Microsoft AntiSpyware Data Service
Microsoft AntiSpyware (Beta 1)	L	gcasServ.exe	Microsoft AntiSpyware Service
Microsoft AntiSpyware (Beta 1)	L	GIANTAntiSpywareMain.exe	Microsoft AntiSpyware Main
Microsoft Apache for Windows (Windows Apache Service)	X	wpablin.exe	Added by the W32/Tilebot-IL WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder
Microsoft ASPI Manager (aspi113210)	X	aspi113210.exe	Added by the Troj/Danmec-T TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Modify the hosts file, Terminate AV related processes and services, Steal information. Read the article. Filename is partly random (aspinnnnnn.exe) n representing a number.
Microsoft ASPI Manager (aspimgr)	X	aspimgr.exe	Detected as Backdoor.Win32.Agent.aju by Kaspersky
Microsoft authenticate service (MsaSvc)	X	msasvc.exe	Added by Worm_Ircbot_Gen Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Microsoft Bluetooth Support (BthSupp)	X	bthsupp.exe	Added by the W32/Btbot-A WORM!
Microsoft Client Agent Service (Microsoft Client Agent)	X	msclient.exe	Added by the W32/Tilebot-BP WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Microsoft Config (mscfg)	X	dczznet.exe	Added by the W32/Rbot-ARK WORM! Note: This is not the legitimate Windows process Msconfig.exe (Which is found in the System or System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Microsoft Corporation	X	systemi32.exe	Variant of the W32.SPYBOT WORM
Microsoft Corporation	X	utorrent.exe	Added by a variant of the Backdoor.Win32.Bifrose.la TROJAN! Note: This trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K)
Microsoft Corporation (Windows Wordpad)	X	wordpad.exe	Added by the W32/Tilebot-GL WORM! Note: This worm\trojan is located in C:\%WINDIR%\ This is not Microsoft's wordpad.exe. To make sure check the properties of the file.
Microsoft Coyshader Runtime	X	serv32.exe	Added by the W32/Rbot-GHJ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Install a rookit. rdriv.sys run a rootkit removal tool
Microsoft Coyshader Runtime	X	service.exe	Added by the W32/Rbot-GHJ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Install a rookit. rdriv.sys run a rootkit removal tool
Microsoft CTF Loader	L	ctfmon.exe	CTF Loader
Microsoft DHCPA Service	X	mshcp.exe	Added by the W32/Rbot-FNA WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Microsoft Digital Identity Service (InfoCard Service)	L	infocard.exe	Related to Microsoft_NET_Framework .NET Framework is a development and execution environment that allows different programming languages & libraries to work together seamlessly to create Windows-based applications.
Microsoft Distributed Transaction (MSDT)	X	msdt.exe	Added by the W32/Tilebot-BQ WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
Microsoft DLL System	X	smsc.exe	Added by the W32/Tilebot-FY WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Microsoft HDA Protocol (svhda)	X	svhda.exe	aDEED BY THE Backdoor.Win32.IRCBot.rr as detected by Kaspersky TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Microsoft IE	X	IEXPLORE.EXE	Added by the W32/Forbot-AG WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: This is not the legitimate Windows Process. (Which is found in the C:\Program Files\Internet Explorer\ folder.) This worm\trojan file is found in the C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32
Microsoft IIS helper	X	msiishlp.exe	Added by the Backdoor.Isen.Rootkit TROJAN! Read the link, rootkit type stealth involved.
Microsoft information dll service (msidll)	X	msidll.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here
Microsoft Internet Explorer	X	iexplore.exe	W32/Tilebot-JS Read the link, allows remote access
Microsoft Internet Information Services kernel mode driver	X	msiisdrv.exe	Added by the Backdoor.Isen.Rootkit TROJAN! Read the link, rootkit type stealth involved.
Microsoft Java Service (Windows Java Service)	X	jusched.exe	Added by an unidentified TROJAN! Note: This trojan is located in C:\%WINDIR%\
Microsoft Language Service (Windows Language Service)	X	alg.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder
Microsoft Logon Service	X	mslogon.exe	Added by the W32.Woredbot.C TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Microsoft Logon User Interface Skining (LogonUInterf)	X	logonui.exe	Detected by Ewido as Backdoor.SdBot.aad. This worm file is found in the Windows or Winnt folder.
Microsoft Main Window Service	X	mainwin32.exe	Added by the W32/Spybot-MR WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection
Microsoft Media	X	rtsecas.exe	W32/Rbot-KPH Read the link, allows remote access
MicroSoft Media Tools	X	MSMEDIA.EXE	Added by the SDBOT.CUH WORM! Note: This worm file is found in the System32 folder. (NT/2000/XP) Read the link, rootkit type stealth involved.
MicroSoft Media Tools (MicroSoft Media Tools)	X	MSmedia.exe	Added by the W32/Tilebot-BC WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Microsoft MSI Service	X	msi.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Microsoft Name Server	X	nssrv.exe	W32/Tilebot-EK Read the link, allows remote access
Microsoft Net API (NETAPI)	X	msapi.exe	Added by the W32/Tilebot-HJ WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Microsoft NetWork FireWall Services	X	Net_Services.exe	http://www.sophos.com/virusinfo/analyses/w32lovgateaa.html
Microsoft NetWork FireWall Services	X	NetServices.exe	http://www.sophos.com/virusinfo/analyses/w32lovgateaa.html
Microsoft Network RPC	X	msnetrpc.exe	Related to the Troj/Isen-B
Microsoft Networks DN (msndn)	X	msndn.exe	Added by the Backdoor.SdBot.AQZ, A.K.A. Ircbot_Gen WORM! Allows a remote intruder to gain access and control over the computer.
Microsoft New Game 2 (svehost32)	X	svehost32.exe	Added by the W32/Tilebot-I TROJAN! Read the link, rootkit type stealth involved.
Microsoft Null Development Monitor (msdevnull)	X	msdevnull.exe	Added by the W32/Rbot-AGE Worm! Read the link, rootkit type stealth involved.
Microsoft Passport Network CyberShots	X	cybershots.exe	Added by the W32/Spybot-ND WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF).
Microsoft Path Finder Service (MSpath)	X	mspath.exe	Added by the W32/Sdbot-AEO WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
Microsoft Path Finder Service (mspathfinder)	X	mspathfinder	Added by the W32/Tilebot-AH WORM! Rootkit Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Microsoft Performance WMI Adapter AddOn (WMIPervAddOn)	X	wmiapsv.exe	Added by the Backdoor.Win32.SdBot.aad TROJAN! Reported by Kaspersky More Note: This worm\trojan is located in C:\%WINDIR%\
Microsoft Print Spooler (WINDRIVER)	X	scvhost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Microsoft proxysys (proxysys)	X	proxysys.exe	W32/Tilebot-JC Read the link, allows remote access
Microsoft Registry Viewer (Dumpreg)	X	DUMPREG.EXE	Added by the SDBOT.BXI WORM! Read the link, rootkit type stealth involved.
Microsoft Sata emulation (mside)	X	mside.exe	Added by the Worm.Opanki.BK WORM! Note: This worm\trojan is located in C:\%WINDIR%\SYSTEM\ Read the technical details
Microsoft SCC Host Protocol (POOLSVR)	X	poolsv.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
Microsoft SCC Host Protocol (TaskMGM)	X	taskmg.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
Microsoft sdk core (sdk)	X	lsass.exe	Added by the Troj/IRCBot-PF TROJAN! Note: Located in C:\%WINDIR%\
Microsoft Security Login Service	X	mssecure32.exe	Added by the W32/Vanebot-R WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) Attempts to terminate a number of processes related to security and anti-virus applications.
Microsoft security update service (msupdate)	X	msvcrtd.exe	Related to a variant of the Trojan.Win32.Agent.NCR family. TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here
Microsoft Service Manager (winmdgr)	X	winsvcmgr.exe	Added by the W32/Rbot-AAD WORM! Read the link, rootkit type stealth involved.
Microsoft SQL Server Debug (sql)	X	sqldebug.exe	Added by the W32/Tilebot-FF WORM! Note: Located in C:\%WINDIR%\
Microsoft SSL (ssl)	X	ssl.exe	Added by the W32.Esbot.C WORM! Note: This Worm\Trojan file is found in the System32 folder and has nothing to do with the (Secure Socket Layer)
Microsoft Star Window Service	X	starwin32.exe	Added by the W32/Rbot-FNT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ dllcache\ (XP/WinNT/2K)
Microsoft Star Window Service	X	svcshoter.exe	Added by the WORM_SDBOT.ANK WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32]dllcache (XP/WinNT/2K) provides the remote user virtual control over the affected system, thus compromising system security.
Microsoft Star Window Service	X	starwksvc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\dllcache\ (Win9x/Me), C:\%WINDIR%\dllcache\ (XP/WinNT/2K)
Microsoft Startup Manager. (Microsoft Startup Manager)	X	msput.exe	Added by the W32/Sdbot-BAY WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Microsoft Svc Services Dispatcher	X	svcsrv.ldr	unknown malware
Microsoft Terminal Service	X	msterminal.exe	Added by the W32/Sdbot-CPZ WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\DllCache\ (XP/WinNT/2K)
Microsoft TG Mannager	X	mtgm.exe	Added by the WORM_SDBOT.EMT WORM! Note: This worm is located in C:\%WINDIR%\ Read the link, allows remote access
Microsoft Translation Service (MTServ)	X	mtserv.exe	Added by the W32/Rbot-GAL WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Microsoft Updata ver2005 (Microsoft Updata ver2005)	X	tw725.exe	Added by the Troj/Feutel-P TROJAN!
Microsoft Update	X	SCVVC.exe	Added by a variant of the W32/Malware Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Microsoft update (msnupdate)	X	windupdate.exe	Added by the SDBOT.CGV WORM! Read the link, rootkit type stealth involved.
Microsoft update Service	X	msiupdate32.exe	Added by the W32/Vanebot-S WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF). Attempts to terminate a number of processes related to security and anti-virus applications
Microsoft Validation Service	X	mvsr32.exe	Detected as Backdoor.SdBot.bem by AVG-antispyware
Microsoft Validation Service	X	wmiprsv.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\
Microsoft Virtual Private Network (MS Virtual Private Network)	X	MSVPN32.exe	Added by the W32/Rbot-AIO WORM!
Microsoft VPS Service	X	msvps.exe	Added by the W32/Rbot-FNI WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disables the automatic startup of other software
Microsoft Webserver (Microsoft Webserver)	X	Microsoft Webserver.exe	Added by the Troj/Hupigon-FU TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Microsoft Windows (Microsoft Windows)	X	system.exe	Added by the W32/Rbot-AMQ WORM! Note: This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Microsoft Windows Avantage Service (Windows Avantage)	X	avantage32.exe	Added by the W32/Tilebot-HE WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. disables the automatic startup of other software.
Microsoft Windows BDA Service	X	svhba.exe	Added by the W32/Vanebot-P WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disables the automatic startup of other software
Microsoft Windows DMR Service (Windows DMR Service)	X	dmrproc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ More here
Microsoft windows FTPd	X	updtftpini.exe	Added by the W32/Rbot-FUS WORM! Note: This worm\trojan is located in C:\Windows\dllcache\ (Win9x/Me), C:\%WINDIR%\dllcache\ (XP/WinNT/2K) More] here
Microsoft Windows HDA Service	X	svhda.exe	Added by the W32/IRCBot-SL WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Microsoft Windows HelpFile (Windows Helpfile)	X	services.exe	Added by the W32/Tilebot-FQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. disabling the automatic startup of other software
Microsoft Windows Internet Connections Manager (net32b)	X	net32b.exe	Added by the W32/Cuebot-N WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Deactivates the Microsoft Internet Connection Firewall (ICF).
Microsoft Windows Man Service (Windows Man Service)	X	winmgr.exe	Added by the W32/Sdbot-DTL WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Microsoft Windows Protection (Windows Protection Service)	X	winlogon.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Microsoft Windows Software Update Service (mswsus)	X	mswsus.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Microsoft Windows Spool Service (Windows Spool Service)	X	wdfmgr.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ Not to be mistaken with wdfmgr.exe which is part of Microsoft Windows Media Player and located in, C:\WINDOWS\System32\.
Microsoft Windows Spool Service (Windows Spool Service)	X	services.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder.
Microsoft Windows Spooler Service (Windows Spooler Service)	X	winlogon.exe	Added by the W32/Tilebot-FR WORM!Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Allows a remote intruder to gain access and control over the computer, read the link.
Microsoft Windows Spooler Service (Windows Spooler Service)	X	services.exe	Added by the W32/Tilebot-FW WORM! Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Allows a remote intruder to gain access and control over the computer, read the link.
Microsoft Windows SQL Service	X	winesql.exe	Win32/IRCBot.UG
Microsoft Windows System32	X	winservs.exe	Added by the W32/Tilebot-GU WORM! Note: This worm\trojan is located in C:\%WINDIR% Also been identified with the filename: winsysdir.exe
Microsoft Windows System32	X	windll32.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\
Microsoft Windows Update	X	wuautcl.exe	Troj/Spybot-NQ Read the link, allows remote access
Microsoft Windows Update (Microsoft Update)	X	scvvhost.exe	Added by the W32/Forbot-FH WORM!
Microsoft Windows Update (Microsoft Windows Update)	X	msconfig32.exe	Added by the W32/Tilebot-P WORM! Read the link, rootkit type stealth involved.
Microsoft Windows Update (msupdate)	X	csrss.exe	Added by an unknown TROJAN!, Note: This has nothing to do with Microsoft Windows Update and this is not the legitimate Windows Process csrss.exe. (Which is found in the System32 folder.) This trojan file (csrss.exe) is found in the Windows or Winnt folder.
Microsoft Windows Validation Service (Windows Validation Service)	X	devldr32.exe	Added by a variant of the WIN32.RBOT WORM! - Note - do NOT confuse with the legitimate Creative Labs devldr32.exe file. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
MicroSoft Windowz Update (MsFtUpd)	X	MsFtUpdateXP.exe	Added by the W32/Tilebot-BL WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
Microsoft WMI Performance Adapter AddOn (WMIPerAddOn)	X	wmiapsrv.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ NOT TO BE confused with C:\WINDOWS\System32\wbem\wmiapsrv.exe which is a Microsoft application
Microsoft(R) Windows(R) Operat (Microsoft Corporation)	X	iexplorer.exe	Added by the Troj/Feutel-W TROJAN! Note: This is not the legitimate Windows Process (iexplore.exe) which is found in the Program Files\Internet Explorer folder. (Notice the difference in the spelling.) This trojan file (iexplorer.exe) is found in the System32\Internet Explorer folder.
microsoftdvdhelp (MicrosoftDVD)	X	msdvd.exe	Added by the W32/Rbot-AWQ WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Microsoftkeysd	X	systemwin32.exe
MilShieldCleaner	L	ShieldService.exe	Related to Mil_Shield from Mil Incorporated. It protects your privacy by removing all tracks from your online or offline computer activities. Note: Located in C:\Program Files\Mil Incorporated\Mil Shield\
MindRetrieve Engine (MindRetrieve)	L	MindRetrieve.exe	MindRetrieve Appears to be a personal desktop search engine.
MindStorm Agent	L	srvpxa.exe	Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices.
MindStorm AnalyzerPro Controller	L	srvctr.exe	Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices.
MindStorm AnalyzerPro Correlation Engine	L	srvcor.exe	Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices.
MindStorm Controller	L	srvctr.exe	Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices.
MindStorm Correlation Engine	L	srvcor.exe	Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices.
Mini USB Driver	X	svñhîst.exe	Troj/Proxy-CY Note: Located in %windir%\system32 Read the link, allows remote access
MINIServer (MiNiService)	X	MiniServer.exe	Added by the Troj/LittleW-E TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Miscrosoft Updates Service 4	X	msupd4.exe	Trojan-Downloader.Win32.Agent.gn
Miscrosoft Updates Service 5	X	msupd5.exe	Trojan. TROJ_LODMEDUD.A
MkSUpdateInt	L	MkSUpdateInt.exe	ArcaVir an AntiVirus software from Poland. A procuct of ArcaBit Sp. z o.o
MkS_Scan	L	mks_scan.exe	ArcaVir an AntiVirus software from Poland. A product of ArcaBit Sp. z o.o
mks_vir antivirus monitor (MksVirMonSvc)	L	mksmonsv.exe	ArcaVir an AntiVirus software from Poland. A product of ArcaBit Sp. z o.o
MLKKBDNTDriver	O	MLKKBDNTService.exe	Unknown
MMX Virtualization Service	X	mmx464.sys	Added by the Goldun.J TROJAN! Read the link, rootkit type stealth involved.
MMX2 Virtualization Service	X	mmx464.sys	Added by the Goldun.J TROJAN! Read the link, rootkit type stealth involved.
MNSFramework	L	MNSFramework.exe	Mobile Net Switch enables you to use your computer on more than one network with the click of a button. Note: Located in C:\WINDOWS\system32 (XP NT)
Mobility Client (ArtourService)	L	artsvc.exe	Related to IBM_Mobility_Client Note: Located in C:\Program Files\IBM\Mobility Client\
MOBSYNC	X	MOBSYNC.EXE	Added by the SDBOT.CNT WORM! Read the link, rootkit type stealth involved.
modlb (modlb)	X	modlb.exe	Added by the W32/Tilebot-BF WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
mondrv (mondrv)	X	mondrv.sys	Added by the TROJ_ROOTKIT.M TROJAN! Read the link, rootkit type stealth involved.
MONDV	X	MONDV.SYS	Added by the Troj/Rootkit-Z TROJAN! Read the link, rootkit type stealth involved.
Morrin Thumbnail Synchronized Service 5 (MrnTS_Sync5)	?	MrnTS_Sync5.exe	From Morrin Corporation? http://forums.spywareinfo.com/index.php?act=ST&f=18&t=43573
Motorola Digital Audio Player Manager	L	MotorolaDAP.exe	Related to Motorola Inc. Motorola Digital Audio Player.
Mouse Button Monitor (mousebm)	X	mousebm.exe	Added by the W32.Esbot.A WORM!
Mouse Click Monitor (mousecm)	X	mousecm.exe	Added by the W32/Sdbot-ZQ Worm!
Mouse Cursor Monitor (mousecrm)	X	mousecrm.exe	Added by the W32/Sdbot-ABQ WORM!
Mouse Hardware Sync (mousehs)	X	mousehs.exe	Added by the Troj/Bdoor-HU WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Mouse Movement Monitor (mousemm)	X	mousemm.exe	Added by the W32/Cuebot-E WORM!
Mouse Synchronization (mousesync)	X	mousesync.exe	Added by the W32/Esbot-A WORM!
Mouseb	X	MOUSEB.EXE	Added by the SDBOT.CRQ WORM! Read the link, rootkit type stealth involved.
Movielink Core Service	L	MOVIEL~1.EXE	Associated with Movielink online movie download service with help from IBM. Has also been seen with the file name MOVIEL~2.EXE
MozyBackup	L	mozybackup.exe	Related to Mozy Free backup at a secure, remote location. Note: Located in C:\Program Files\Mozy\
MpService	L	MPSERVIC.EXE	Related to Canon Inc. http://www.canon.com/
mr2kserv	L	mr2kserv.exe	Dell Open Management software installs this service http://www.anti-spy.info/process/mr2kserv.exe.html
MrayPigeonServer	X	M_Server2006.exe	Troj/Hupigon-IV Note: Located in %windir% Read the link, allows remote access
MRFCKDLL	X	MRFCKDLL.SYS	Added by the Troj/NtRootK-F TROJAN! Read the link, rootkit type stealth involved.
MrobeService	L	MRobeService.exe	Related to Olympus_America_Inc Imaging products.
MrPostman	L	Wrapper.exe	Related to MrPostman: POP email access.
Ms Builders (Ms Builder)	X	Wupated.exe	Added by the W32/Agobot-SS WORM!
MS Common Service	X	mscomserv.exe	Added by the Troj/Zlob-RF TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
MS Dns Service	X	wincntrl.exe	Added by a variant of the Sdbot/Rbot worm
MS Dns Service (WinNet)	X	wincntrl.exe	Added by the W32/Rbot-AYH WORM! Note: This worm\trojan file is found in the System32 folder.
MS DTC console	X	msdtc.exe	Added by the W32/Sdbot-DTO WORM! Note: This worm\trojan is located in C:\%WINDIR%
MS Ineterner Explorer Update Services (msieupservice)	X	msupsrv.exe	Listed as "Adware.SponsorBox.Process". by SuperAdBlocker
MS Internet Countermeasures Framework (ICF)	X	\System32:svchost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note DO NOT delete the svchost.exe file.
MS Internet Countermeasures Framework (ICF)	X	icf.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\
MS Office Updater Service	X	msrvs32.exe	Added by the W32/Tilebot-HM WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder
MS Shadow Copy Software (ScSoft)	X	scsoft.exe	W32/Tilebot-JP Read the link, allows remote access
MS Software Shadow Download Provider (dnlsvc)	X	dnlsvc.exe	Added by DnlSvc.Process TROJAN!
Ms Valud Loader (Ms Valud Load)	X	Svhots.exe	Added by the W32/Agobot-SP WORM!
MSCom	X	mscom.exe	Added by the W32.Woredbot TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
MSCommmand	X	mswincom32.exe	Added by the W32/Rbot-FMM WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K) Disables the automatic startup of other software, deactivates the Microsoft Internet Connection Firewall (ICF).
MSCoolServ	X	mscolsrv.exe	Rahack virus
MSCSPTISRV	L	MSCSPTISRV.exe	Related to Sony Corporation.
Msdebugsrv	X	dbg32hlp.exe	Added by the SDBOT.CNG WORM! Read the link, rootkit type stealth involved.
msdelv (msdevl)	X	msdevl.exe	Added by the W32/IRCBot-VJ WORM! Note: This worm\trojan is located in C:\Program Files\Common Files\System\
msdirectx	X	MSDIRECTX.SYS	Added by the Troj/NtRootK-F TROJAN! Note: This trojan file is dropped by various other worms and trojans to hide their processes. Read the link, rootkit type stealth involved.
msdll	X	msdll.exe	Added by a variant of the IRCbot family of worms and IRC backdoors. Note: located in C:\%WINDIR%\system\
MSDN Driver (msdndr)	X	msdndr.pif	Added by the Troj/HacDef-EQ TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Msdn Update 32 (msdnupdate32)	X	msdnupdate32	Added by the W32/Tilebot-M WORM! Read the link, rootkit type stealth involved.
Msdn Update 32 (msdnupdate32)	X	msdnupdate32.exe	Added by the SPYBOT.AHT WORM! Read the link, rootkit type stealth involved.
Msdtc Manager	X	winlogin.exe	Added by the W32/Rbot-FKU WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
msecure (mcsecure)	X	mcsecure.exe	Added by the SDBOT.BZJ WORM! Read the link, rootkit type stealth involved.
mserv.exe	X	mserv.exe	Related to Trojan.Win32.Killav.br
msfsr	X	msfsr.sys	W32/Piggi-B Note: Located in %windir%\system32 Read the link, changes security settings and may disable antivirus programs
msftesql	L	msftesql.exe	Related to Microsoft_SQL_server suite.
MsGrd32	X	MSYRD32.EXE	Added by the SDBOT.BYR WORM! Read the link, rootkit type stealth involved.
MsHS64 or cvcworking setting (cvcWork or MsHS64)	X	syscvhost.exe or MsHS64.exe	Added by the W32/Tilebot-BU WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
msie7	X	msie701.exe	Identified as Trojan_Downloader by PREVX, Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
msieupdater (Microsoft IE Updater)	X	update44105609.exe	Related to a variant of the Malware.IFN.dropper family. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: filename is random in the format of update(Random Number).exe
MSIEUpdater_1 (Microsoft IE Updater_1)	X	ie_updater1.exe	Identified as Downloader.Small.eop or Downloader.Murlo.fa Note: This worm is located in %userprofile%\
MSIEUpdater_2 (Microsoft IE Updater_2)	X	ie_updater.exe	Added by a variant of the Troj/Bckdr-QGB TROJAN! Note: This worm\trojan is located in %userprofile%\
MsInfo Service (MsInfo)	X	MsInfo.exe	Small.H Note: Located in C:\RECYCLER\MsInfo\ Read the link, allows remote access
msinit (Microsoft Scheduling Agent)	X	msinit.exe	Added by the W32/Tilebot-BJ WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
MSI_WLAN_Service	L	WLAN_Service.exe	Part of Microstar's WLan card. File found in the C:\Program Files\MicroStar\WLANUtility folder.
mslogon (Microsoft System Logon Manager)	X	mslogon.exe	Reported as Trojan-Dropper.Win32.Delf.ng by Kaspersky Anti-Virus. Note: This file is found in the Windows or Winnt folder.
MsLS32 (MsLS32)	X	MsLS32.exe	Added by the W32/Tilebot-BS WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
MsLX32 (MsLX32)	X	MsLX32.exe	Added by the W32/Sdbot-AFS WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
MSMAPDEVICE	X	MSMAPDEVICE.SYS	Added by the TROJ_ROOTKIT.AK TROJAN! Read the link, rootkit type stealth involved.
msmbios (Microsoft System Management BIOS Driver)	X	mssmbios.exe	Added by the W32/Tilebot-AI TROJAN! Note: This trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
MSMPSVC	L	MSMPSVC.exe	Related to Windows_OneCare_Live from Microsoft
MSN Clean Messenger	X	msnmsgr.exe	W32/Rbot-GJZ Read the link, allows remote access
Msn Service (MSNSVC)	X	msnsrv.exe	Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
msnntlp	X	msnntlp.exe	W32/Tilebot-JI Read the link, allows remote access
MSQMX	X	msqmx.sys	Troj/StartP-BEH
MSR Collector	L	msrCollector.exe	Related to Black White Box, Inc. Now owned by Vericept Corp. A Risk Management Platform
msriv1 (msriv1)	X	msriv1.sys	Added by the Troj/Rootkit-W TROJAN! Read the link, rootkit type stealth involved.
msscmc43	X	msscmc43.exe	Added by the W32/Spybot-NB WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
MSSQL (MSSQL2K6)	X	sqlsrv.exe	Added by the SDBOT.CNY or MYTOB.NC WORM! Read the link, rootkit type stealth involved.
MSSQLServerADHelper	L	sqladhlp.exe	Related to Microsoft SQL Server 2000 desktop engine.
MSSvc CRSS (CRSS)	X	MSSvc.EXE	Reported by Ewido security suite as Backdoor.SdBot.nj
mst Defrag Service	L	mstDfrgS.exe	Related to mst_Defrag
MSTCS	X	MSTCS.EXE	Reported as Backdoor.Iroffer TROJAN! by What-process.com
mstdel32 (mstdel32)	X	mstdel32.exe	Added by the W32/Tilebot-BE WORM! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
MsUpd	X	msupd4.exe	Added by the Lodmedud TROJAN!
MsUpd	X	msupd5.exe	Added by the Lodmedud TROJAN!
MsUpd	X	msupd6.exe	Added by the Lodmedud TROJAN!
MSUpdate (Microsoft Update Service for 2005)	X	msupdate24.exe	Added by the W32/Tilebot-H WORM!
msupdatefs (Microsoft Updater FileSystem)	X	update13428241.exe	Related to a variant of the Malware.IFN.dropper family. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: filename is random in the format of update(Random Number).exe
msupdatefss (Microsoft Updater FileSystems)	X	update62523833.exe	Related to a variant of the Malware.IFN.dropper family. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: filename is random in the format of update(Random Number).exe
msvbn	X	msvbn.exe	Added by the Backdoor.Win32.SdBot.auv TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
msvnc (msvnc)	X	msvnc.sys	Added by the TROJ_ROOTKIT.M TROJAN! Read the link, rootkit type stealth involved.
msvrcs(msvrcs) (msvrcs)	X	msvrcs.exe	Added by the W32/Sdbot-CRX WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
muamgrd.exe	X	muamgrd.exe	Added by a variant of the AGOBOT.GEN WORM! Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Multi-user Cleanup Service	L	ntmulti.exe	Related to IBM Lotus Note software.
MWAgent	L	MWASER.EXE	Related to MicroWorld Technologies Inc. - Antivirus & Content Security suite. Note: Located in C:\Program Files\Common Files\MicroWorld\Agent\
MWSarcpkt	L	MWSEtherpkt.exe	Related to Gateway Ticketing Systems, Inc. http://www.gatewayticketing.com/
MWSejcap	L	MWSejcap.exe	Related to Gateway Ticketing Systems, Inc. http://www.gatewayticketing.com/
MWSpollserver	L	PollServer.exe	Related to Gateway Ticketing Systems, Inc. http://www.gatewayticketing.com/
MWSsched	L	sutmsced.exe	Related to Gateway Ticketing Systems, Inc. http://www.gatewayticketing.com/
MWSTick	L	MWSTick.exe	Related to Gateway Ticketing Systems, Inc. http://www.gatewayticketing.com/
MXS(mxs) (MXS)	X	mxs.exe	Added by the W32/Sdbot-CTT WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
My Firewall Plus	L	Smc.exe	Related to Webroot Firewall
MyMedia Server	L	MyMediaServer.exe	Related to FUJITSU LIMITED
MySql	L	mysqld-nt.exe	belongs to MySQL Daemon. It is a service that handles the access to MySQL databases
MySqlInventime	L	mysqld-max-nt.exe	Related to MySQL database a popular open source database.
MySrvShell Service (MySrvShell)	X	(Path to Trojan EXE)	Added by the Troj/WinterLv-C Trojan!
NAI ePolicy Orchestrator Agent (NAIMAGENT32)	L	naimas32.exe	Related to Network Associates anti-virus protection suite http://www.liutilities.com/products/wintaskspro/processlibrary/naimas32/
National Instruments PSP Server Locator (lkClassAds)	L	lkads.exe	Related to National_Instruments Logos. Note: Located in C:\WINDOWS\system32\
National Instruments Time Synchronization (lkTimeSync)	L	lktsrv.exe	Related to National_Instruments Logos. Note: Located in C:\WINDOWS\system32\
NAV Alert	L	alertsvc.exe	Related to Symemtecn/Norton products
Navegador de red (ExpIorer)	X	ExpIorer.exe	Added by the Troj/Taladra-E TROJAN!
NBService	L	NBService.exe	Related to Nero Backup service. Note: Located in C:\Program Files\Nero\Nero 7\Nero BackItUp\
NDAS Service (ndassvc)	L	ndassvc.exe	Related to XIMETA Inc. Smart Network Storage Solution.
NDIS Adapter (NDIS TCP Layer Transport Device)	X	ndis.exe	Added by the W32/Forbot-AX WORM! Note: This worm file is found in the System32 folder.
NdisFilter	X	ndisfilter.sys	Troj/NetAtk-F
ndserv		ndserv.exe	Related to NetDeploy_Launcher from Open Software Associates Ldt. a division of Managesoft.com Note: Located in C:\Program Files\netDeploy\Launcher\
neruo.exe (NeroFilterCheck)	X	Explore.exe	Added by the SDBOT.DIH WORM! Read the link, rootkit type stealth involved.
Net Agent	X	dls0523pmw.exe	Added by the Trojan.Downloader-Gen/BasicMath.Process TROJAN Note: This trojan is located in C:\%WINDIR%\
Net Boot Service	X	big5_gb2312.exe	Detected as W32.Agobot-TU Note: Located in WINDOWS\system32
Net Functions Library (Netlib)	X	Netlib.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C: folder.
Net Functions Monitoring (Netmon)	X	Netmon.exe	Added by the W32/Codbot-R WORM!
Net Logon (Netlogon)	L	lsass.exe	Related to the Net_Logon service. Uused to authenticate a user into a domain. Note: Located in C:\%WINDIR%\System32\
Net message Service	X	netmsg.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Net Service Monitor	X	netsvc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: Located in C:\WINDOWS\ Note] Netsvc.exe: This tool provides a way to remotely start, stop, and query the status of services from the command line. But is not run as a SERVICE. Here
NetBackup Client Service (NetBackup INET Daemon)	L	bpinetd.exe	Related to VERITAS NetBackup Enterprise Server.
NetBackup Volume Manager	L	bevmd.exe	Related to VERITAS NetBackup Enterprise Server.
NetBIOS Helper	X	nbthlp.exe	Added by the W32.Toxbot.AL WORM! Note: Symantec has developed a removal tool to clean the infections of W32.Toxbot.AL, to download it Click_Here
netbios helper service	X	altsvc.exe	adserver adtech.de redirects
NetBIOS Helper Service (NetBIOS Helper)	X	nbthlp.exe	Added by the W32/Codbot-AE WORM! Note: This worm\trojan file is found in the System32 folder.
NetBTD(ntbtd) (NetBTD)	X	netbtd.exe	Added by W32/Sdbot-BLW WORM! Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
NetCN	X	netcn.sys	Added by the Hacktool.Rootkit TROJAN! Read the link, rootkit type stealth involved.
NetconDDE Service (NetconDDE)	X	iisctrl.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
netconf32 (netconf32)	X	netconf32.exe	Added by the W32/Tilebot-BN WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
netctrl	X	sys.dll	Troj/Singu-AR Read the link, allows remote access
NetDDE Server (NetDDEsrv)	X	netddesrv.exe	Added by the W32/Codbot-Y WORM! Note: This worm\trojan file is found in the System32 folder.
NetDDEipx (NetDDEipx)	X	random	Added by the NetDDEipx TROJAN! **note 3ylv.exe may be one of the random file names used
NetGroup Packet Filter Driver (NPF)	X	npf.sys	Troj/Delf-EQE Note: Located in %windir%\system32\drivers
Neth	X	netid.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
NETINFO	X	netinfo.exe	Added by the W32/Tilebot-J WORM! Read the link, rootkit type stealth involved.
NetLimiter (nlsvc)	L	nlsvc.exe	NetLimiter_2 shows list of all applications communicating over network.
NetLogon	X	svchost.exe -k NetLogon	Added by the Fuwudoor TROJAN!
NetM (Ne)	X	win32udt.exe	Added by a variant of the SDBOT.CZD family of trojan. Note: This trojan is located in C:\%WINDIR%\
Netman	X	Netserv.dll	Troj/Protux-E
NetOp Helper ver. 7.50 (2002343) (NetOp Host for NT Service)	L	NHOSTSVC.EXE	Related to Danware NetOp products Note: Located in C:\Program Files\Danware Data\NetOp Remote Control\HOST\
NetOp Helper ver. 7.65 (2004242) (NetOp Host for NT Service)	L	NHOSTSWC.EXE	Related to Danware NetOp products
Netropa NHK Server	L	nhksrv.exe	Netropa Hotkey Server task seen only on DELL and Compaq PCs running Windows NT4/2000/XP
Netropa NHK Server	L	Nhksrv.exe	nhksrv.exe is a process that belongs to DELL and Compaq systems. It is used to halt any configured hotkeys while the screensaver is running.
Netscape Update Service	L	ncupdatesvc.exe	Netscape Communications Corporation updater
NetSendServer (NetSendServer)	X	NetSend.exe	Added by the Troj/Hupigon-DQ TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
NetSign AutoUpdate Service (NsAUSvc)	L	NsAUSvc.exe	Related to SecurityFocus - http://www.securityfocus.com/
NetVeda Safety.Net (ipcSvc)	L	ipcsvc.exe	Related to Safety_net from Netveda. Security and advanced Internet firewall protection for all your LAN computers.
Network	?	nettcp.exe	Unknown owner: Location C:\WINDOWS\system32\nettcp.exe
Network ADSL Server (Network ADSL Server)	X	woaisaomm.exe	Added by the Troj/GrayBrd-AQ TROJAN! Note: This trojan file is found in the System32 folder.
Network Associates Task Manager	L	VsTskMgr.exe	VirusScan Task Manager
Network Client (nwclntg)	X	winlogon.exe	Added by the Boxed.E TROJAN!
Network Configuration Service (NetCfgSvr)	L	NetCfgSv.EXE	Related to AT&T http://www.anti-spy.info/process/netcfgsv.exe.html
Network Connections Sharing (RpcTftpd)	X	svchost.exe	Added by the W32.Welchia WORM! **Note - This service will be set to start manually
Network DDE Client (NetDDEclnt)	X	netddeclnt.exe	Added by the W32/Codbot-M WORM!
Network dde connections	X	service.exe	adtech.de redirections
Network DDE Connections (NETDDEC)	X	winmgnt.exe	Added by unknown malware, the file winmgnt.exe may be a Serv-U FTP server used to download other malicious files to your computer. File location is in the System32 folder.
Network DDE DSMA (NetDDEdsma)	X	svchost.exe	Added by the W32/Sdbot-BMG WORM! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm file is found in the Windows or Winnt folder.
Network DDS (NetDDS)	X	NetDDS.exe	Reported as Troj/ServU-Gen See Sophos Unknown owner :Location: C:\WINDOWS\system32\NetDDS.exe
Network Devices Controller (ndcsvc)	X	random.$$$	Added by the Alnica TROJAN!
Network Devices Controller (ndcsvc)	X	random file name	Added by the Alnica TROJAN!
Network Distributed Transaction Coordinator for Workstation (MSDCSRV32)	X	mssrv.exe	Added by the PWSteal.Drorar TROJAN! Note: This trojan file is found in the Program Files\Common Files\system\ado folder.
Network DRV (NTDRV)	X	netdrvr.exe	Added by the W32/Sdbot-AZK WORM! Note: This worm file is found in the System or System32 folder.
Network Gateway Manager (npx)	X	csrsc.exe	Added by the W32/Sdbot-CPE WORM! Note: This worm\trojan is located in C:\%WINDIR%
Network helper Service (MSDisk)	X	irdvxc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Network Location Manager	X	lssc.exe	Added by the Trojan.Backdoor.Gen TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Network Management Center Time (W32Times)	X	TIMEMAN32.EXE	Added by the Troj/GrayBrd-AA TROJAN! Note: This worm\trojan file is found in the Program Files\Internet Explorer\plugins folder.
Network Messenger (MStdc )	L	mstdc.exe	Related to Microsoft Personal Web Server and Microsoft SQL Sever software http://www.2-files.com/process/microsoft-distributed-transaction-coordinator
Network Monitor	X	netmon.exe	Reported by Panda as the Trj/Cicos.H TROJAN! This trojan if found in the \Program Files\Network Monitor\ folder. Note: This is not the legitimate Microsoft Network Monitor (Netmon.exe) process which is legitimate to capture network traffic. Article_Q812953
Network Provision Managing Service (xmlprovman)	X	provsvc.exe	Added by the W32/Sdbot-CRS WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Network Security Service	X	random	CoolWebSearch res:// variant
Network Security Service (NSS)	X	random	CoolWebSearch res:// variant
Network Security Service (__NS_Service_3)	X	sdkbj32.exe	Detected as Trojan.Agent.bi by ewido(now known as AVG-antispyware)
Network Station Task Manager (TASKSQ)	X	tasksch.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
Network Station Task Manager (TSKIB)	X	taskib.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
Network Switching Alerter	X	windlls.exe	Probable variant of W32/Rbot-AZQ
Network System (NetSystem)	X	NetSystem.exe	Troj/QQRob-ADE Read the link, steals information
NetWorkLogon	X	KB8964225.log	Troj/Lmir-FF Note: Located in %windir%\system32 Read the link, steals information
NI Service Locator (niSvcLoc)	L	niSvcLoc.exe	Related to National_Instruments corp.
NICCONFIGSVC	L	NICCONFIGSVC.exe	NICCONFIGSVC.exe is a process associated with the power management settings for network adapters on Dell systems. For more information Click_Here
NICSer_WMP11	L	NICServ.exe	Related to Linksys config utility.
ninsvc	X	ninsvc.exe	Added by the W32/Akbot-AL WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Modifies the HOSTS file
nipxirmu	L	nipalsm.exe	Related to National_Instrument Corp.
NMap	L	nmapserv.exe	NMapWin Port Scanner utility service.
NMIndexingService	L	NMIndexingService.exe	Part of a Nero product
NMSAccess	L	NMSAccess.exe	Related to Cheetah_DVD_Burner Note Must only be used on NT4/2000/XP
NNServ	X	nnrun.exe	Added by NewDotNet AdWare! Note: Located in C:\Program Files\NewDotNet\
NNSvc	L	nnsvc.exe	NetNanny Internet Filter
NobleNet Portmapper for TCP	L	portserv.exe	Actuate_Enterprise Reporting Applications for business intelligence analytic services
NOD AV service (nodantivir)	X	nodantivir.sys	Added by the Troj/Haxdoor-AK TROJAN! Note: This trojan file is found in the System32 folder. The file nodantivir.sys provides stealthing functionality.
NOD32 Kernel Service (NOD32krn)	L	nod32krn.exe	NOD32 Antivirus
Nofeel FTP Server Service	L	nftpdsvc.exe	Related to Nofeel_FTP_Server
NoIPDUCService	L	DUC20.exe	Related to Vitalwerks Internet Solutions
Norman API-hooking helper	L	nipsvc.exe	Norman Anti-Virus
Norman NJeeves	L	NJEEVES.EXE	Norman Anti Virus
Norman Type-R	L	NPFSVICE.EXE	Norman Virus Control Service. Made by Norman Data Defense Systems, Inc. For more information Click_Here File is located in the Norman\Nvc\BIN folder.
Norman Virus Control on-access component	L	nvcoas.exe	Norman Virus Control on-access component
Norman Virus Control Scheduler	L	NVCSCHED.EXE	Norman Virus Control Scheduler
Norman ZANDA	L	Zanda.exe	Norman Anti Virus
Nortel Networks TunnelGuard (tunnelguardservice)	L	CueAgent_srv.exe	Related to Nortel_Networks_TunnelGuard designed to ease the deployment of very large site-to-site and remote access Virtual Private Networks (VPNs). Note: Located in C:\Program Files\Nortel Networks\TunnelGuard\
Norton antivirus and Firewall (it)	X	fime.exe	Bogus Norton Antivirus and Firewall service. Unknown owner.
Norton AntiVirus Auto Protect Service (navapsvc)	L	navapsvc.exe	Related to Norton/Symantec AntiVirus.
Norton AntiVirus Auto-Protect Service (navapsvc)	L	navapsvc.exe	Related to Norton/Symantec AntiVirus.
Norton AntiVirus Client	L	rtvscan.exe	Norton Anti-virus related
Norton AntiVirus Firewall Monitor Service (NPFMntor)	L	NPFMntor.exe	Norton Internet Worm Protection
Norton Ghost	L	PQV2iSvc.exe	symantec Norton Ghost Image related
Norton Internet Security Accounts Manager	L	NISUM.EXE	Related to Norton Internet Security
Norton Internet Security Proxy Service	L	SymProxySvc.exe	Related to Symantec Corporation
Norton Internet Security Service	L	NISSERV.EXE	Related Symantec Corporation
Norton Online Anti Virus	X	avll32.exe	Added by the Backdoor.Win32.SdBot.aad reported by Kaspersky TROJAN! Note: This worm\trojan is located in C:\%WINDIR%
Norton Personal Firewall Proxy Service	L	SymProxySvc.exe	Related to Norton Firewall Proxy service
Norton Personal Firewall Service	L	NISSERV.EXE	Related to Norton Personal Firewall service
Norton Program Scheduler	L	npssvc.exe	Related to Norton Scheculer
Norton Protection Center Service (NSCService)	L	NSCSRVCE.EXE	Related to Norton Internet Security 2006 and Norton AntiVirus 2006. Made by Symantec_Corporation
Norton Unerase Protection	L	NPROTECT.EXE	Norton Protected Recycle Bin
Notebook Manager Service (anbmService)	L	anbmServ.exe	Related to Acer Notebooks Hardware Monitoring program. Made by OSA_Technologies Inc.
Novell Application Launcher (NALNTSERVICE)	L	NALNTSRV.EXE	Novell NAL NT service
Novell Workstation Manager (WM)	L	wm.exe	Novell Workstation Manager
Novell XTier Agent Services	L	XTAgent.exe
Novell ZfD Remote Management	L	ZenRem32.exe
Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN Status Agent)	L	WolSerNT.exe	Novell ZfD Wake on LAN Status Agent
Now.WAP Proxy Gateway Service (WAP3GX)	L	WAP3GXNT.EXE	Related to Now.WAP_Proxy a WAP Gateway that is designed to meet the needs of WAP 2.0 and multimedia applications. Note: Located in C:\PROGRAM Files\NowWAP\
NPDOR File Monitor Service (NFMService)	L	NPDORNT.exe	Related to NPD Online Research.
NPF	X	npf.sys	Added by the Troj/NtRootK-I TROJAN! Note: This trojan file is found in the System32 folder.
npkcsvc	L	npkcsvc.exe	INCA Internet
NS (MSLLR)	X	ns.exe	W32/Agobot-HS
NsEngine	L	NSENGINE.exe	Scheduling engine of NovaSTOR Backup Service
nservice	X	nservice.exe	Added by the W32/Agobot-AHR WORM! Note: This worm is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) Read the link, allows remote access
NT LM Security Support Provider (NtLmSsp)	L	lsass.exe	Related to the NT_LM_Security_Support_Provider Windows NT 4.0 is responsible for handling NTLM authentication requests. Note: Located in C:\%WINDIR%\System32\
NT login service (ntlogin32)	X	libsys32.exe	Added by the W32/Sdbot-ACK WORM!
NT login service - Unknown	X	libsysmgr.exe	Added by the W32/SDBOT-CAF WORM! (Castle Cops)
NT Online Protection	L	ONLNSVC.EXE	Related to AntiVirus_Quick Heal Virus protection. Note: located in C:\Program Files\QUICKH~1\
Nt System Kernel	X	ntsyskrnl.exe	related to WORM_AGOBOT.IK
NTBOOTMGR	X	ntuser.exe	Flagged as Backdoor.Iroffer / Backdoor.Noer
NTCHARGE	L	winlogon.exe	Related to Microsoft Internet Information Services (IIS).
NTFS Crypto Technology (NTFSCrypt)	X	ntfscrypt.exe	Added by the W32/Spybot-NC WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
NTFS File Location Service (NTFSFLS)	X	ntfsloc.exe	Added by the W32/Sdbot-CSG WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
NTFSprotect (ntfsdiscman)	X	ntfsprotect.exe	Added by the SDBOT.CCF WORM! Read the link, rootkit type stealth involved.
Ntlm_Drive_Connect (Ntlm_Drive_Connect)	X	TimerU.sys	Added by the Tuimer TROJAN!
NTLOAD	X	ntsrv.exe	Flagged as Backdoor.Iroffer / Backdoor.Noer
NTLOAD	X	winlogon.exe	Other files in the same directory identified as Win32.Iroffer.b by Kaspersky
ntmssvc	X	svchost.exe -k ntmssvc	Added by the Fuwudoor TROJAN!
NTP (Network Time Protocol)	X	winlogon.exe	Added by the Troj/Jtram-D TROJAN! Note: This trojan file is found in the System32\Client folder.
NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe)	L	tcsd_win32.exe	Related to NTRU_Cryptosystems Inc. Provider a public key cryptography system (PKCS)
NTSec(ntsec) (NTSec)	X	ntsec.exe	Identified as Trojan-Dropper.VB.22 by VBA32 Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) This should not be confused with Keylog_Ardamax A program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. Located in %Documents and Settings% \Start Menu\Programs\Ardamax Keylogger. If you did not install this program remove it.
NTSecure	O	srvany1234.exe	Unknown owner: Location C:\WINDOWS\system32\srvany1234.exe
NTSVCMGR	O	winlogon.exe	Creates a file win32.dll C:\windows\system32\ and the old one is renamed win32.dll.bkup
NTSVCMGR	X	winlogon.exe	Other files in the same directory identified as Win32.Iroffer.b by Kasperksy
NTSVCMGR	X	ntsrv.exe	Flagged as Backdoor.Iroffer / Backdoor.Noer
NTsyslog	L	ntsyslog.exe	Related to Open_Source_Technology Group. An application logging functionality.
nTune Service (nTuneService)	L	nTuneService.exe	Related to NVIDIA Access Manager. Note: Located in C:\Program Files\NVIDIA Corporation\nTune\
NuTCRACKER Kernel	L	nutkserv.exe	Related to openUTM from Fujitsu Siemens Computers
NuTCRACKER Service	L	nutsrv4.exe	Related to Rational Rose, MKS Toolkit for Enterprise Developers
NvCplScan	X	msc32.exe	Related to the W32/FORBOT-DD
NvCplScan	X	nvsc32.exe	another example, added by Forbot_ET.
Nvedavt	L	ousbehci.sys	Related to OrangeWare Corp.
nvidGUIv (nvidGUIv2)	X	NVIDGUIV.EXE	Added by the SDBOT.CTQ WORM! Read the link, rootkit type stealth involved.
NVIDIA Display Driver Service	L	nvsvc32.exe	NVidia
NVIDIA Display Service (NVIDIA Display Driver Service)	X	Nvds.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\ folder
NVIDIA Driver Helper Service	L	nvsvc32.exe	Related to NVIDIA drivers.
NVIDIA Driver Service¡¡ (NVSv )	X	svchost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\
Nvidia Graphic Displacement (nvideoGUI)	X	nvideogui.exe	Added by the SDBOT.CQD WORM! Read the link, rootkit type stealth involved.
NVIDIA PVR Schedule Monitor (nvpvrmon)	L	nvpvrmon.exe	Related to NVIDIA ForceWare driver. Note: Located in C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\
nvsec(nvsec) (NvSec)	X	nvsec.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here
nvsvc32.exe	X	wmisp.exe	Added by the Backdoor_Win32_SdBot_aad WORM! - Reported by KASPERSKY ON-LINE SCANNER
O&O CleverCache Agent (OOCleverCacheAgent)	L	ooccag.exe	Related to O&O_Software Products. Located in folder: \OO Software\CleverCache\
O&O ComponentInstaller Agent	L	oocinst.exe	Related to O&O software Protection Software
O&O Defrag	L	oodag.exe	www.oo-software.com
O&O Defrag 2000 (OOD2000)	L	OOD2000.exe	Part of O&O Defrag
O2Micro Flash Memory (O2Flash)	L	o2flash.exe	Related to O2Micro_Flash Memory Card. Note: Located in C:\WINDOWS\system32\
Odyssey Client for Fujitsu Siemens Computers (odClientService)	L	odClientService.exe	Related to Odyssey_Client for Fujitsu Siemens Computers. Note: Located in C:\Program\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\
OESH (Office Source Engine Help)	X	Program.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C: folder.
Office Server Extensions Notification Service (OWSTimer)	L	OWSTIMER.EXE	Related to Microsoft_SharePoint Note: Located in C:\Program Files\icrosoft Office\Office\ Files\
Office Source Engine (ose)	L	OSE.EXE	Microsoft Office Source Engine
OfficeScanNT Listener	L	tmlisten.exe	part of the Trend Micro Anti Virus application (WinTasks Process Library)
OfficeScanNT Personal Firewall (OfcPfwSvc)	L	OfcPfwSvc.exe	Related to Trend Micro, Inc. - http://www.trendmicro.com/
OfficeScanNT RealTime Scan	L	ntrtscan.exe	a process associated with the Trend Micro Antivirus application (WinTasks Process Library)
OlCamSrv	L	OlCamSrv.exe	Related to: Olympus_America Inc. Imaging services
OM Common Services (omsad)	L	omsad32.exe	Related to Dell Open Management system.
OmniForm Printer	L	ofps.exe	Related to Nuance_Communications Inc., (Peviously Scansoft Inc.) A leading supplier of imaging, speech and language solutions
Omniquad MyPrivacy	L	mpsvc.exe	Related to Omniquad Security's MyPrivacy Internet tracks cleaning tool.
ONC/RPC Portmapper	L	PORTMAP.EXE	Related to Bell_and_Howell
Online Backup Service	L	nts.exe	Related to Online_Backup_Service From Acpana Business Systems. Note: Located in C:\Program Files\Acpana Business Systems\Data Deposit Box\
OpcEnum	L	OpcEnum.exe	OPC_Foundation Sets Industry standards in Interoperability of Automation.
Open GL Drivers	X	openGLD.exe	Added by the SDBOT.CLW WORM! Read the link, rootkit type stealth involved.
OpenAFS Client Service (TransarcAFSDaemon)	L	afsd_service.exe	OpenAFS is a distributed filesystem product, pioneered at Carnegie Mellon University
openSSL	X	openSSL32.exe	Added by the W32/Spybot-MY WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
OpenVPN Service (OpenVPNService)	L	openvpnserv.exe	Belongs to Open VPN that seems to be a Linux VPM program that runs under Windows. File found in the C:\Program Files\OpenVPN\bin\openvpnserv.exe folder.
Oracle Forms Server [Forms60Server-OraForm] (OracleFormsServer-Forms60Server-OraForm)	L	ifsrv60.exe	Related to Oracle Corp. Forms server.
Oracle OLAP 9.0.1.0.1 (OLAPServer)	L	xsolap.exe	Related to Oracle_OLAP an option to Oracle Database 10g Enterprise Edition. Note: located in C:\oracle\ora90\bin\
Oracle OLAP Agent	L	xsaagent.exe	Related to Oracle_OLAP an option to Oracle Database 10g Enterprise Edition. Note: located in C:\oracle\ora90\bin\
Oracle Reports Server [Rep60_PDB-LAPTOP-OraDevHome]	L	rwmts60.exe	Related to Oracle products
Oracle WebDb Listener	L	wdblsnr.exe	Related to Oracle products
Oracle%ORACLE_HOME_SERVICE%ClientCache80	L	ONRSD80.EXE	Related to Oracle Networking (Net8 Server Executable)
OracleDBConsoleorcl	L	nmesrvc.exe	Related to Oracle_DB_10g Database. Note: Located in C:\...\oracle\10g\bin\ User can install in own folder.
OracleMTSRecoveryService	L	omtsreco.exe	Related to Oracle SQL database application
OracleOraDb10g_home1iSQL*Plus	L	isqlplussvc.exe	Related to Oracle_DB_10g Database. Note: Located in C:\...\oracle\10g\bin\ User can install in a folder of his choice.
OracleOraHome90Agent	L	agntsrvc.exe	Related to Oracle Intelligent Agent, used to run on a remote node in the network to make the node OEM manageable. For more information Click_Here
OracleOraHome92PagingServer	L	pagntsrv.exe	Related to Oracle products
OracleOraHome92TNSListener	L	TNSLSNR.exe	Related to Oracle products
OracleOraHomeAgent	L	dbsnmp.exe	Related to Oracle products
OracleOraHomeClientCache	L	ONRSD.EXE	Related to Oracle products
OracleOraHomeDataGatherer	L	vppdc.exe	Related to Oracle products
OracleOraHomeHTTPServer	L	Apache.exe	Related to Oracle products
OracleOraHomeManagementServer	L	OMSNTsrv.exe	Related to Oracle products
OracleOraHomePagingServer	L	pagntsrv.exe	Related to Oracle products
OracleOraHomeTNSListener	L	TNSLSNR.exe	Related to Oracle products
OracleServiceLOCALORA	L	ORACLE.EXE	Related to Oracle products
OracleServiceSECINST	L	ORACLE.EXE	Related to Oracle products
OracleWebAssistant	L	OWASTsvr.exe	Related to Oracle products
OracleXEClrAgent	L	OraClrAgnt.exe	Related to Related to Oracle products Note: Located in C:\oraclexe\app\oracle\product\10.2.0\server\bin\
Oracle_Load_Balancer_60_Client-Forms6i	L	d2lc60.exe	Related to Oracle_Load_Balancer Note: Located in C:\Oracle\version\bin\
Oracle_Load_Balancer_60_Client-Forms6ip14	L	d2lc60.exe	Related to Oracle_Load_Balancer Note: Located in C:\Oracle\version\bin\
Oracle_Load_Balancer_60_Client-Forms6ip9	L	d2lc60.exe	Related to Oracle_Load_Balancer Note: Located in C:\Oracle\version\bin\
Oracle_Load_Balancer_60_Server-Forms6i	L	d2ls60.exe	Related to Oracle_Load_Balancer Note: Located in C:\Oracle\version\bin\
Oracle_Load_Balancer_60_Server-Forms6ip14	L	d2ls60.exe	Related to Oracle_Load_Balancer Note: Located in C:\Oracle\version\bin\
Oracle_Load_Balancer_60_Server-Forms6ip9	L	d2ls60.exe	Related to Oracle_Load_Balancer Note: Located in C:\Oracle\version\bin\
ORAN	X	ORAN.SYS	Added by the TROJ_ROOTKIT.N TROJAN! Read the link, rootkit type stealth involved.
orans (orans)	X	orans.sys	Added by the Troj/Rootkit-AA TROJAN! Read the link, rootkit type stealth involved.
OrbMediaService	L	OrbMediaService.exe	Owner:Orb Networks
ORBPVR	L	OrbPVR.exe	Owner: Unkown , http://www.orb.com/
oreans32	X	oreans32.sys	W32/Bifrose-PN Read the link, allows remote access
OSCM Utility Service	L	OSCMUtilityService.exe	Related to Novatel Wireless Service from Sprint phones and connectivity cards. Note: Located in C: \Program Files\Novatel Wireless\Sprint\
OTi Card Reader Service	L	OTiReader.exe	OTI_Globals contact/contactless smart card reader. Location: Program Files\CardReader2.0 folder.
Outpost Firewall Services	L	outpost.exe	Agnitum Outpost firewall service
OvEpStatusEngine	L	OvEpStatusEngine.exe	HP OpenView Status Engine
OvMsmAccessManager	L	OvMsmAccessManager.exe	HP OpenView Access Manager
OvSecurityServer	L	OvSecurityServer.exe	HP OpenView Security Server
OwnershipProtocol	L	OProtSvc.exe	Related to PROSet Wireless Software from Intel
P correction service (msrdr2)	X	msrdr2.sys	Added by the Troj/Haxdoor-AJ TROJAN! Note: This trojan file is found in the System32 folder.
P-SYS (P-SYS Service)	X	TERMSVRS.EXE	Added by the SDBOT.DEO WORM! Read the link, rootkit type stealth involved.
Pacific Image Comm. Fax Server	L	PICPMON.EXE	Related to SuperVoice Specialists in Voice Mail and Fax systems
Packet Scheduler	L	Service.exe	Related to Packet_Scheduler from Microsoft. The packet scheduler decides the order in which packets. are sent on the output link. Note: located in C:\WINDOWS\system32\microsoft\Groups\
PACSPTISVR	L	PACSPT~1.EXE, PACSPTISVR.exe	Sony computers
PaintReport (PRSvc)	X	svchost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder.
Panasonic Trap Monitor Service	L	Trapmnnt.exe	Related to Panasocic_Trap_Monitor for printer service. Note: Located in C:\PROGRAM FILES\PANASONIC\TRAPMONITOR\
Panda AdminSecure Administration Server (AdminServer)	L	AdminServer.exe	Related to Panda Security programs.
Panda AdminSecure Communications Agent (PAVAGENTE)	L	Pagent.exe	Related to Panda Security programs.
Panda AdminSecure Distribution Server (PadFSvr)	L	PadFSvr.exe	Related to Panda Security programs.
Panda AdminSecure Scheduler (PavAtScheduler)	L	pavsched.exe	Related to Panda Security programs.
Panda anti-virus service	L	pavsrv51.exe	Panda Anti-virus Service
Panda anti-virus service (PAVSRV)	L	pavsrv50.exe	Related to Panda Security programs.
Panda Antispam Engine (pmshellsrv)	L	pskmssvc.exe	Related to Panda Platinum 2006 Internet Security.
Panda Antispam Server Service	L	PaSSrv.exe	Related to Panda Protection Software.
Panda Antivirus Report Service (PavReport)	L	PavReport.exe	Related to Panda Security programs.
Panda Firewall	L	PavFires.exe	Panda Firewall Service
Panda Firewall Service	L	PavFires.exe	Related to Panda Firewall
Panda Function Service	L	PavFnSvr.exe	RElated to Panda Antovirus software
Panda Function Service (PAVFNSVR)	L	PavFnSvr.exe	Related to Panda Security programs.
Panda Host Service (PSHost)	L	PSHOST.EXE	Related to Panda_Host_service Antivirus and Firewall. Note: Located in c:\program files\panda software\panda antivirus firewall 2007\firewall\
Panda IManager Service	L	PsImSvc.exe	Related to Panda Titanium Antivirus
Panda Network Manager (PNMSRV)	L	PNMSRV.EXE	Related to Panda Firewall.
Panda NetworkSecure Service (CPntSrv)	L	CPntSrv.exe	Related to Panda Security programs.
Panda Pavkre	L	Pavkre.exe	Related to Panda Titanium Antivirus
Panda PavProt	L	PavProt.exe	Related to Panda Titanium Antivirus
Panda Preventium+ Service	L	prevsrv.exe	Related to Panda Titanium Antivirus
Panda Process Protection Service	L	pavprsrv.exe	Related to Panda Software
Panda Software Controller	L	PSCTRLS.EXE	Related to Panda Security programs.
Panda TPSrv (TPSrv)	L	TPSrv.exe	Related to Panda Platinum 2006 Internet Security and Panda Titanium 2006 Antivirus Antispyware.
Pantech Utility Service	L	PWIUtilityService.exe	Related to Pantech_Utility_Service Note: Located in C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\
Pantech&Curitel Utility Service	L	PnCUtilityService.exe	Related to Sprint Internet Service Provider.
PatchLink Update	L	GRAVITIXSERVICE.exe	Patchlink_Update by Patchlink Corporation
PATROL for Windows Operating System Monitor (PWKNTMon)	L	pwkntmon.exe	Related BMC Software, Inc. - http://www.bmc.com/
PatrolAgent	L	PatrolAgent.exe	Related BMC Software, Inc. - http://www.bmc.com/
Patrol_Scheduler	L	Patrol_Scheduler.exe	Related BMC Software, Inc. - http://www.bmc.com/
PC Angel (PCA)	L	PCAngel.exe	Related to PC_Angel PC Angel recovery program from SoftThinks. Note: Located in C:\WINDOWS\SMINST\
PC Tools AntiVirus Engine (PCTAVSvc)	L	PCTAVSvc.exe	Part of PC Tools antivirus
PC Tools Spyware Doctor	L	sdhelp.exe	Related to PC Tools' Spyware_Doctor
PC-cillin PersonalFirewall	L	PCCPFW.exe	Related to Trend Micro Inc. Firewall
pcAnywhere Host Service	L	awhost32.exe	Part of Symantec's pcAnywhere remote PC management software.
PCHost	L	pchost.exe	Related to PCHost
PCI Adapter (PCIDown)	X	alg.exe	Troj/Maran-AF Note: Located in %windir%
pcryptv3X	X	pcryptv3.exe	Added by the W32/Tilebot-AS TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
PCS Business Connection Personal Edition Service	L	ConnectionService.exe	Related to sprint.com ISP
PDAgent	L	PDAgent.exe	Part of PerfectDisk
PDEngine	L	PDEngine.exe	Raxco PerfectDisk
PDFCreatorMessages	L	PDFCreatorMessages.exe	Related to Global_Graphics_Software Ltd. Document and Print Solutions.
PDScheduler	L	PDSched.exe	Raxco PerfectDisk
PE Sytray Manager	X	ssmc.exe	Added by the Backdoor.SdBot.avk as detected by ewido. More here
PER Antivirus (pav_service)	L	PERVAC.EXE	Antivirus software from PER Systems. http://www.perantivirus.com/antivir.htm
PER Antivirus Security Service (pav_security)	L	PAVSS.EXE	Antivirus software from PER Systems. http://www.perantivirus.com/antivir.htm
Performance Logs (Perfhmon)	X	Perfhmon.exe	Added by the W32/Codbot-W WORM!
Performance Monitor Command Line Shell (Performance Monitor)	X	perfmon.exe	Detected as IRC/BackDoor.SdBot3.BFO by AVG
Performance True Type Fonts (PerfFont)	X	perfont.exe	Identified as Trojan-Downloader.Win32.Agent.acv by ewido security suite.
Persits Software EmailAgent	L	EmailAgent.exe	Related to AspEmail from Persits Software, Inc. A free active server component that enables your ASP application to send email messages via any external SMTP server.
Personal Secure Drive Service (PersonalSecureDriveService)	L	PSDsrvc.EXE	Related to Personal_Secure_Drive_Service, http://www.infineon.com/ Service from Infineon Technologies. Note: Located in C:\Program Files\Infineon\Security Platform Software\
Pervasive.SQL 2000 (relational)	L	W3SQLMGR.EXE	Pervasive SQL Server
Pervasive.SQL 2000 (transactional)	L	NTBTRV.EXE	Pervasive SQL Server
PestPatrol Remote	L	ppRemoteService.exe	Related to PestPatrol products from Computer Associates International, Inc.
PEX	X	pex.sys	Added by the Troj/RKFu-A TROJAN! Read the link, rootkit type stealth involved.
PGPsdkService	L	PGPsdkServ.exe	PGP Software
PGPserv	L	PGPserv.exe	Related PGP Corp. http://www.pgp.com/
PHAROS Distribution Agent (PSDistributionAgent)	L	DistAgnt.exe	Related to Pharos_Science_ & Applications, Inc. Pharos develops advanced GPS navigation and mobile location-based services. Note: located in C:\PROGRAM FILE\PHAROS\bin\
Pharos Systems ComTaskMaster	L	CTskMstr.exe	Related to Pharos_Systems print asset management. Note: Located in C:\PROGRAM FILES\Pharos\bin\
Phoenix VCD Service (PhnxVCDService)	L	PhnxCDSvr.exe	Related to Phoenix_Technologies
Photoshop Elements Device Connect	L	PhotoshopElementsDeviceConnect.exe	Related to Adobe photoshop.
PI Message Subsystem (pimsgss)	L	pimsgss.exe	Related to OSI_Software Real-time Performance Management (RtPM) Platform. Note: located in C:\Program Files\PIPC\BIN\
PI Network Manager (pinetmgr)	L	pinetmgr.exe	Related to OSI_Software Real-time Performance Management (RtPM) Platform. Note: located in C:\Program Files\PIPC\BIN\
PI-Buffer Server (bufserv)	L	bufserv.exe	Related to OSI_Software Real-time Performance Management (RtPM) Platform. Note: located in C:\Program Files\PIPC\BIN\
PictureTaker	L	PCTKRNT.SYS	LANovation's PictureTaker Enterprise Edition 3.1 lets administrators create software update packages and deploy them to network PCs through a third-party network management suite
Pigeon (PigeonServer)	X	GServer2.exe	Added by the Troj/GrayBrd-AK TROJAN! Note: This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.
Pigeon_Server (PigeonServer)	X	Server.exe	Added by the Backdoor.Graybird.R TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Pinnacle Systems Media Service (PinnacleSys.MediaServer)	L	pmshost.exe	Related to Pinnacle_Systems Inc.
Pinnacle Systems tvtv Spooler (EpgSpooler)	L	epgspo~2.exe	Related to Pinnacle Studio Plus.
PIPC Log Server (pilogsrv)	L	pilogsrv.exe	Related to OSI_Software Real-time Performance Management (RtPM) Platform. Note: located in C:\Program Files\PIPC\BIN\
Pixar Alfred Server 11.5.3	L	alfserver.exe	Related to Pixar_Alfred_Server Server includes all the tools required for rendering images for film and video productions. Note: Located in C:\Program Files\Pixar\RenderManProServer-11.5.3\bin\
PixelModule (pxlmdl)	X	nvidcgui.exe	Added by the W32/Tilebot-GS WORM! Read the link, rootkit type stealth involved.
PLFlash DeviceIoControl Service	L	IoctlSvc.exe	Related to PLFlash_DeviceIoControl Service from Prolific Technology Inc. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
PLSRemote Service (PLSRemoteSvc)	O	PLSRemote.exe	RISKWARE! or potentially unwanted application. This application may have been installed by your system administrator for providing support for your machine. However this application has been used by several trojan authors and included in other trojans for malicious purposes. For more information CLICK_HERE
Plug and Play	L	services.exe	Spanish Windows 2000 Plug and Play
Plug and Play Device Host (Universal Plug and Play)	X	WeRecl.exe	Added by Worm_Ircbot_Gen WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Plug and Play Device Manager ($sys$DRMServer)	X	$sys$DRMServer.exe	This is the Sony-BMG ROOTKIT! Do not try to manually remove this! For more information check Mark Russinovich's Blog_Here or Google Sony Rootkit.
plugin	X	PLUGIN.EXE	Added by the SDBOT.BUH WORM! Read the link, rootkit type stealth involved.
PMJ151 AutoLaunch Service (PMJ151LA)	L	PMJ151LA.BIN	Related to Panasonic_DVC_Web_Camera Note: Located in C:\%WINDIR%\
pml	L
pml	L
Pml Driver	L	HPHipm09.exe	Related to HP printers
Pml Driver HPH11	L	HPHipm11.exe	HP PML Driver for HP.s Photosmart printers.
Pml Driver HPZ12	L	HPZipm12.exe	Related to HP printers.
pmldriver hpz12	L
PMounter	L	PMounter.exe	Partition Mounter task installed with the Paragon Hard Disk Manager software. (answers that work)
PMSveH	L	PMSveH.exe	Related to Lenovo part or IBM ThinkVantage, Note: Located in C:\WINDOWS\system32\
PnkBstrA	L	PnkBstrA.exe	Related to PunkBuster from Even Balance, Inc. Service that look for cheats while users are playing on PunkBuster enabled servers. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
PnkBstrB	L	PnkBstrB.exe	Related to PunkBuster from Even Balance, Inc. Service that look for cheats while users are playing on PunkBuster enabled servers. Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
pnpext	X	wmc.exe	Added by the Troj/LeechPie-D TROJAN! Note: The file wmc.exe is a legitimate remote administration tool, but in this case is being used by the trojan.
Policy Agent	X	svchost.exe -k Policy Agent	Added by the Fuwudoor TROJAN!
Pop-Up Stopper Anti-Spyware Service (PWISVC)	L	PWISVC.EXE	Related to Pop-Up_Stopper_Anti-Spyware from Panicware. Note: Located in C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\
Portrait Displays Display Tune Service (DTSRVC)	L	dtsrvc.exe	Related to MagicTune by SAMSUNG.
PostgreSQL Database Server 8.0 (pgsql-8.0)	L	pg_ctl.exe	Related to PostgreSQL open source database.
Power Adapter (ADIDown)	X	svchost.exe	Troj/Maran-AB Read the link, steals information
Power Manager (PowerManager)	X	svchost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
PowerAlert UPS Engine	L	paserver.exe	Related to IBM Power Management utililty.
PowerPanel Personal Edition Service (ppped)	L	ppped.exe	Related to CyberPower dependable line of uninterruptible power supplies. Note: Located in C:\Program Files\CyberPower PowerPanel Personal Edition\
PowerUtility TV Recording Reservation (PUSCSRVC)	L	PUSCSRVCBas.exe	Related to FUJITSU LIMITED
PPPoE Service	L	pppoeservice.exe	Related to the Internet Provider High Speed Services (ISP)
prairieFyre Application Updater Service	L	UpdaterService.exe	Related to Application_ Updater Service from prairieFyre Software Inc, Note: Located in C:\Program Files\prairieFyre Software Inc\6100CCS\6110\Application Updater Service\
PreEmpt (qfcoresvc)	L	loadsvc.exe	Related to preEmpt Active System Hardening. Made by PivX Solutions, Inc. This file should be found in the Program Files\PivX\PreEmpt folder.
Prevx Agent (PREVXAgent)	L	PXAgent.exe	Related to Prevx Ltd. Antivirus and software protection.
Prime95 Service	L	PRIME95.EXE	Help Universities to find Prime_Numbers The user should decide it's participation.
Print Client Share (PrntCSh)	X	psmcsh.exe	Listed as w32 IRC-Bot gen by PrevX here
Print Spool Handler (Print Spooler)	X	spooler.exe	Added by the W32/Codbot-X WORM! Note: This worm file is found in the System32 folder.
Print Spooler (Spooler)	L	spoolsv.exe	Used for Fax and Printing. Unknown owner :Location: C:\WINDOWS\system32\spoolsv.exe
Print Spooler Manager (prntspman)	X	spoolsvr.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Print Spooler Service (SpoolSvc201)	X	sklrr7yvxzac.exe	Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Also found in C:\WINDOWS\TEMP\ folder. The filename is random. The service name is known to be from SpoolSvc201 to SpoolSvc2xx
Print Spooler Service (SpoolSvc203)	X	cjnr4r4ngyrk.exe	Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Also found in C:\WINDOWS\TEMP\ folder. The filename is random. The service name is known to be from SpoolSvc201 to SpoolSvc2xx
Print Spooler Service (SpoolSvc204)	X	nlkfev7exne.exe	Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Also found in C:\WINDOWS\TEMP\ folder. The filename is random. The service name is known to be from SpoolSvc201 to SpoolSvc2xx
Print Spooler Service (SpoolSvc205)	X	mlsdf8h8183934.exe	Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Also found in C:\WINDOWS\TEMP\ folder. The filename is random. The service name is known to be from SpoolSvc201 to SpoolSvc2xx
Print Spooler Service (SpoolSvc206)	X	mlsdf8hiloswaejo.exe	Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Also found in C:\WINDOWS\TEMP\ folder. The filename is random. The service name is known to be from SpoolSvc201 to SpoolSvc2xx
Print Spooler Service (SpoolSvc207)	X	sklrr7y7497903.exe	Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Also found in C:\WINDOWS\TEMP\ folder. The filename is random. The service name is known to be from SpoolSvc201 to SpoolSvc2xx
Print Spooler Service (uuiy84eiye0iuo)	X	rsbmsc.exe	Listed as Win32.Malware.gen by Prevx here
Printer Spooler (printspool)	X	spooler32.exe	Added by the W32/Sharp-L WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
PrismXL	L	PRISMXL.SYS	Lanovation Prism Deploy package http://www.lanovation.com/
PrismXL	L	PRISMXL.SYS	The PrismXL service lets the Client deploy Tasks on a target computer regardless of the current user.s permissions.
PrivacyView Service (PVService)	L	PVService.exe	Related to Privacy_View software, encrypts files, folders and Internet files. File is normally located in the Program Files\File System Information\SystemFolder folder.
Private Folder Service (prfldsvc)	L	PrfldSvc.exe	Private Folder 1.0 was released by Microsoft on the 6th July but Microsoft officially withdrew its support of Private Folder and removed it from their website 10 days later due to negative feedback. More The program can still be downloade from third party sites. Note: Located in C:\Program Files\Microsoft Private Folder 1.0\
Privilege Win32 Server	L	PLServ.exe	Related to Aladdin Knowledge Systems. Located in the Windows or Winnt\System32 folder.
Procedure Distribution Service	X	prsvr.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Process Activity Monitor (paamsrv)	L	paamsrv.exe	Activity Monitor belonging to the Privacy Expert Suite Software from Acronis.
Process Manager	L	process_manager_nt.exe	Software application for mining and related extractive industries and produces two ranges of products under the Datamine and Earthworks labels. Note: Located in C:\Program Files\Common Files\Earthworks
Process Task Manager	X	svhost.exe	Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K)
ProcessEnumerator32 (pe32)	X	fi49.exe	Added by the W32/Sdbot-ACN WORM! Read the link, rootkit type stealth involved.
ProductivIT Service	L	TEKS_Service.exe	Related to DynTeck Inc.
Proficy HMI/SCADA iFIX server (FIX)	L	fixsrv.exe	Related to Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\Program Files\GE Fanuc\Proficy iFIX\
Proficy Licensing (CCFLIC0)	L	CCFLIC0.exe	Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\
Programador de tareas	L	MSTask.exe	Spanish Windows 2000 task scheduler
ProgramCheckerPro (sassvc)	L	sassvc.exe	Related to ProgramChecker Tool to analyze, validate, authenticate and research the programs that run on their PCs.
Prolific HotFix Q0306270	L	HotFixQ0306270.exe	HotFix Q0306270 Prolific Technology Inc. USB Flash Disk
Promise Array Message Server (RAIDmSvr)	L	MsgSvr.exe	Related Promise Technology, Inc. RAID Message Server
Promise FastTrak Log Service (FastTrakSvc)	L	FtrakSvc.exe	Reported as a RAID driver program by Promise_Technology_Inc
Promise RAID message agent (RAIDmAgt)	L	MsgAgt.exe	Promise RAID Message Agent for Promise RAID Disk Controllers
Protected Exchange (MainService)	X	loadsvc.exe	Added by the Troj/Urbin-C TROJAN!
ProtectedStorage	X	svchost.exe -k ProtectedStorage	Added by the Fuwudoor TROJAN!
ProtectionService	L	ProtectionService.exe	Related to EarthLink's protection centre
Protector Plus Anti-virus Monitor Service	L	PPAVMon.exe	Related to Proland Software. - http://www.pspl.com/
Protector Plus Service	L	PPServ.exe	Related to Proland Software. - http://www.pspl.com/
Protector Suite Virtual Token	L	vtserver.exe	Related to UPEK biometric protector suite
ProtexisLicensing	L	PSIService.exe	Added by the Protexis Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Protocol_Catalog9	X	rsvp32_2.dll	Win32/Zhelatin.worm.96845
Proveedor de asistencia de seguridad LM de Windows NT	L	lsass.exe	Spanish Windows 2000 NT LM security support provider
Provides three management service (FreeBSD)	L	dev32.exe	FreeBSD is an advanced operating system for x86 compatible. It is derived from BSD, the version of UNIXÂ® developed at the University of California, Berkeley. - http://www.freebsd.org/
ProxyServer Service (ProxyServerService)	L	rtpxsr.exe	Related to IBM Rational Software Development Platform
PRTG 4 Service - Paessler Router Traffic Grapher (PRTG4Service)	L	prtg4.exe	Related to Paessler Router Traffic Grapher - http://www.paessler.com/
PTBSync	L	PTBSync.exe	Program features a atom time adjusted clock, shows day and date in the taskbar and has a calendar function Note: Located in C:\Program Files\PTBSync
ptssvc - KODAK	L	ptssvc.exe	installed alongside the drivers for Kodak's range of digital cameras
Pure Networks Net2Go Service (nmraapache)	L	nmraapache.exe	Related to Pure_Networks_Net2Go Service from Pure Networks, Inc. Note: Located in C:\Program Files\Pure Networks\Network Magic\WebServer\bin\
Pure Networks Network Magic Service (nmservice)	L	nmsrvc.exe	Related to Network_Magic home network managing program. Made by Pure Networks, Inc.
Pure Networks Router Manager (pnrouter)	L	pnroutsv.exe	Related to Network_Magic home network managing program. Made by Pure Networks, Inc.
PurgeIE XP Service (PurgeIEservice)	L	PurgeIE_Service.exe	Related to Assistance_&_Resources for Computing, Inc. PurgeFox is a utility program specifically designed for users of the popular FireFox browser for removing the surfing tracks retained by FireFox.
PurgPro XP Service	L	PurgPro_Service.exe	PurgeIE service
Qbik WinGate Engine	L	WinGate.exe	WinGate is a proxy/firewall solution
QBPOS Database Extended Manager (QBPOSDBExtServices)	L	QBPOSDBServiceEx.exe	Related to QBPOS_Database_Extended_Manager Installed with Intuit QuickBooks Point Of Sale software. Note: Located in C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\DatabaseServer\
QBPOS Database Manager (QBPOSDBServices)	L	QBPOSDBService.exe	Related to QuickBook_Point_Of_Sale from Intuit. Note: Located in C: Program Files\Common Files\
QBReminderFlash	L	QBReminder.exe	Related to Intuit_QuickBooks application.
QCONSVC	L	QCONSVC.exe	" IBM Access Connection Manager. Runs as a service. If you don't use the program, change the service to manual, or disable if you desire. You can also uninstall the program completely."
QCU	?	QCU.exe	Unidentified malware. Resides in a temp folder
QoS RSVP accdes service (Qor)	X	ftplanServer.exe	Added by the Troj/Feutel-U TROJAN!
QoS Service (BRGNS)	X	smtpconfs.dll	Troj/QQHelp-DY
qq	X	qq.exe	Troj/Hupigon-CI Note: Located in %windir% Read the link, allows remote access
qtask (qtask.exe)	X	qtask.exe	Added by the SDBOT.CQX WORM! Read the link, rootkit type stealth involved.
Quick Heal Firewall Service (QuickHealFirewall)	L	qhfw.exe	Related to Quick_Heal_Firewall Firewall Service. Note: Located in %\Program Files%\Cat Computer\\Quick Heal Firewall Pro\
Quick Heal Helper Service WSC (qhwscsvc)	L	qhwscsvc.exe	Quick_Heal Next Generation anti-virus protection for your PC.
Quick Heal Helper Service WSC (ScanWscS)	L	scanwscs.exe	Related to AntiVirus_Quick Heal Virus protection. Note: located in C:\Program Files\QUICKH~1\
Quick Heal Mail Protection	L	EMLPROXY.EXE	Related to AntiVirus_Quick_Heal Email Protection. Note: Located in %\Program Files%\Cat Computer\Quick Heal\
Quick Heal Online Protection	L	QHONSVC.EXE	Quick_Heal Next Generation anti-virus protection for your PC.
QuickBooks Database Manager Service (QBCFMonitorService)	L	QBCFMonitorService.exe	Part of Intuit QuickBooks software
QuickBooks Online Backup Launcher (QuickBooks Online BackupLauncher)	L	OLlaunch.exe	Related to Intuit Inc. QuickBook - http://www.intuit.com/
QuickBooks Online Backup RegCap (OLRegCap)	L	OLRegCap.EXE	Related to Intuit Inc. QuickBook - http://www.intuit.com/
QuickBooksDB	L	QBDBMgrN.exe	Related to QuickBooks_Database from Intuit, Inc. Note: Located in C:\Program Files\Intuit\QUICKB~1\
Qwik-Fix (qfcoresvc)	L	qfloadsvc.exe	Related to preEmpt Active System Hardening. Made by PivX Solutions, Inc. This file should be found in the Program Files\PivX\PreEmpt folder.
R2d2 Kernel Authority	L	KAuthS.exe	Related to R2D2 Software, a Windows service that manages desktops and programs. Without it, no desktops, no virtual screen, no remote access, no user impersonation, ... If you stop this service, all desktops (except the default one) are destroyed. Virtual Desktop Toolbox is no more than a client application of R2d2 Kernel Authority
RA Server	X	Slave.exe	Backdoor.RA virus http://www.avp.ch/avpve/trojan/backdoor/ra.stm Better alternatives are PC Anywhere or VNC
RA Server (Slave)	L	Slave.exe	Related to RA_Server from TWD Industries. allows remote desktop administration over a TCP/IP network. Note: Located in C:\%WINDIR%\
Rabo Comm Server	L	RaboCommSrv.exe	Related to the Rabobank, telebanking (Netherlands)
Radan Licence Server	L	radlicence2.exe	Radan Sheet Metal CADCAM Software
RadClock	L	RadClock.exe	ATI/Radeon Video Card Setting Tweaking Utility
Radialpoint Service	L	fws.exe	Related to RadialPoint
RadioSvr	L	RadioSvr.exe	HP support for managing wireless devices
raid (raid)	X	raid.sys	Added by the Troj/NtRootK-O TROJAN! Read the link, rootkit type stealth involved.
RapApp	L	rapapp.exe	Black Ice Firewall related
RasAt (Remote Connection)	X	svchost.exe	Added by the Troj/Singu-AF TROJAN!
Rational ClearQuest Mail Service	L	mailservice.exe	Related to IBM_Rational_ClearQuest
Rational Cred Manager (cccredmgr)	L	cccredmgr.exe	Related to IBM_Rational_ClearCase
Rational Lock Manager (LockMgr)	L	lockmgr.exe	Related to IBM_Rational_ClearCase
Rational Test Agent Service	L	rtpsvc.exe	Related to IBM_Rational_Software Development Platform
RaySat_3dsmax8 Server (mi-raysat_3dsmax8)	L	raysat_3dsmax8server.exe	Related to Autodesk® _3ds_Max
RdnaoFlSvc	L	naofsvc.exe	Related to Naomi an advanced internet filtering program.
rdriv (rdriv)	X	rdriv.sys	Added by the Troj/Rootkit-W TROJAN! Read the link, rootkit type stealth involved.
Realplus (Realplus)	X	sserver.exe	Added by the Troj/Paltus-A TROJAN! Note: This trojan file is found in the System32 folder.
Reflection Line Printer Daemon	L	lpdserv.exe	Related to http://www.wrq.com/
Reflection Servers	L	rninetd.exe	Related to http://www.wrq.com/
Reflection TimeSync	L	rtsserv.exe	Related to WRQ, Inc. http://www.wrq.com/products/reflection/
regdefend	L	regdefend.sys	See Ghostsecurity Location: C:\Program Files\RegDefend\regdefend.sys
Regedits Helpers (Windows Regedits Help)	X	iesetup.exe	Troj/Hupigon-KX Note: Located in %windir%\help
Regedits Helps (Windows Regedit Helps)	X	iesetup.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\iis] (Win9x/Me), C:\%WINDIR%\System32\iis\ (XP/WinNT/2K) More here
Register DLL Driver	X	regdll.exe	Added by the W32/Sdbot-CXB WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Registration Host (reghost)	X	reghost.exe	Added by the W32/Rbot-GKS WORM! Note: This worm is located in C:\Program Files\Common Files\System\
Registro de sucesos	L	services.exe	Spanish Windows 2000 event logger
Registros y alertas de rendimiento	L	smlogsvc.exe	Spanish Windows 2000 performance logs and alerts
Registry Editor (Regedit)	X	regedit.exe	Added by the W32/Codbot-U TROJAN! Note: This is not the regedit application that comes with Windows. (Which is located in the Windows folder) This trojan file is located in the System or System32 folder.
Registry Management Service (RegManServ)	L	RegManServ.exe	Related to Complete_PC_Care from WinCleaner. Note: Located in C:\Program Files\Advanced Registry Doctor\
Registry Manager Service (MS Registry Service)	X	MSRMS32.exe	Added by the W32/Rbot-AKP WORM!
RegService	L	RegService.exe	Related to Intel Corp. http://www.intel.com/network/connectivity/trans/xircom.htm
RegSrvc	L	RegSrvc.exe	Intel PROset
regstrmon	X	regstrmon.exe	AddeD by the WORM_RBOT.ADA WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
remon (remon)	X	remon.sys	Added by the Troj/RKFu-A TROJAN! Read the link, rootkit type stealth involved.
Remote Acces (WindowsDown)	X	servet.exe	Troj/Dloadr-AYT
Remote Access Controller 4 (RAC) (racsvc)	L	racsvc.exe	Related to Dell Open Manage NT Utilities program that allows remote access and control of a computer. This is a common program for hackers to install on a computer, so if it is installed, and you did not install it, it should be removed.
Remote Administrator Service	L	r_server.exe	part of a remote administrator application that allows a user to work on one or more remote computers.. Famatech
Remote Administrator Service (r_server)	X	systemram.exe	Added by the Troj/Radnag-B Trojan!
Remote Administrator Service (r_server)	X	r_server.exe	Added by the Troj/Remadm-J TROJAN! Note: This trojan file is found in Program Files\real\RealOne Player\lang folder.
Remote Desktop Help Session Manager (RDSessMgr)	L	sessmgr.exe	This service manages and controls Remote Assistance
Remote HID Service	O	lvhidsvc.exe	Remote access service by Philips Inc. Legitimate, but remote access could be considered dangerous unless monitored carefully.
Remote management (Novell WUser Agent)	L	wuser32.exe	Related to Novel, Inc.
Remote Map Manager	X	lssc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Remote Media Player	X	lsscs.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Remote Packet Capture Protocol v.0 (experimental)	L	rpcapd.exe	Related to Winpcap (Windows Packet Capture Library)
Remote Print Spooler (RPSGV)	X	gcsvc.exe	Added by a variant of the Win32.SdBot.aad a TROJAN! identified by F-Secure. Note: This trojan is located in C:\%WINDIR%\
Remote Procadure Call (RPC) (RpeSs)	X	svchost.exe	Troj/Hupigo-UN Read the link, steals information Note: Located in %windir%
Remote Procedure Call (RPC) Client (RpcClient)	X	rpcclient.exe	Added by the W32/Codbot-L WORM!
Remote Procedure Call (RPC) Helper	X	random	CoolWebSearch malware
Remote Procedure Call (RPC) Locator (Locator)	X	rpclocator.exe	Added by the W32/Codbot-Q WORM!
Remote Procedure Call (RPC) Monitoring (Rpcmon)	X	Rpcmon.exe	Added by the W32/Codbot-T WORM!
Remote Procedure Call (RPC) Net (Rpcnet)	L	Rpcnet.exe	Related to Laptop_Retriever
Remote Procedure Call (RPC) Relocator (RpcRelocator)	X	relocater.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
Remote Procedure Call (RPC) Remote (RpcRemotes)	X	remote.exe	Added by the W32/Mytob-EW WORM! or Troj/Agent-FB TROJAN! Note: This worm\trojan file is found in the System32 folder.
Remote Procedure Call (RPC) Service (RpcSssvc)	X	RpcSs.exe	Added by the W32/Cuebot-J WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: The file RpcSs.exe is also a good Microsoft file. Before deleting check the propriatiry of the file.
Remote Procedure Call (RPC) Subsystem (RPCS)	X	rpcss.exe	W32/Tilebot-JF Read the link, allows remote access
Remote Procedure Call System(RPCS) (RpcS)	X	Rpcs.exe	Added by the Troj/QQRob-ABS TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K)
Remote Procedure Call System(RPCS) (RpcSe)	X	Rpcse.exe	Added by the Troj/Mdrop-BMK TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Remote Procedure Call System(RPCSss) (RpcSss)	X	RpcSss.exe	Added by the Troj/QQRob-ACI TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Remote Procedure Call System(RPCSU) (RpcSu)	X	Rpcsu.exe	Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K)
Remote Procedure Call System(RPCSx) (RpcSx)	X	Rpcsx.exe	Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K)
Remote Reader Machine	X	ssmc.exe	Added by the Backdoor.SdBot.avk as detected by ewido. More here
Remote Record Service (RemoteRecord)	L	remoterecordclient.exe	Related to MSN_TV Note: Located in c:\program files\microsoft corporation\msn remote record service\
Remote Services Manager (RSMSS)	X	(Trojan file name)	Added by the Troj/Bckdr-BBK TROJAN!
Remote Solver for COSMOSFloWorks 2006	L	StandAloneSlv.exe	Related to COSMOS_FloWorks From COSMOS. CAD program. Note: Located in C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\
Remote Storage (Rmtstrg)	X	taskmgr.exe	Added by the Troj/Spy-UN TOJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\drivers\ (XP/WinNT/2K) Read the link, monitors websites visited and report them to a remote site
Remote Storage (RS) (Rmtstrg2)	X	taskmgr.exe	Added by a varian the Troj/Spy-UN TOJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\drivers\ (XP/WinNT/2K) Read the link, monitors websites visited and report them to a remote site
Remote Task Manager service (RTM)	L	RTMService.exe	Related to Remote_Task_Manager remote control suite. Note: Located in C:\Program Files\Remote Task Manager\
Remote TCP Services	X	vcmon.exe	Added by the W32/Tilebot-HX WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) disabling the automatic startup of other software.
Remote Terminal (RemoteTerminal)	X	mscp.exe	Added by the Backdoor.Win32.SdBot.aad TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Remote Transfer Manager	X	svshost.exe	W32/Rbot-GQR Read the link, allows remote access
Remote Windows Services	X	vcmon.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Remotely Possible/32 (RP32Service)	L	rp32serv.exe	Related to Avalan now owned by Computer Associates International, Inc. http://ca.com/products/
RemotelyAnywhere	L	RemotelyAnywhere.exe	Related to RemotelyAnywhere Made by 3am Labs Inc. This file should be found in the Program Files\RemotelyAnywhere folder.
RemotelyAnywhere Maintenance Service (RAMaint)	L	RaMaint.exe	Related to RemotelyAnywhere Made by 3am Labs Inc. This file should be found in the Program Files\RemotelyAnywhere folder.
RemoteRegBck	X	regsvc.exe	Added by Backdoor.Win32.SdBot.aad as identified by Kaspersky. TROJAN! Note: located in C:\WINDOWS\. Not to be confused with the Original Microsoft file in C:\WINDOWS\system32\
Removale Sorage (RemovaleSorage)	X	G_Server.exe	Added by the Troj/Feutel-AT TROJAN! Note: This trojan file is found in the System32 folder.
Required Service Drivers	X	micront.exe	Added by the W32/Rbot-ABD WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) terminate threads and processes read the information
Reset 5	O	srvany.exe	Unknown owner: Location C:\Windows\System32\srvany.exe In this case srvany.exe is loading resetservice.exe as a service. May be found in the company of O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll Windows XP Product Activation Bypass So as to avoid the registration process on boot-up. Typically used on a pirated Operating System.
Resource Manager Mail (ResourceManagerMail)	L	MailService.exe	Related to Citrix Systems, Inc.
restore (restore)	X	restore.exe	Added by the SDBOT.CFD WORM! Read the link, rootkit type stealth involved.
Retrospect Helper	L	rthlpsvc.exe	Related to Dantz Development Corporation
Retrospect Launcher	L	retrorun.exe	Related to Dantz Development Corporation
Retrospect WD Service	L	wdsvc.exe	Related to Dantz Development Corporation
Reuters XMS Sync (RXMSSync)	L	rxmssync.exe	Related to Reuters_XMS_Sync routers. Note: Located in http://www.routers.com/
RevUDFService	L	RevUDF.exe	Related to Iomega_Corp provider of a number of backup data solutions
Rio MSC Manager	L	RioMSC.exe	Related to Digital Networks North America.
Rll enhanced drive (mfm)	X	msrll.exe	Added by the Troj/Jtram-E TROJAN! Note: This trojan file is found in the System32\mfm folder.
RoamMgr	L	RoamMgr.exe	Intel PROset
Rockwell Application Services (RsvcHost)	L	RsvcHost.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
Rockwell Directory Multiplexer (RNADirMultiplexor)	L	RNADirMultiplexor.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
Rockwell Directory Server (RNADirectory)	L	RnaDirServer.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
Rockwell Event Multiplexer (EventClientMultiplexer)	L	EventClientMultiplexer.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
Rockwell HMI Activity Logger	L	RsActivityLogServ.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
Rockwell HMI Diagnostics	L	HMIDIAGNOSTICSLSTADAPT.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
Rockwell Tag Server	L	TagSrv.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
rofl (rofl)	X	rofl.sys	Added by the Troj/RKPort-Fam TROJAN! This is a rootkit!
Roger Wilco Base Station	L	rwbs.exe	Related to IGN_Entertainment Inc. Required to operate the Wilco Base Station.
RollbackClientService	L	RollbackClnt.exe	Horizon DataSys Rollback Rx
Roxio Hard Drive Watcher	L	RoxWatch.exe	Related to Roxio_Inc
Roxio Hard Drive Watcher 9 (RoxWatch9)	L	RoxWatch9.exe	Related to Roxio_Inc
Roxio UPnP Renderer 9	L	RoxioUPnPRenderer9.exe	Related to Roxio_Inc
Roxio Upnp Server 9	L	RoxioUpnpService9.exe	Related to Roxio_Inc
RoxMediaDB	L	RoxMediaDB.exe	Related to Roxio_Inc
RoxMediaDB9	L	RoxMediaDB9.exe	Related to Roxio_Inc
RoxUpnpRenderer	L	RoxUpnpRenderer.exe	Related to Roxio_Inc
RoxUpnpServer	L	RoxUpnpServer.exe	Related to Roxio_Inc
RPC Debug Control (RPCDB)	X	csts.exe	Added by the Backdoor.Win32.SdBot.aad as identified by Kaspersky TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
RPC+ Service Provider (RPCSS+)	X	rpcss_pl.exe	Trojan. - http://www.what-process.com/process-info.aspx?p=rpcss_pl.exe
RpcRemotes	X	remote.exe	Added by the W32/Fanbot-J WORM! Note: This worm file is found in the System32 folder. Be sure to check the link on this one. Copies it's self to various folders and file names.
RSLinx	L	RSLINX.EXE	Related to Rockwell_Automation Inc. FactoryTalk suite
RSLinx Enterprise (RSLinxNG)	L	RSLinxNG.exe	Related to Rockwell_Automation Inc. FactoryTalk suite
Rtkit	X	Rtkit.exe	Added by the Backdoor.Rtkit TROJAN! Read the link, rootkit type stealth involved.
rudll	X	rudll.exe	Troj/Hupigon-CF Note: Located in %windir% Read the link, allows remote access
Run RunOnce	L	ShipUPS.EXE, RunOnce.exe	Related to UPS WorldShip shipping software
rundll.exe	X	msn93.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
rundll.exe	X	msngrsm.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
rundll.exe	X	rundll.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
rundll32 (rundll32)	X	rundll32.exe	Added by the Troj/Feutel-Q TROJAN!
rundll32.exe	X	lsass.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\
Runtime	X	runtime.sys	Troj/Agent-ECZ Note: Located in %windir%\system32
Rupsd	L	Rupsd.exe	Related to Mega_System Technologies Inc.
Rupsmon	L	RupsMon.exe	Related to Mega System Technologies, Inc.
RVS CommCenter (RvsCC)	L	RVSCC.EXE	Legit Fax/Digital Answering Machine/Telephony service. Owner Unknown . Located in C:\Program Files\Teledat\WCOM\SYSTEM\
RVS Installer (RVSINST)	L	RVSINST.EXE	Legit Fax/Digital Answering Machine/Telephony service. Owner: RVS Datentechnik GmbH, München. Located in: C:\Program Files\Teledat\WCOM\SYSTEM\
Rwx (Rwx2005)	X	svhosts.exe	Added by the Troj/Subzero-B Trojan!
r_server	X	service.exe	Added by the Troj/Remadm-G TROJAN! Note: This is not the legitimate Windows process services.exe (Notice the difference in the spelling.) This trojan file (service.exe) is also found in the System32 folder.
SafeGuard Easy Client (SgeClient)	L	SgeClient.exe	Related to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\Program Files\Utimaco\SafeGuard Easy\
SafeGuard Easy Workstation Server (WksCfgSrv)	L	WksCfgSrv.exe	Related to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\Program Files\Utimaco\SafeGuard Easy\
SafeGuard SGLOG Player (SgLogPlayer)	L	SgLogPlayer.exe	Related to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\WINDOWS\system32\
SafeNet IKE Service (IREIKE)	L	IreIKE.exe	Related to Microsoft Virtual Private Network Client.
SafeNet Monitor Service (IPSECMON)	L	IPSecMon.exe	Related to Microsoft Corp. Feature of the Layer Two Tunneling Protocol (L2TP).
Samsung Update Plus	L	SLUBackgroundService.exe	Related to Samsung_AV_Station instant Playback of music photos, videos.
SAMSvc (Security Account Manager)	X	SAMSvc.exe	Added by the W32/Tilebot-DL, WORM!
Sandboxie Service (SandboxU)	L	SandboxieServer.exe	Related to SandBoxie Sand box application. Data may flow from the hard disk into the sandbox. But data never flows back from the sandbox into the hard disk. Note: Located in C:\Program Files\Sandboxie\
Sandra Data Service	L	RpcDataSrv.exe	SiSoftware Sandra Lite 2005
Sandra Service	L	RpcSandraSrv.exe	SiSoftware Sandra Lite 2005
Sansa Updater Service (SansaService)	L	SansaSvr.exe	Related to Sansa_Updater Service from Sandisk. Note: Located in C:\Program Files\SanDisk\Sansa Updater\
SAVRoam	L	SavRoam.exe	Related to Norton/Symantec AntiVirus
SAVScan	L	SAVScan.exe	Related to Norton/Symantec AntiVirus.
sbchosy.bat	X	sbchosy.bat	Added by the Troj/GrayBir-AA TROJAN! Note: This trojan file is found in the Windows\Program Files or Winnt\Program Files folder.
SBHookSvc	L	SBHookSvc.exe	Related to Motive_Communications Broadband service. Note: Located in C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\
SCA (Service Control Application)	X	SYSTEM.EXE	Unknown virus
scheduler (schedul3.exe)	X	schedul3.exe	Added by the W32/Rbot-AVX TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
Scheduling Agent (Mstinit)	X	mstinit.exe	Added by the W32/Tilebot-IO WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
schscnt	L	schscnt.exe	Related to Command AntiVirus for Windows Component, made by Command Software Systems, Inc. Which merged with Authentium in 2002.
SCNDmem (winlow)	X	winlow.sys	Added by the Troj/Haxdoor-AF TROJAN!
ScriptBlocking Service (SBService)	L	SBServ.exe	Related to Norton/Symantec AntiVirus.
ScsiAccess	L	ScsiAccess.EXE	Alcohol Software's CD/DVD writing application
SCSMS32 (SCSMS)	X	scmsm32.exe	Added by the SDBOT.CCN or SDBOT.CEZ WORM! Read the link, rootkit type stealth involved.
SCWatch 4.0	L	scwatch4.exe	Related to White Canyon - protect against identity theft software. - http://www.whitecanyon.com/index.php
SDJB Manager	L	sdjbmgr.exe	Panasonic\SD-JukeboxV3
sdk	X	lsass.exe	W32/Sdbot-DEF Read the link, allows remote access
sdktemp	X	Microsoft.exe	Added by the SDBOT.CGM WORM! Read the link, rootkit type stealth involved.
sdktemp (sdktemp)	X	SDKTEMP.EXE	Added by the W32/Tilebot-A WORM! Read the link, rootkit type stealth involved.
sdktemp (sdktemp)	X	axdcfasb.exe	Added by the W32/Sdbot-AGI WORM! Read the link, rootkit type stealth involved.
SDPAUMS server service	L	sdpasvc.exe	Matsushita Electric Industrial Co.,Ltd.
SDService	L	SDService.exe	Related to Spyware_Detector from Max Secure. Note: Located in C:\Program Files\SpywareDetector\
Seagate Communication	X	seagatecom.exe	Added by the W32/Spybot-NF WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Seagate Page Server (pageserver)	L	pageserver.exe	Related to Seagate Page Server. Now owned by Business_Objects Note: Located in C:\Program Files\Seagate Software\WCS\
Seagate Web Component Server (WebCompServer)	L	WebCompServer.exe	Related to Seagate Web Component Server. Now owned by Business_Objects Note: Located in C:\Program Files\Seagate Software\WCS\
Search Engine Commando Schedule Service	L	ScheduleService.exe	Related to Search Engine Commando
Secondary .NET Framework (SVSNET)	X	svsnet.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Secure Port Server (Server Administrator)	L	omaws32.exe	Related to Dell Open Management system. http://www.what-process.com/process-info.aspx?p=omaws32.exe
Secure Socket Layer	X	ssls.exe	Added by the W32/Spybot-NE WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K)
Secure SSL System (Secure)	X	securessl.exe	Added by the Haxdoor.Fam HAXDOOR! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Security Accounts Center (Security Accounts Center)	X	windowo.exe	Added by the Troj/Bckdr-AWQ TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Security Accounts Manages	X	TIMPlatform.exe	Troj/Delf-EWW
Security Agent (scagent)	X	scagent.exe	Added by the Troj/Dload-LV TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Security Logs Service (SLSVS)	X	SM1OGSVC.EXE	Added by the Troj/Tenant-A TROJAN! Note: This trojan file is found in the System32 folder.
Security System Manager	X	spoolvc.exe	W32/Sdbot-DCW Read the link, allows remote access
Security Task Manager	X	spoolvc.exe	Added by the W32/Tilebot-IX WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess)	L	useraccess.exe	Related to Sony DADC Blu-ray Disc is the next generation optical disc format.
SecuROM User Access Service	L	UAService7.exe	Used by virtual CD programs like Alcohol to access CD images protected by SecureROM.
SentinelProtectionServer	L	spnsrvnt.exe	Related to one of the SafeNet_Inc programs or services.
Sentry 2020	L	SentryService.exe	www.softwinter.com
SerDgeonServer (SerDry_igeon_Server)	X	IExplore.exe	Added by the Troj/Feutel-AC TROJAN! Note: This is not the legitimate Windows process IExplore.exe (Which should be found in the Program Files\Internet Explorer folder.) This worm\trojan file (IExplore.exe) is found in the Windows or Winnt folder.
Serv-U FTP Server	O	ServUDaemon.exe	Related to Serv-U an FTP Server note Reference:
Server 2.0 (Server 2.0)	X	Server.exe	Added by the Troj/GrayBrd-AN TROJAN! Note: This worm\trojan file is found in the Windows or Winnt folder.
Server Advance (ServerAC)	X	Security.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Server Management Service	X	svchost.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.)
Server Network Debug (SerND)	X	NetDebug.exe	W32/VB-DOS Note: Located in %windir%\system32
Server VSS System	X	sysvrs32.exe	W32/Sdbot-DES Read the link, allows remote access
Service	X	Service.exe	Added by the Troj/SrchSpy-A TROJAN! Note: This is not the legitimate Windows process services.exe (Notice the difference in the spelling.) This trojan file (Service.exe) is also found in the System32 folder. Do not confuse the two!
Service	X	Service.exe	Added by the Haxdoor.Fam HAXDOOR! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
SERVICE (WINDOWS)	X	spoolsvc.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Service 8 (Service Filter)	X	smncs.exe	Added by the W32/Tilebot-CK WORM! which attempts to spread to remote network shares and messaging applications
Service Cache Terminal (SVCTERM)	X	svscache.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Service Controller (Services)	X	services.exe	W32/Sdbot-DDT Read the link, allows remote access
Service Cvasvr (Service Cvas)	X	csvas.exe	Spyware Worm reported as Backdoor.Win32.SdBot.aad by Kaspersky Anti-Virus
Service de lancement de WlanCfg (Wlancfg)	L	wlancfg.exe	Driver for wireless router. Owner: Inventel-Found in C:\Program Files\Inventel\Gateway\
Service Hosts (ServiceHost)	X	shost.exe	Added by the W32/Rbot-AXG WORM! Note: This worm file is found in the Windows or Winnt folder.
Service Logon Protocol (SVSLOG)	X	svslogon.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
Service name: Messenger	X	system32.exe	See Symantec Trojan.Esteems.B Location: C\Windows\system\system32.exe (9X\ME) or C\Windows or Winnt\system32\system32.exe (NT\2000\XP)
Service name: Messenger	X	zone-h.ddo.jp.exe -k netsvcs	Trojan.Esteems.C See Symantec Location: C:\Winnt\System32 ( NT/2000), or C:\Windows\System32 (XP).
Service name: Messenger	X	514.exe	Trojan.Esteems.D See Symantec Location C:\Windows\System32 (XP) C:\Winnt\System32 (NT\2000)
Service Scheduler	X	scheduler.exe	W32/Agobot-PH See Sophos Unknown owner: Location: C:\WINDOWS\System32\scheduler.exe -service
Service Security Manager (scekrnl)	X	scekrnl.exe	Added by the Backdoor.Win32.Agent.alx TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Service1	L	windowsserviceexample.exe	Related to Microsoft .Net Application. VB.NET_Forums
Service32 (Service Sequence)	X	services32.exe	Added by the W32/Tilebot-C WORM! Read the link, rootkit type stealth involved.
Service: LicenseManagerReminder	L	LicenseManagerReminder.exe	Related to UIC License Manager a propriatiry Sofstware. Used to activate a software on customer computers for a specified length of time. Note: Located in C:\Program Files\Universal Instruments\License Manager\
Service: Microsoft Net API (NETAPI)	X	ntps.exe	Added by the Backdoor.Win32.SdBot.aad as identified by Kaspersky. TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Service: Network Client (nwclnta)	X	netclna.exe	Troj/Boxed-I. Owner:Unknown. Location: C:\WINDOWS\system32\netclna.exe
ServiceLayer	L	ServiceLayer.exe	Related to Nokia Connectivity Library software. Note: located in C:\Program Files\Common Files\PCSuite\Services\
serviceMangr (tcphost.exe)	X	TCPHOST.EXE	Added by the SDBOT.CSG WORM! Read the link, rootkit type stealth involved.
services	X	services.exe	W32/Sdbot-CXP Note: Located in %windir% Read the link, allows remote access
Services (Ini Service Ku)	X	services.com	Troj/Winlock-C
Services an controller-settings	X	services.exe	Added by the W32/Tilebot-HY WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Services Manager (svcmngr)	X	config.exe	Troj/DllLoad-C Read the link, steals information
services32 (Content List Management Sub System)	X	services32.exe	Added by the W32/Esbot-B WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
Servicess_Server	X	Servicess.exe	A variant of the Feutel/Hupigon infection. Note: rootkit type stealth involved.
Servicio COM de grabaciÃ³e CD de IMAPI	L	imapi.exe	Related to recording of CDs.
Servicio de alerta	L	services.exe	Spanish Windows 2000 alert service.
Servicio de ayuda TCP/IP NetBIOS	L	services.exe	Spanish Windows 2000 Help service TPC/IP NetBIOS
Servicio de fax	L	faxsvc.exe	Spanish Windows 2000 fax service
Servicio del administrador de discos lÃ³os	L	dmadmin.exe	Spanish Windows 2000 logical disk manager administrative service
Servicio RunAs	L	services.exe	Spanish Windows 2000 RunAs service
Servidor	L	services.exe	Spanish Windows 2000 "server"
Servies Unknow Srv	X	001.exe	Win-Trojan/Downloader.6656.DW
Servizio Norton AntiVirus Auto-Protect	L	navapsvc.exe	Related to Norton Antivirus
settings	X	SETTINGS.EXE	Added by the SDBOT.CHY WORM! Read the link, rootkit type stealth involved.
SF FrontLine Drivers Auto Removal (v1) (sfrem01)	L	sfrem01.exe	Related to SF_FrontLine Drivers Auto Removal from Star-Force. Note: Located in C:\WINDOWS\system32\
SFTRANSFER (SFTRANSFER)	X	(Unknown at this time.)	Added by the Backdoor.Brakkeshell TROJAN! Note: In the Description field under Services it wil show as: Secure file transfer protocol
SFUSVC	L	SFUSVC.exe	KYOCERA_MITA Scanner File Utility used with Kyocera Mita scanners/faxes. Note: located in C:\Program Files\Kyocera Mita\FileUtility\
SgeCtl	L	SGECTL.EXE	Utimaco Safewares SAFEGUARD
Sharing Messenger Folders Windows XP (SMFWX)	X	bhagent.exe	W32/Sdbot-CZS Note: Located in %windir% Read the link, allows remote access
Shavlik HFNetChkPro Service	L	HFNetChkProService.exe	HFNetChkPro distributes Microsoft patches to client machines
SHDSERV	L	shdserv.exe	Horizon DataSys Rollback Rx
Shiva VPN Client	L	icsrv.exe	Related to Eicon Networks Corporation
SHOVE	X	SHOVE.exe	Troj/Agent-EOM
SigmaTel Audio Service (STacSV)	L	stacsv.exe	Related to SigmaTel_Audio_Service Part of the C-Major Audio driver. Note: Located in C:\Program Files\SigmaTel\C-Major Audio\WDM\
Sigmatel PassThru (PassThru)	L	passthru.exe	Related to Sigmatel
SiS WirelessLan Service (SiSWLSvc)	L	SiSWLSvc.exe	Related to Sis_Wireless_Lan LAN controller
Sistema de ayuda de tarjeta inteligente	L	SCardSvr.exe	Spanish Windows 2000 smart card helper
SiteAdvisor Service	L	SAService.exe	Related to SiteAdvisor Service from McAfee. Note: Located in C:\Program Files\SiteAdvisor\[4 digits number\
SiteMinder Authentication Service (SmServAuth)	L	Service_AuthSrvr.exe	Related to Cold_Fusion from Macromedia, inc.
SiteMinder Authorization Service (SmServAz)	L	Service_AzSrvr.exe	Related to Cold_Fusion from Macromedia, inc.
Skype Messenger (Skype)	X	skype32.exe	Added by the W32.Mytob.ML WORM! Note: This worm file is found in the System32 folder. Read the link, rootkit type stealth involved.
Sleepy	L	service.exe	Related to Sashazur LLC A utililty to prevents computer use at night. For schools, libraries, businesses etc.
SlimServer (slimsvc)	L	slim.exe	Related to SlimServer Note: Located in C:\Program Files\SlimServer\server\
SLMDriver (SLMDriver)	X	slm32.sys	Added by the Troj/Rootkit-AA TROJAN! Note: This trojan file is found in the System32 folder. Read the link, rootkit type stealth involved.
SLPMONX	L	slpservice.exe	Related to Seiko Printers. Provides additional configuration options for these devices. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
SMART Board Service	L	SMARTBoardService.exe	Related to SMART Technologies inc.
Smart Card Client (SCardClnt)	X	SCardClnt.exe	Added by the W32/Codbot-K WORM! Note: located in C:\Windows\System (Win9x/Me), C:\Winnt\System32 (XP/WinNT/2K)
Smart Card Helper	X	scardsvr32.exe	Added by the W32.Femot_worm! . NOTE: do not confuse this with the legitimate Smart Card Helper service, which uses the filename SCardSvr.exe!
Smart Card Supervisor (mmc)	X	mmc.exe	W32/Dzan-A Read the link, allows remote access
SmartGenie (LxrSGe10s)	L	LxrSge10s.exe	Related to SmartGenie_toolbar customizable toolbar, offers many helpful research tools making it possible for you to navigate the Web as well as carry out powerful research.
SmartLinkService	L	slmdmsr.exe	slmdmsr.exe installed alongside Smartlink communication products and offers additional support to the modem service. This program is a non-essential process, but should not be terminated unless suspected to be causing problems.
SmartLinkService (SLService)	L	slserv.exe	slserv.exe is installed alongside Smartlink communication products and offers additional support to the modem service. This program is a non-essential process, but should not be terminated unless suspected to be causing problems.
SmartTrust Smart Card Server (Smartscaps)	L	Smartscaps.exe	Platform for integrating security functions with mobile services. For more information Click_Here
SmartWiService	L	SmartWiService.exe	Related to Sony_SmartWi SmartWi technology is the seamless integration of three wireless technologies: Wide Area Network (WAN)132, 802.11bg wireless LAN1, and Bluetooth®4 technologies.
SMBus Upgrade Service for Windows 2000 and above (ibmsmbus)	L	ibmsmbus.exe	Related to SMBus on IBM computers. SMBus is the System Management Bus defined by Intel® Corporation in 1995. It is used in personal computers and servers for low-speed system management communications. Note: located in C:\WINDOWS\System32\ibmsmbus.exe
SMONITOR	X	SMONITOR.SYS	Added by the TROJ_ROOTKIT.V TROJAN! Read the link, rootkit type stealth involved.
SMS Help Center (SMS32)	X	smss32.exe	Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
smsc	X	smsc.exe	Added by the W32/Tilebot-GW WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
smscc	X	smscc.exe	Added by the W32/Sdbot-CPG WORM! Note: This worm\trojan is located in C:\%WINDIR%
smsmanger	X	smsmanger.exe	Added by the Backdoor.SdBot.xd as identified by ewido. Note: This worm\trojan is located in C:\%WINDIR%\ More: here
SMSS (SMSS)	X	smss.exe	Added by the W32/Tilebot-V WORM! Note: This worm file is found in the Windows or Winnt folder.
SMTP Capture	L	smtpcap.exe	Related to NSi's AutoStore from Notable Solutions, Inc. Capture documents and securely saving the content in your business applications.
Snake SockProxy Service (SkServer)	X	wuauserv.exe	Variant of Troj/VB-ZD See Sophos
SNARE	L	SnareCore.EXE	Related to InterSect_Alliance Open Source agents to provide a log collection, analysis, reporting and archival resource.
SnareIIS	L	SnareIIS.EXE	Related to InterSect_Alliance Open Source agents to provide a log collection, analysis, reporting and archival resource.
SndDRV (MS Sound Driver) (SndDRV)	X	snddrv.exe	Added by the W32/Rbot-BSC WORM! Note: This worm file is found in the System32 folder.
SNMPTrapd Service	L	snmptrapd.exe	Related to MKS_Toolkit
Snoop Free Service (SnoopFreeSvc)	L	SnoopFreeSvc.exe	Anti-keylogging software made by SnoopFree_Software._
Socks-Cap (Sc32Inch)	X	Sc32Inch.exe	Added by WORM_SDBOT.DIN WORM! Rookit infection Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Softex OmniPass Service	L	Omniserv.exe	Related to Softex OmniPass security solution which handles passwords on your computer.
Softex OmniPass Service	L	Omniserv.exe	secure password management software
Software Jukebox v2.0 Service	L	Software Jukebox v2.0 Service File.exe	Related to BlueLabelle Jukebox v2.0 from MPEGX.com
Software Secure Service (SSISvr32)	L	ssisvr32.exe	Related to Software_Secure service. Enables students to take an exam in a secure environment using Microsoft® Word and Excel. Note: Located in C:\WINDOWS\system32\
SolidPDFConverterReadSpool (ScReadSpool)	L	SolidPdfService.exe	Related to Solid_Converter_PDF from VoyagerSoft - Turn your PDFs into documents you can edit.
Sonica Theater Installer (SonicaTheaterInstallerService)	L	STinst.exe	Related to Sonica_Theater from M-Audio. Turn your computer into a fully functional multiformat surround-sound monitoring environment. Note: Located in C:\Program Files\C:\Program Files\M-Audio Sonica Theater\Install\
SonicStage SCSI Service (SSScsiSV)	L	SSScsiSV.exe	Related to Sony Corp.
SonicStageMonitoring	L	SonicStageMonitoring.exe	Related to Sony GigaPocket multimedia entertainment center.
SonicWALL Agent Service	L	swAgent.exe	Related to Network Associates, Inc.
SonicWall VPN Client Service	L	RampartSvc.exe	SonicWall client for VPN access.
Sony Network Analysis Tool	X	winsony.exe	W32/Spybot-NS Read the link, allows remote access
Sony SCSI Helper Service	L	SonySCSIHelperService.exe	Related to Related to Sony Corporation.
Sony SPTI Service (SPTISRV)	L	Sptisrv.exe	Related to Sony Corporation
Sony SPTI Service for DVE (ICDSPTSV)	L	IcdSptSv.exe	Related to Sony SPTI Service Note: Sony Inc. Located in C:\%WINDIR%\System32 (XP/WinNT/2K)
Sony TV Tuner Controller	L	halsv.exe	Sony computers
Sony TV Tuner Controller	L	halsv.exe	Sony computers
Sony TV Tuner Manager	L	RM_SV.exe	Sony computers
Sony TVTA Manager	L	SMceMan.exe	Related to Sony Corporation.
Sophos Agent	L	ManagementAgentNT.exe	Related to Sophos AntiVirus protection software.
Sophos Anti-Virus	L	SWEEPSRV.SYS	By Sophos Plc
Sophos Anti-Virus (SAVService)	L	SavService.exe	Related to Sophos AntiVirus protection software.
Sophos Anti-Virus (SWEEPSRV.SYS)	L	SWEEPSRV.SYS	Sophos Virus protection program. http://www.sophos.com/support/knowledgebase/article/378.html
Sophos Anti-Virus Network	L	SWNETSUP.EXE	By Sophos Plc
Sophos Anti-Virus status reporter (SAVAdminService)	L	SAVAdminService.exe	Related to Sophos AntiVirus protection software.
Sophos Anti-Virus Update	L	SWUPDATE.EXE	By Sophos Plc
Sophos AutoUpdate Agent	L	AutoUpdateAgentNT.exe	Related to Sophos AntiVirus protection software.
Sophos AutoUpdate Service	L	ALsvc.exe	Related to Sophos AntiVirus protection software. Auto Update service.
Sophos Cache Manager (CacheMgr)	L	cachemgr.exe	Related to Sophos AntiVirus protection software. Remove Update service.
Sophos Database Notification Service (sdbnsrvc)	L	Sdbnsrvc.exe	Related to Sophos_Control_Center a central console that permits administration of Sophos Anti-Virus SBE over the entire network from one location. Note: Located in C:\Program Files\Sophos\Control Center\
Sophos Message Router	L	RouterNT.exe	Related to Sophos AntiVirus protection software.
Sophos SBE Certification Manager	L	CertificationManagerServiceNT.exe	Related to Sophos_Control_Center a central console that permits administration of Sophos Anti-Virus SBE over the entire network from one location. Note: Located in C:\Program Files\Sophos\Control Center\
Sophos SBE ManagementService	L	SbeMss.exe	Related to Sophos_Control_Center a central console that permits administration of Sophos Anti-Virus SBE over the entire network from one location. Note: Located in C:\Program Files\Sophos\Control Center\
Sound Sservice Driver (Sound Service)	X	cfmon.exe	See Here
SoundMAX Agent Service (SoundMAX Agent Service (default))	L	SMAgent.exe	SoundMAX Sound Device
SP Software Installer	L	sp_SWIns.exe	SmartPipes SecureSite is a scalable, reliable, and secure software platform for the creation and management of advanced IP services. - http://www.smartpipes.com/SecureSite.htm
SPBBCSvc	L	SPBBCSvc.exe	Related to Symantec Internet security suite and assists in keeping your computer up to date from Internet bound viruses.
SPCSUtilityService	L	SPCSUtilityService.exe	Related to Sprint_Sierra_Wireless service. Note: Located in C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\
spdcheck	X	SPDCHECK.EXE	Added by the SDBOT.BZE WORM! Read the link, rootkit type stealth involved.
Spectrum24 Event Monitor	L	S24EvMon.exe	Intel Corporation
Speed Disk service	L	nopdb.exe	Norton Speed Disk
spkrmon	L	spkrmon.exe	SoundMAX SpeakerMonitor service
SPM License Server (spmd)	L	spmd.exe	Related to SPM_License from mental images GmbH. RealityServer® is the unique server-based, scalable infrastructure software platform for creating and deploying 3D Web Services and other applications and application Note: Located in C:\WINDOWS\System32\spm\
SPM License Server (spmd)	L	spmdib.exe	Related to Software_Protection_Manager from SoftImage. Note: Located in C:\WINDOWS\system32\spm\
spmgr	L	spmgr.exe	Related to Sony VAIO/ASUS laptops and provides additional configuration options for these devices. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems.
spool	X	spoollv.exe	Added by the W32/Sdbot-AES WORM! Note: This worm\trojan file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
spool	X	SPOOLLV.EXE	Added by the SDBOT.CTI WORM! Note: This worm file is found in the System32 folder. (NT/2000/XP) Read the link, rootkit type stealth involved.
Spool SubSystem App	X	lsass.exe	Added by the W32/Tilebot-HD WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.)
SpoolService	X	spolsv.exe -service	Possibly added by a W32/Agobot variant.
Spoolsv	X	spoolsv.exe	Added by the Troj/IRCBot-VA TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
spoolv	X	spoolv.sys	Added by the TROJ_ROOTKIT.S TROJAN! Read the link, rootkit type stealth involved.
Spss License Manager (SpssLM)	L	spss_lmd.exe	http://www.spss.com/spss/licensing.htm
Spy Emergency Shield Service (SpyEmrgSrv)	L	SpyEmergencySrv.exe	Related to Spy_Emergency from NETGATE Technologies. Security software. Note: Located in C:\Program Files\NETGATE\Spy Emergency 2006\
Spy-Keylogger (SpyKeyloggerService)	X	skls.exe	Identified as Spyware.SpyKeylogger SPYWARE! Spyware.SpyKeylogger is a security risk that records keystrokes. Must be manually uninstalled via Start\settings\control panel\Add_Remove programs.
SpyDetectSVC	L	SpywareDetectorSVC.exe	Spyware Detector, Adware/Spyware remover - initially considerered a "rogue" program. The latest version has since apparently mended its ways: see note
Spyware Doctor Auxiliary Service (sdAuxService)	L	svcntaux.exe	Related to Spyware_Doctor from PC Tools Auxiliary Service. Note: Located in C:\Program Files\Spyware Doctor\
Spyware Doctor Service (sdCoreService)	L	swdsvc.exe	Related to Spyware_Doctor from PC Tools service. Note: Located in C:\Program Files\Spyware Doctor\
Spyware Terminator Clam Service (sp_clamsrv)	L	sp_clamsrv.exe	Part of Spyware Terminator, located in %program files%\WinClamAVShield
Spyware Terminator Realtime Shield Service (sp_rssrv)	L	sp_rsser.exe	Related to SpywareTerminator Spyware Remover. Note: Located in C:\Program Files\Spyware Terminator\
SpywareCleanerService	O	SCService.exe	Owner:Secure Computer, LLC. May show as Unknown owner. Related to Spyware Cleaner Note: Not recommended.
SQL Server (MSSQLSERVER)	L	sqlservr.exe	Related to Microsoft_SQL_server suite.
SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT)	L	SQLAGENT90.EXE	Related to Microsoft_SQL_Server_Agent
sql-smss	X	sql-smss.exe	Added by the W32/Tilebot-GI WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
sqldps	X	sqldps.exe	Added by the W32/Tilebot-GV WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
sqlmanagement	X	sqlmanagement.exe	Added by the W32/Tilebot-GB WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
sqlserver (sqlserver)	X	sqlserv.exe	Added by the SDBOT.BZO WORM! Read the link, rootkit type stealth involved.
SQLSERVERAGENT	L	sqlagent.EXE	Related to Microsoft SQL Server
sqlsrvd (sqlsrvdaemon)	X	_sqlexec.exe	Possible new variant of W32.Spybot.NLX. Location: C:\Windows (9X\XP) or C:\Winnt (NT\2000). See Symatec
SRS Labs License Service	L	srslabslicenseservice.exe	Related to SRS_Labs Audio Service. Note: Located in C:\Program Files\Common Files\SRS Labs Shared\
ssdfghjkl	X	NETDDF.EXE	Added by the SDBOT.BXN WORM! Read the link, rootkit type stealth involved.
SSH Client for Windows	X	winshp.exe	Win32/Duiskbot.BE Note: Located in %System%\dllcache\
ssms	X	SMSS.EXE	Added by the SPYBOT.ADJ WORM! Note: This is not the legitimate Windows process SMSS.EXE (Which is always found in the System32 folder.) This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
SSO Plus	L	pgpwdmon.exe	http://www.passgo.com/products/sso/index.shtml
SSODL: eplrr	X	eplrr3.dll	hijacker/trojan
SSODL: Sysctl Desktop Handler	X	ntosv.dll	seems to replace the users desktop with an error message regarding spyware
SSODL: SystemCheck2	X	vbsys2	can also be vbsys/vbsys2 with or without .exe extension. trojan related
ssrvc	L	ssrvc.exe	Program from Advanced Systems International SAC regarding usb removable storage devices, For more info See_Here
Standalone.exe (Standalone)	X	standalone.exe	Added by the W32/AGOBOT-ADS WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Read the Topic here
starter (Protector)	X	scvhostingg.exe	Added by the W32/Forbot-FB WORM!
StarWind iSCSI Service (StarWindService)	L	StarWindService.exe	StarWindService.exe is a process which belongs to Alcohol 120% DVD/CD emulation and burning software and provides network drive sharing capabilities to this product. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems.
Stateless Packet Filtering (PktFilter)	L	pktfltsrv.exe	Part of PktFilter
stchost.exe (moto)	X	stchost.exe	Added by the Troj/Vixup-L TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE)	L	SLEE503.exe	Related to Steganos live Encryption Engine.
Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE)	L	SLEE81.exe	Part of Steganos security suite
STI Simulator	L	PAStiSvc.exe	Related to STI_Simulator From SystemsTech. Note: Located in C:\WINDOWS\System32\
stllssvr	L	stllssvr.exe	Related to SureThing_CD_Labeler from MicroVision Development, Inc. designed for MP3 and DVD buffs Note: Located in C:\Program Files\Common Files\SureThing Shared\
STOPzilla Local Service	L	szntsvc.exe	Stopzilla Popup Blocker
STOPzilla Service	L	SZServer.exe	Related to STOPzilla service.
Streamload Service (StreamloadService)	L	StreamloadService.exe	Related to Streamload_Service from Streamload, Inc. Backs up your files and syncs files between computers. Note: Located in C:\Program Files\Streamload\MediaMax XL\
stunnel	L	aa-stunnel.exe	Related to Stunnel encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer)
StyleXPService	L	StyleXPService.exe	Related to StyleXP, a skinning program for Windows XP
Sun One Administration Server 5.2 (admin52-serv)	L	ns-httpd.exe	Related to Sun_One Administration server
Sun ONE Directory Server 5.2 (config52) (slapd-config52)	L	ns-slapd.exe	Related to Sun_One directory server
Sun ONE Directory Server 5.2 (data52) (slapd-data52)	L	ns-slapd.exe	Related to Sun_One directory server
Sun ONE Web Server 6.1 (https-NASSRY) (https-NASSRY)	L	webservd-wdog.exe	Related to Sun_ONE_Web_Server from Sun Microsystems, inc. Note: located in C:\Sun\WebServer6.1\bin\https\
Sun ONE Web Server 6.1 Administration Server (https-admserv61)	L	webservd-wdog.exe	Related to Sun_ONE_Web_Server from Sun Microsystems, inc. Note: located in C:\Sun\WebServer6.1\bin\https\
Sunbelt CounterSpy Antispyware (SBCSSvc)	L	SBCSSvc.exe	Related to Scan_Service from Sunbelt Software belonging to CounterSpy. Note: Located in C:\Program Files\Sunbelt Software\CounterSpy\
Super Ad Blocker Service	L	SABSVC.EXE	Related to SuperAdBlocker.com
Surveyor	L	Surveyor.EXE	Related to compaq products
svahost	X	svahost.exe	Added by the Backdoor.Win32.SdBot.aad as identified by Kaspersky TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder.
SVC Module (SVC Module)	X	svchost.exe	Added by the W32/Sdbot-ADG WORM! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm file is found in the Windows or Winnt folder.
svchoct.exe (yuto)	X	svchoct.exe	Added by the Troj/Sdbot-LI TROJAN! Note: located in C:\Windows\ (Win9x/Me,XP), C:\Winnt\ (WinNT/2K)
svchost	L	inetdll.exe	Unknown to me...
svchost	X	svchost.exe	Troj/Hupigon-CK Note: Located in %windir% Read the link, allows remote access
svchost.exe (moto)	X	(Random 18-character filename)	Added by the Troj/Agent-MD TROJAN!
svchost.exe (moto)	X	svchost.exe	Added by the Troj/Agent-MD TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
svchost.exe (svchost.exe)	X	svchost.exe	Added by the Troj/GrayBird-X TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
svice	X	txkernel.exe	Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\iis] (Win9x/Me), C:\%WINDIR%\System32\iis\ (XP/WinNT/2K) More similar_to
SVKP (SVKP)	X	SVKP.sys	Added by the W32/Rbot-AGP or W32/Spybot-FB or W32/Rbot-AJR WORM!
Sweep for Windows NT Network	L	SWNETSUP.EXE	Sophos AntiVirus Sweep Service
Sweep for Windows NT Update	L	SWUPDATE.EXE	Sophos AntiVirus Update Service
SwiftPublish Authorization Service	L	spauthserv.exe	Related to SwiftView, Inc.
Swupdtmr	L	swupdtmr.exe	Related to Toshiba Software Update Manager. Handles the updating of software.
SX Service (SXServ)	X	sxserv101.exe	Added by the Windir_SXS TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
SX Service (SXServ)	X	servmswin.exe	Added by the W32/Delf.THK.dropper. Drops the file servmswin.exe in the WINDOWS\System32 folder.
Sybase EP Management Agent	L	sybjsvc.exe	Related to EP_Management_Agent from Sybase. Note: Located in C:\Program Files\Sybase\shared-1_0\bin\
Sygate Personal Firewall	L	smc.exe	Related to Sygate Firewall.
SyGateService (SaService)	L	sgserv.exe	Related to Sygate Technologies now owned by Symantec.
Symantec AntiVirus	L	Rtvscan.exe	Related to Symantec AntiVirus
Symantec AntiVirus Client	L	Rtvscan.exe	Symantec Internet Security Suite
Symantec AntiVirus Definition Watcher	L	DefWatch.exe	Related to Symantec AntiVirus Software.
Symantec AppCore Service (SymAppCore)	L	AppSvc32.exe	Related to Symantec_AppCore Service. Note: Located in C:\Program Files\Common Files\Symantec Shared\
Symantec Central Quarantine (qserver)	L	qserver.exe	Related to Norton/Symantec AntiVirus.
Symantec Client Firewall Configuration (CfgWzSvc)	L	CfgWzSvc.exe	Related to Symantec_Client_Firewall Configuration Wizard Service Note: Located in C:\Program Files\Symantec Client Security\Symantec Client Firewall\
Symantec Client Firewall Proxy Service (SymPxSvc)	L	SymPxSvc.exe	Related to Symantec_Client_Firewall Note: Located in C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\
Symantec Core LC	L	symlcsvc.exe	Related to Norton/Symantec Anti-Virus.
Symantec Event Manager (ccEvtMgr)	L	ccEvtMgr.exe	Related to Norton/Symantec AntiVirus
Symantec Ghost Client Agent	L	ngctw32.exe	Related to Norton/Symantec AntiVirus.
Symantec Ghost Database Service (ngdbserv)	L	dbserv.exe	http://castlecops.com/s855-dbserv_exe.html
Symantec Ghost Win32 Configuration Server (NGServer)	L	ngserver.exe	Symantec/Norton Ghost Console service http://castlecops.com/s2476-ngserver_exe.html
Symantec IS Password Validation (ISPwdSvc)	L	isPwdSvc.exe	Related to Symantec_IS_Password Validation service. Note: Located in C:\Program Files\Norton AntiVirus\
Symantec Lic NetConnect service (CLTNetCnService)	L	ccSvcHst.exe	Related to Symantec_Lic_NetConnect service. Note: Located in C:\Program Files\Common Files\Symantec Shared\
Symantec Licensing Detect Internet Connection (DJSNETCN)	L	DJSNETCN.exe	Related to Norton/Symantec AntiVirus.
Symantec LiveState Agent for Windows	L	ccmagent.exe	Related to Symantec Incorporated
Symantec LiveState Recovery	L	VProSvc.exe	Related to Symantec Norton Ghost Note: Located in C:\Program Files\Symantec\LiveState Recovery\Advanced Server 3.0\
Symantec Network Drivers Service (SNDSrvc)	L	SNDSrvc.exe	Symantecd related
Symantec Network Proxy	L	ccProxy.exe	Symantec Network Proxy
Symantec Password Validation (ccPwdSvc)	L	ccPwdSvc.exe	Related to Norton/Symantec AntiVirus.
Symantec Proxy Service	L	ccPxySvc.exe	Related to Norton proxy service
Symantec Quarantine Agent (IcePack)	L	IcePack.exe	Related to Norton/Symantec AntiVirus.
Symantec Quarantine Scanner (ScanExplicit)	L	ScanExplicit.exe	Related to Norton/Symantec AntiVirus.
Symantec SecurePort (SymSecurePort)	L	SymSPort.exe	Related to Norton/Symantec AntiVirus.
Symantec Settings Manager (ccSetMgr)	L	ccSetMgr.exe	Related to Norton/Symantec AntiVirus.
Symantec SPBBCSvc (SPBBCSvc)	L	SPBBCSvc.exe	Symantec Internet Security Service
Symantec System Center Discovery Service (NSCTOP)	L	NSCTOP.EXE	Related to Symantec Corp.
SymWMI Service	L	SymWSC.exe	Related to Norton/Symantec AntiVirus.
SysAid Agent (SysAidAgent)	L	IliAS.exe	Related to SysAid from Ilient Ltd. A suite of web-based IT management to automates your processes for help desk. Note: Located in C:\Program Files\SysAid\
Syscheck (Syscheck)	X	csrss.exe	Added by the Troj/LdPinch-AL TROJAN! Note: This is not the legitimate Windows process csrss.exe (Which is always found in the System32 folder.) This trojan file (csrss.exe) is found in the Windows or Winnt folder.
sysmgr64	X	sysmgr64.exe	Added by the Backdoor.SdBot.xd WORM! as detected by ewido. More here
sysServer2.0 (sysServer2.0)	X	G_Server2.0.exe	Added by the Troj/Feutel-AK TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
systeerm (systeerm)	X	systeerm.exe	Added by the Troj/Singu-V TROJAN! Note: This trojan file is found in the Windows or Winnt folder.
system	X	system.exe	Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\ folder
System	X	sys.exe	Troj/Hupigon-QH Note: Located in %windir%\addins Read the link, steals information and allows remote access
system	X	Hacker.com.cn.exe	Troj/GrayBrd-CJ Note: Located in %windir% Read the link, allows remote access
System Account Center (SysAccCtr)	X	svcpost.exe	W32/Oscabot-Q Read the link, allows remote access
System Commander MBR check	?	WINMBR.EXE