service

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
Version	"NVIDIA Driver Helper Service	U	"RUNDLL32.EXE nvsvc.dll
X	.Prog	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
X	32-bit Thunking service	thunk32.exe	"Added by the DERDERO.A WORM!"
Y	a-winpoet-service	winpppoverethernet.exe	"WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion
?	a2dservice	a2dservice.exe	"Related to the Air2Data Wireless HISA (High-Speed Internet Access) service. What does it do and is it required?"
U	Acronis Scheduler2 Service	schedhlp.exe	"Part of Acronis True Image - backup software. Co-operates with the ""schedul2.exe"" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images"
X	ActiveX File Registration Service	filereg.exe	"Added by the RBOT-DVD WORM!"
X	ADDITIONAL Services	pkgadd.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Admilli Service	AdmilliServ.exe	Windupdates adware variant
X	AdobeReaderPro	service.exe	"Added by the RBOT-BCA WORM!"
X	AdRotator.Application	services.exe	"FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an ""Inetsrv"" subfolder"
U	ADService	ADService.exe	"Part of Active Disk from Iomega - allows software applications to be run directly from an Iomega Zip® disk. Required if you wish the applications to launch on insertion of a disk. Appears as a service in XP/Vista and under the ""RunServices"" registry key in Win98/ME"
X	AdStatus Service	AdStatServ.exe	"WindUpdates AdStatus Service adware"
X	Adtools Service	AdTools.exe	"Windupdates Adware"
?	Air2Data	a2dservice.exe	"Related to the Air2Data Wireless HISA (High-Speed Internet Access) service. What does it do and is it required?"
X	aldefr ere service	tay0x.exe	"Added by the RBOT-XS WORM!"
U	AltoMB_service	AltoMBsrv.exe	"Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind"
N	ALU Scheduler Service	ALUSchedulerSvc.exe	Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security
X	Amie Release V6.9D	services.exe	"Added by the VB-EAN TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
Y	ANIWZCS2Service	WZCSLDR2.exe	"ALPHA Networks wireless driver"
?	ANIWZCSService	WZCSLDR.exe	D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity
X	Anti Spam Service	spamsvc.exe	"Added by the MYTOB-BK WORM!"
X	Antivirus Protection Services	ccapp2.exe	"Added by the RBOT.EXI WORM!"
N	AOL Service Libraries	AOLSoftware.exe	"Quoted from AOL Beta Team
X	AOL Services Hosts	aolserviceshosts.exe	Added by an unidentified WORM or TROJAN!
U	APC_SERVICE	mainserv.exe	"APC PowerChute® Personal Edition - ""safe system shutdown software with sophisticated power management functions."" Appears as a service in XP/Vista and under the ""RunServices"" registry key in Win98"
X	Application Layer Gateway Service	algs.exe	"Added by the LINKBOT.M WORM!"
X	Application Layer Services	avrsvc.exe	"Added by the IRCBOT.BJM BACKDOOR!"
N	ArcSoft Connection Service	ACDaemon.exe	"Used to serve notice of product information and updates when running ArcSoft products such as TotalMedia
Y	Ashampoo AntiVirus Service	GuardGui.exe	"System Tray access to the main user interface for Ashampoo® AntiVirus from Ashampoo GmbH & Co. KG."
X	ASP.NET State Service	csrss.exe	"Added by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	ASP.NET State Service	crsass.exe	"Added by the BANLOAD-M TROJAN!"
X	ASP.NET State Service	servicos..exe	"Added by the DADOBRA-I TROJAN!"
?	AspireService	AspireService.exe	"Found on Acer laptops
X	AutoAdministrator	SERVICES.EXE	"Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Root%\Application Data\WINDOWS"
X	AutoDiscovery/AutoPurge (ADAP) Service	wmiadapi.exe	"Added by the RBOT.FLT WORM!"
N	AutoMate Task Service	automate.exe	"Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start → Programs"
X	Autoupdate Service	kaka.exe	"Added by the SYMPE-B TROJAN!"
X	Autoupdate Service	[path to trojan]	"Added by the AGENT-CB TROJAN!"
X	AutoUpdate32	services.exe	"Added by WINSPY.88! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\debug64"
X	Background Intelligent Transfer Service	[path] rundll32.exe	"Added by the VB-ZD TROJAN! Note - this is not the legitimate rundll32.exe process
X	Backup Service	backup.svc	Unidentified adware
X	BaRloNdDiLhep	services.exe	"Added by the AUTORUN.DIB WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ï¿½ subfolder"
X	blah service	winupdate.exe	"Added by the GAOBOT.BIA WORM!"
X	blah service	winsysengine.exe	"Added by the RBOT-KI WORM!"
X	blah service	internet.exe	"Added by a variant of the RBOT WORM!"
X	blah service	smnp.exe	"Added by the RBOT.IZ WORM!"
X	blah service	msnmsgrr.exe	"Added by the RBOT.PZ WORM!"
X	blah service	tazkmgr.exe	"Added by the RBOT.UA WORM!"
X	blah service	FaLeH.exe	"Added by the RBOT-AES WORM!"
X	blah service	microsoft.exe	"Added by a variant of the RBOT WORM!"
X	blah service	evosys.exe	"Added by a variant of the RBOT WORM!"
X	blah service	win32.exe	"Added by the RBOT-AXO WORM!"
X	Blah service	CCAPPS32.EXE	"Added by the RBOT.TV WORM!"
X	blah services	iczw.exe	"Added by the RBOT-GMP WORM!"
X	blahh service	msengine.exe	"Added by a variant of the RBOT WORM!"
X	blahx service	msnjompa.exe	"Added by the SDBOT.AML WORM!"
X	Blue Service	[path to trojan]	"Added by the BANCOS-BCW TROJAN!"
U	Boost XP Service	bxservice.exe	"Boost XP from Systweak - WinXP tweaking utility"
X	Boot Service	bootservice.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Boot Service	bootsv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
Y	Bredbandsbolaget	servicecenter.exe	"Related to the Brebband Swedish Broadband provider"
X	BrowseProxy	FindService.exe	"Actual Names (AdvSearch) Internet Keywords parasite"
U	bugwatcher service	bugwatcher.exe	"
X	BuildLab	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
U	Bulldog Service	upsd.exe	Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link
U	CARPservice	carpserv.exe	"Associated with Zoltrix and Conexant modems - enables the internal modem speaker
X	ccApps	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
X	Cgtask Services	cgtask.exe	"Added by the LALA.B TROJAN!"
X	Clean up	service.exe	"Added by the AGENT-FPY TROJAN!"
X	clean_service	clean_service.cmd	"Added by the REFAZ WORM!"
X	CLI Services	clisrv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
N	Client Access Service	CwbSvStr.Exe	"Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop
X	Clip Service Manager	clipmg.exe	"Added by the DELF.DXJ TROJAN!"
X	Clip Servicer	clipsrvc.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
N	Clipbook Service	Clipsrv.exe	"Supports Windows XP ClipBook Viewer
X	COM Service	mscom32.com	"Added by the BEASTY.H TROJAN!"
X	COM Service	msynvr.com	"Added by the BEASTY.G TROJAN!"
X	COM Service	msjclh.com	"Added by the BEASTY.E TROJAN!"
X	COM Service	msdrce.com	"Added by the BEASTY.I TROJAN!"
X	COM Service	msflyx.com	"Added by the BEASTDO-O TROJAN!"
X	COM Service	mskwda.com	"Added by the AGENT-JIX TROJAN!"
X	COM+ EventSystem Services	ECSERVER.EXE	"Added by a variant of the SDBOT WORM!"
X	CommonService	winup.exe	"Added by the DLOADR-BJJ TROJAN!"
X	Compaq Service Drivers	systeminfos.exe	"Added by the SDBOT-XC WORM!"
X	Compaq Service Drivers	compq.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	navapqwa.exe	"Added by the SDBOT.BBQ WORM!"
X	Compaq Service Drivers	amsn.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	compqs.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	msnt.exe	"Added by the SDBOT.CQL WORM!"
X	Compaq Service Drivers	NtKernelSystem.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	wincmd.exe	"Added by the RBOT.ATV WORM!"
X	Compaq Service Drivers	wind32.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	winmsn.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivers	compaq.exe	"Added by the SDBOT-AFU WORM!"
X	Compaq Service Drivers	msnsvc.exe	"Added by the RBOT.BKT WORM!"
X	Compaq Service Drivers	ntsys32.exe	"Added by the RBOT.CIW WORM!"
X	Compaq Service Drivers	winsvc.exe	"Added by the SDBOT-AGD WORM!"
X	Compaq Service Drivers 32	compq32.exe	"Added by a variant of the SDBOT WORM!"
X	Compaq Service Drivrs	copq.exe	"Added by a variant of the RBOT WORM!"
X	Compaq Services Drivers	ndt32.exe	"Added by the RBOT.CQZ WORM!"
X	Compaq32 Service Drivers	ms32.exe	"Added by the SDBOT.BWH WORM!"
X	Compaq32 Service Drivers	msconfig32.exe	"Added by the SDBOT-ADC WORM!"
X	Compaq32 Service Drivers	msnt32.exe	"Added by the RBOT.BVF WORM!"
X	Compaqs Service Driver	copypad32.exe	"Added by the SDBOT.CSO WORM!"
X	Compaqs Service Drivers	compqs.exe	"Added by a variant of the SDBOT WORM!"
X	Compatibility Service Process	regsvs.exe	"Added by the GAOBOT.YN WORM!"
X	Compd Service Drivrs	codq.exe	"Added by a variant of the SDBOT WORM!"
X	Config	service.exe	"Added by the ISRAZ.B WORM!"
X	Config	WinService32.exe	"Added by the CRUTCHA-A TROJAN!"
N	ConfigServices	Config.exe	Part of initial setup on a Compaq PC
X	Configuration Loader	service5.exe	"Added by the GAOBOT.AF WORM!"
X	Configuration Loader	Service.exe	"Added by the GAOBOT.AO WORM!"
X	Configuration Loader	Servicess.exe	"Added by the GAOBOT.AO WORM!"
X	Configuration Loader Service	Winsys32.exe	"Added by the RBOT-YV WORM!"
X	Configuration Loader Service	devl32.exe	"Added by the SDBOT-XY WORM!"
X	Configuration Loading Service	wscel.exe	"Added by the SDBOT-WJ WORM!"
X	Configuration Service	suchost.exe	"Added by the TREB TROJAN!"
X	Configuration Services	mswords.exe	"Added by the SDBOT-YM WORM!"
X	ConfigVir	services.exe	"Added by the AUTORUN-DV WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder"
X	Content Service	winserv[LETTER].exe	"PurityScan adware"
X	ContentService	winservn.exe	"PurityScan adware - see here"
X	control panel software service	cprs.exe	"Added by the RBOT-FPI WORM!"
X	Controlled Resource System Service	crss.exe	"Added by the AGOBOT.GH WORM!"
X	ControlServiceMgr	csmsv.exe	"Added by the AGENT-XC TROJAN!"
U	Copernic Desktop Search 2	DesktopSearchService.exe	"Copernic Desktop Search - search agent"
X	Counterstrike Service Agent	czrzns.exe	"Added by the MEDBOT.AR WORM!"
U	CPQInet Runtime Service	CpqInet.exe	"For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers"
X	Cryptographic Service	*****.exe [ = random char]	"Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!"
N	Cyberlink PowerCinema 3.0	PCMService.exe	"Part of Cyberlink's PowerCinema - which can be used to watch movies
X	DamedWare Services	dwdrce.exe	"Added by the RBOT-AOJ WORM!"
X	Data Restore Service	prq8.exe	"Added by the KELVIR.AI WORM!"
?	desk-top-service	desk-top-service.exe	"??"
X	DeskAd Service	DeskAdServ.exe	"DeskAd.Service adware"
N	Desktop Service Centre	DSC.exe	OptusNet DSL or Dial-Up connection software
X	DHCP32	services.exe	"Added by the WINSPY.AG TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\display"
U	DIGServices	DIGServices	Created by Disney but licensed to ESPN for watching videos
N	DIGServices	DIGServices.exe	Created by Disney but licensed to ESPN for watching videos
X	DirectX For Microsoft Windows	dtxservice.exe	"Added by the PROGENT TROJAN!"
X	DirectX for Microsoft Windows	Fservice.exe	"Added by the PRORAT TROJAN!"
X	DirectX for Microsoft Windows	Sservice.exe	"Added by the PRORAT TROJAN!"
X	DirectX For Microsoft® Windows	fservice.exe	"Added by the PRORAT-P TROJAN!"
X	DirectX For Microsoft� Windows	fservice.exe	"Added by the PRORAT-L TROJAN!"
Y	DkService	DkService.exe	"From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled
X	DLL Service Manager	[path to worm]	"Added by the RPCBOT.F TROJAN!"
X	dll services	[random filename].exe	"Added by a variant of the SDBOT WORM!"
X	DLLService32	dllsvc32.exe	"Added by the AGOBOT.VX WORM!"
X	dm_service	[path to file]	"Added by the MITGLIEDER.P TROJAN!"
X	DNS Config service	win32.exe	"Added by the RBOT-TL WORM!"
X	DNS Service	dnsresolver.exe	"Added by the RBOT-PQ WORM!"
X	DNS Service	dnssvc.exe	"Added by the DELBOT-Z WORM!"
X	Domain Name Resolve Service	dnsresolver.exe	"Added by the KIMAN.A WORM!"
X	DomPlayer Service	wakeservice.exe	"DomPlayer adware"
X	DR service	[path to worm]	"Added by the RBOT-CZT WORM!"
X	DSService	dmrss.exe	"Added by the AGOBOT-XX WORM!"
X	Dumeter Services	dumeter.exe	"Added by the SDBOT-AEQ WORM!"
X	DUN_SERVICES3	dun3.exe	"Added by the SOKIRON TROJAN!"
X	Enumerate Service	wsys.exe	"Added by the MANIFEST TROJAN!"
U	EPGServiceTool	EPGClient.exe	"Electronic Programme Guide (EPG) for the WinTV range of TV Tuners from Hauppauge"
U	EPGServiceTool	EPGCLI~1.EXE	"Electronic Programme Guide (EPG) for the WinTV range of TV Tuners from Hauppauge"
N	ePrint 3.0 Service	EPRINT3.EXE	"LEADTOOLS ePrint file conversion software - ""convert any file to and from over 150 document and image formats including searchable PDF
N	ePrint 4.0 Service	EPRINT4.EXE	"A component of the ""LEADTOOLS ePrint File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF
Y	eRecoveryService	check.exe	"Now part of Acer Empowering Technology. ""Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer
U	eRecoveryService	Monitor.exe	"Part of Acer Empowering Technology. ""Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer
U	eRecoveryService	eRAgent.exe	"Part of Acer Empowering Technology. ""Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer
U	ES Current Services	[FILE NAME].exe	"123Keylogger surveillance software. Uninstall this software unless you put it there yourself"
X	EUP Service	eupsvc.exe	"Added by the DELBOT-Q WORM!"
?	EverioService	EverioService.exe	"Related to the Cyberlink software supplied with JVC's Everio camcorders. What does it do and is it required?"
U	FieldForms Sync	SyncService.exe	"Resco FieldForms. A solution for building of mobile forms that can be viewed or filled in on the run
?	file indexing service	msfindfile.exe	"New version of MS FindFast and still a resource hog?"
X	File Mapping Services	hp-1003.exe	"Added by the RBOT.FAN WORM!"
X	File System Service	wmiprvsc.exe	"Added by the AGOBOT-HZ TROJAN!"
U	FilmLoop	FilmLoopService.exe	"Related to FilmLoop - a photocasting network. Share your pictures with your family and friends"
X	Fire Wall services	[random filename]	"Added by the IRCBOT-QY WORM!"
X	Fire Wall services	wnlmzsfhobi.exe	"Added by the IRCBOT-QY WORM!"
X	Fire Well service	[random].exe	"Added by the RBOT-FJU WORM!"
X	FireFox Service Drivers	ssmss.exe	"Added by a variant of the SDBOT WORM!"
X	FiresWallservices	[random].exe	"Added by the RBOT-FJT WORM!"
X	FireWire Service	nvscv32.exe	"Added by a variant of the SDBOT WORM!"
X	FireWire Services	nvcsv32.exe	"Added by a variant of the SPYBOT WORM!"
X	Flash Media	services.exe	"Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
X	Folder Service	wssdtu.exe	"Added by the MANIFEST TROJAN!"
X	foxwudy9912	service.exe	"Added by the BANCOS-BT TROJAN!"
X	FriendlyTypeName	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
X	fukerservice	fukerz.exe	"Added by a variant of the RBOT WORM!"
U	fwservice	fwservice	"eAcceleration Stop-Sign security software related. Previously not recommended
?	GACService	GACService.exe	"Related to a Gemplus product. What does it do and is it required?"
X	Generic Host Process for Win Services	mscvs.exe	"Added by a variant of the SDBOT WORM!"
X	Generic Host Process for Win32 Service	svlhost.exe	"Added by the WOOTBOT.EX WORM!"
X	Generic Host Process for Win32 Service	rpchost.exe	"Added by the IRCBOT.DCN WORM!"
X	Generic Host Process for Win32 Services	ntspcv.exe	"Added by the SDBOT.S TROJAN!"
X	Generic Host Process for Win32 Services	intspvc.exe	"Added by the DINFOR.D WORM!"
X	Generic Host Process for Win32 Services	winsvc.exe	"Added by the SDBOT-O WORM!"
X	Generic Host Process for Win32 Services	bazzi.exe	"Added by the AHKER.E WORM!"
X	Generic Host Process for Win32 Services	winsvc32.exe	"Added by the SDBOT-P WORM!"
X	Generic Host Process for Win32 Services	lspsvc.exe	"Added by the MUMU.C WORM!"
X	Generic Host Process for Win32 Services	SPSVC.EXE	"Added by the SDBOT.DA WORM!"
X	Generic Host Process for Win32 Services	svchost32.exe	"Added by the AGOBOT.ALH WORM!"
X	Generic Host Process for Win32 Services	sv�h�st.exe	"Added by the DLOADER.AK TROJAN!"
X	Generic Host Process for Win32 Services	winlogon.exe	"Added by a variant of the IRCBOT BACKDOOR! See here. Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	Generic Host Process For Win32 Services	mtsc32.exe	"Added by the VB-CPL TROJAN!"
X	Generic Host Process for WinXP Services	mshelp.exe	"Added by the AGENT-GQP TROJAN!"
X	Generic Host Service	lshost.exe	"Added by the RBOT.LU WORM!"
X	Generic Service Process	regsvc32.exe	"Added by the GAOBOT.UJ or GAOBOT.UL WORMS!"
X	Generic Service Process	serv1ces.exe	"Added by the AGOBOT-JK WORM!"
X	Generic Service Process	nvsvc.exe	"Added by the AGOBOT.BY WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in %System%"
X	Generic Service Process	srvhost.exe	"Added by the AGOBOT-FX WORM!"
X	Generic Service Process	regsvr32.exe	"Added by the AGOBOT-AGD WORM!"
X	Generic Service Process	SRCHOST.EXE	"Added by the AGOBOT-DG WORM!"
X	Generic Services Process	regsvc32.exe	"Added by the GAOBOT.SY WORM!"
X	Get-Torrent Service	wakeservice.exe	Get-Torrent bittorrent client - Installs LOP adware
N	GhostStartService	GhostStartService.exe	"Required to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizard"
U	GoBack Polling Service	GBPoll.exe	"Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users
X	Golum	services.exe	"Added by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process
X	golumm	services.exe	"Added by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""golumm"" subfolder"
X	Google service	Googlesetup.exe	"Added by the IRCBOT-RJ WORM!"
X	Google Service FR	GO0GLEFREE.EXE	"Added by a variant of the SPYBOT WORM!"
X	Graphics adapter service	windll.exe	"Added by the ATNAS.A WORM!"
X	h4te Service Drivers	h4te.exe	"Added by a variant of the RBOT WORM!"
X	Hardware Monitor Service	mshms.exe	"Added by the WOLLF-A TROJAN!"
?	HerculesCamService	CamService.exe	"Related to the Hercules Dualpix HD Webcam. What does it do and is it required?"
X	HOI Services	holsvc32.exe	"Added by the AGOBOT-SF WORM!"
X	HP Service Drivers	hdsys.exe	"Added by the SDBOT-ZE WORM!"
?	hp Silent Service	HpSrvUI.exe	"HP related"
X	HPl Services	hmlsvc32.exe	"Added by the AGOBOT-SI WORM and variants!"
X	HQI Services	hqisvc32.exe	"Added by the AGOBOT-RO WORM!"
X	HQI Services	hqlsvc32.exe	"Added by the AGOBOT-RP WORM!"
X	Hservice	msservice.exe	"Added by the AUTORUN-KL WORM!"
X	ICQ Chat Service	icqjdhs.exe	"Added by a variant of the RBOT WORM!"
X	icrosoft Windows DLL Services Configuration	poker3.exe	"Added by the SDBOT-AER WORM!"
X	ICU-Sucker	Service32.exe	"Added by the ILLNOTIFIER.D TROJAN!"
X	IEService.exe	IEService.exe	"FastFind adware variant"
X	Iexplore Services	iexplore.exe	"Added by the LITHIUM BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup!"
X	IExplorerService	WinSock.exe	"Added by the AGENT.KIU TROJAN!"
Y	IKE Service 95	IKEService.exe	"Associated with PGP. The PGP Tray can be disabled
X	Index Service	dllhost32.exe	"Added by the AGOBOT.CH WORM!"
X	InetServices	wsock32.exe	"Added by the WOCK32-A TROJAN!"
X	iNotice	iservice.exe	Added by a variant of an MSN worm that tries to lure people to an infected site by using nude pictures and videos
X	Instant Access	"rundll32.exe EGCOMSERVICE_****.dll	InstantAccess [**** = digits]"
X	Instant Messenger Service	imservice.exe	"Detected by Kaspersky as the HEUR TROJAN!"
X	Intec Service Drivers	msmsgrs.exe	"Added by the SDBOT-ADN WORM!"
X	Intec Service Drivers	[path to worm]	"Added by the RBOT-GLU WORM!"
X	Intec Service Drivers	wing32.exe	"Added by the RBOT.HAZ WORM!"
X	Intec Service Drivers	msmsgredss.exe	"Added by the SDBOT-AGL WORM!"
X	Intec Services Driverrs	winrvc.exe	"Added by a variant of the SDBOT WORM!"
X	Intec Services Drivers	msupdate22e.exe	"Added by the RBOT-CGC WORM!"
X	Intel Management Services v32	mstime32.exe	"Added by the AUTORUN-AYG WORM!"
X	Intel Service Drivers	msconfig16.exe	"Added by the MSCONFIG16 TROJAN!"
?	Intense Registry Service	IntEdReg.exe /CHECK	"Intense Educational Ltd - Language Office Software. Is it required?"
X	Internet download manager service	idman.exe	"Added by the RBOT-BMS WORM!"
X	Internet Exploere Services	urlmon32.dll.exe	"Added by the EVIAN.C WORM!"
X	Internet Security Service	msq32.exe	"Added by the RBOT-GFP WORM!"
X	Internet Security Service	msq23.exe	"Added by the RBOT-GQL WORM!"
X	Internet Security Service	msql23.exe	"Added by the RBOT-GML WORM!"
X	Internet Security Service	mysqlwin32.exe	"Added by the RBOT.UX TROJAN!"
X	Internet Security Service	expllorer.exe	"Added by the REFROSO.AFF TROJAN!"
X	Internet Service	intersvc.exe	"Added by the SPYBOT-DE WORM!"
X	internet service	syscfg32.exe	"Added by the RBOT-QS WORM!"
X	internet service	ssvhost.exe	"Added by a variant of the RBOT WORM!"
X	internet service	svho0st98.exe	"Added by the RBOT.EAT WORM!"
X	Internet Services	systemdev.exe	"Added by the SDBOT-PW WORM!"
X	Internet Services	internet.exe	"Added by the MYTOB.BT WORM!"
X	Internet Services	interserv.exe	"Added by the RBOT.BNT WORM!"
X	Internet Services	Netsvc.exe	"Added by the MYTOB.MN WORM!"
X	IP Packet Redirect Service	ipredirect.exe	"Added by the FORBOT.SM WORM!"
X	iPod USB Service	iPODService.exe	"Added by a variant of the RBOT WORM! Do not confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the %ProgramFiles%\iPod\bin folder and is implemented as a system service
X	IPOT Service Drivers	compaq.exe	"Added by a variant of the FUROOTKIT TROJAN!"
X	IPOT USB Service DRIVER	hpsebc087.exe	"Added by the SDBOT-WA WORM!"
X	IPOT USB Service DRV32	hpsebc08.exe	"Added by the SDBOT-WH WORM!"
X	IPv6 STUN Service	netstun.exe	"Added by a variant of the SDBOT WORM!"
U	iRiver AutoDB	MLService.exe	"Associated with the iRiver Music Manager"
X	ISPSERVICE	psycho.exe	"Added by the IRCFLOOD-O TROJAN!"
X	ISPSERVICE	wintmp.exe	"Added by the IRCBOT.GP BACKDOOR!"
N	ISSI EZUpdate Service	issimsvc.exe	Part of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching
X	IST Service	istsvc.exe	"ISTBar adware"
X	ist service uninstall	[random filename]	"ISTBar adware related"
N	IVPServiceMgr	ivpsvmgr.exe	"Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as
X	JavaScript Debugging Service	JsDbgMan.exe	"Added by the DERDERO.E WORM!"
X	Kernel	services.exe	"Added by the FOOZ-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Kernel Services	service32.exe	"Added by the PRX-B TROJAN!"
X	KKM Service	kkm.exe	"Added by the NANPY-I WORM!"
X	Layersecurity Servicemonitor	LSSMON.EXE	"Added by the BANKER.ZAQ TROJAN!"
U	LG Direct Media Button Service	LGDMEBTN.exe	"Supports the Direct Media button on LG Notebooks that support it - such as the S1 PRO EXPRESS DUAL. Pressing this button launches the application for watching movies or listening to music"
N	LicCrtl	runservice.exe	"Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running
X	LiveUpdate32	services.exe	"Added by the VB.BAU BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\isas"
X	Load Service	SvHost.exe	"Added by the PESIN-D WORM!"
X	LoadService	Rest In Peace	"Added by the KANGAROO-A WORM!"
X	LoadService	"Maaf	tempatmu bukan di sin"
X	LoadService	Virus	"Added by the CAGER.A WORM!"
X	Local Authority Service	lsass.exe	"Added by the MARKTMAN-C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Local runole service	srvc32.exe	"Added by the SMALL-DP TROJAN!"
X	Local Security Authority Service	lssas.exe	"Added by the POEBOT-J WORM!"
X	Local Security Authority Service	Isass.exe	"Added by the LINKBOT.M WORM!"
X	Local Service	Intenat.exe	"Added by the NUCLEAR-J TROJAN!"
X	Local Service	services.exe	"Added by the P2PWORM-T WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Cursors"
X	Locator Service	[filename]	"Added by the AGOBOT-KY TROJAN!"
X	Login Service	[path to file]	"Added by the MIGMAF TROJAN!"
?	LogitechCameraService(E)	ElkCtrl.exe	Entry added when you install versions of the Logitech QuickCam webcam software. It's exact purpose is unknown at the present time
X	LogService	wincalc.exe	"Added by the PAPROXY TROJAN!"
X	LogService	lsass.exe	"Added by the BDOOR-IU BACKDOOR! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	LogService	lsrss.exe	"Added by the PAPROXY-D TROJAN!"
U	LogService	LogService.exe	"SmartKeylogger keystroke logger/monitoring program - remove unless you installed it yourself!"
X	LSA Service	LSASS.exe	"Added by the AHKER.G WORM! Note - this is not the legitimate lsass.exe process
X	lsa Services	lsa2srv.exe	"Added by the TAME-C WORM!"
X	lsass service	lsass2.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
N	Macrovision Update Service	issch.exe	"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry runs scheduled searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
N	Macrovision Update Service	ISUSPM.exe	"InstallShield is used by a number of software producers to install their programs and manage software updates. This entry searches for and performs any updates to supported installed software so you're always working with the most current version. Manually check for software updates for installed programs on a regular basis"
X	Managment Service	[random filename]	Added by the RBOT.BIS TROJAN!
X	mark the service	xxtra32.exe	"Added by the SDBOT.APP WORM!"
U	MaxBackSchedule	maxbackservice.exe	Backup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick Start
U	McAfee Managed Services Tray	StartMyagtTry.exe	System tray notification for the now obsolete McAfee Managed VirusScan anti-virus and anti-spyware security tool for small businesses. Not required to be protected but you lose notifications
Y	McAfeeVirusScanService	Avsynmgr.exe	"From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe)
X	MDNS	service.exe	"Mirar adware variant"
U	Media Codec Update Service	update.exe	"Windows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updated"
X	Media Service	msn64.exe	"Added by the SPYBOT.EV WORM!"
X	Media service	msnmsgxr.exe	"Added by the SDBOT.TF WORM!"
X	Media service	SYSTEM64.EXE	"Added by the RBOT.QV WORM!"
X	Media service	notpad.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Media Services	[filename].exe	"Added by the AGENT-BA BACKDOOR!"
X	Media X Services	MSNGRx.exe	"Added by the RBOT.AUL WORM!"
X	Media-XP-Service-Pack3	msnzx.exe	"Added by the SDBOT-ACW WORM!"
U	MediaLifeService	MediaLifeService.exe	"Related to MediaPlay Cordless Mouse from Logitech"
X	MediaXPServicePack	mxpsp.exe	"Added by the SDBOT.CDT WORM!"
X	Memory Allocation Services	cisrv.exe	"Added by the IRCBOT.FC BACKDOOR!"
X	Memory relocation service	reloc32.exe	"Added by the RELFEERWORM!"
X	Memory Service	freememory.exe	Added by the RBOT.GEN WORM!
X	Messenger Service	msmsgs.exe	"Added by the SDBOT-ZB WORM! Note - this particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger"
X	Messenger Service	nvhost.exe	"Added by the JLOK-A WORM!"
X	Messenger Service Updater	svshost.exe	"Added by the MYTOB.GC WORM!"
X	Mgsgi service	wkzfn.exe	"Added by the AGOBOT-AHL WORM!"
X	Micosoft Data Core	runservice.exe	"Added by the IRCBOT.BK WORM!"
X	Micrcsoft Certificate Services	cflmon.exe	"Added by the RBOT-FWV WORM!"
X	Microsoft	sqlservice.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Microsoft (R) Windows Configuration Backup Service	svchost.exe	"Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in either a ""config""
X	Microsoft (R) Windows Network Security Management Service	nsms.exe	"Added by the RANKY.LC TROJAN!"
X	Microsoft (R) Windows Protected Content Restoration Service	services.exe	"Added by the AGENT.AGV BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\etc"
X	Microsoft (R) Windows TCP/IP Socket Layer	services.exe	"Added by the RBOT.ARM WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\winsock"
X	Microsoft (R) Windows Update Service	wuauclt.exe	"Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process
X	Microsoft (R) Windows Vista/NT Runtime Compatibility Service	nrcs.exe	"Added by the RANKY.X TROJAN!"
X	Microsoft ADservice	[random filename]	"Added by a variant of the RBOT WORM!"
X	Microsoft Authority Service	lsass.exe	"Added by the KALEL-D WORM! Note - this is not the legitimate lsass.exe process
X	Microsoft Browser Services	Brwsr32.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Browser Services	Brwsr64.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Configoration Service	msconfigs.exe	"Added by the RBOT-ETT WORM!"
X	Microsoft Corp. Host Services	svchosl.exe	"Added by the RBOT-FMZ WORM!"
X	Microsoft Corporation Svchost Service	mssvc.exe	"Added by a variant of the SDBOT WORM! See here"
X	Microsoft Corporation Svchost Service	mswsc.exe	Added by the AGENT.MAB TROJAN!
X	Microsoft Critical Services	svhhost.exe	"Added by the AGOBOT-AJA WORM!"
X	Microsoft CSRSS Service	nsmscrs.exe	"Added by the RBOT-BPT WORM!"
X	Microsoft Debug Service	dbgbgr.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Development Services	msdevelop.exe	"Added by the RBOT-FWS WORM!"
X	Microsoft dll Host Service	wkssr.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft DLL Host Service	dllmemhost.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft DLL Host Service	svcdllhst.exe	"Added by the AGENT.EAK TROJAN!"
X	Microsoft dll Host Service	svchost.exe	"Added by the RBOT.BMS BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Microsoft DLL Service	servicedll.exe	"Added by the IRCBOT.OX BACKDOOR!"
X	Microsoft DLL Service	svcdll.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft Driver Setup	w7services.exe	"Added by the AUTORUN-ARJ WORM!"
X	Microsoft EV32 Service	MSev32.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Explorer Service	msexplore.exe	"Added by the IRCBOT.AYB BACKDOOR!"
X	Microsoft Hosting Service	WINHOSTING.EXE	"Added by the RBOT.AEV WORM!"
X	Microsoft Hosts Service	Isass.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Initialization Service	initsvc.exe	"Added by the IRCBOT.AXK BACKDOOR!"
X	Microsoft Initialization Services	initserv.exe	"Added by the IRCBOT-ABO TROJAN!"
X	Microsoft Install Shield Services	rundll64	"Added by the RBOT-FSH WORM!"
X	Microsoft Int Service	MsIntSrv.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Internet Services	Smss32.exe	"Added by the RBOT.MS WORM!"
X	MicroSoft Legal Service	Srb0ty.exe	"Added by the SPYBOT.HW WORM!"
X	Microsoft Lmhosting Service	lmhosts.exe	"Added by the RBOT-RC WORM!"
X	Microsoft Lsass Service	wintcp32.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Manage Services	sychost.exe	"Added by the SLENFBOT.AD WORM!"
X	Microsoft Manage Services	schost.exe	"Added by the SLENFBOT.B WORM!"
X	Microsoft media services	Iassd.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Microsoft media services	winmplayer.exe	"Added by the RBOT.ZO WORM!"
X	Microsoft Messenger Service	msmsg32.exe	"Added by the RBOT.BOK WORM!"
X	Microsoft Ming Service	ming.exe	"Added by the RBOT-AWS WORM!"
X	Microsoft MSN 7 Services	msnmsg.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft MSN 7 Services	msnmsger.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft MSN Services	msnsm.exe	"Added by the RBOT.ARV BACKDOOR!"
X	Microsoft Network Services Controller	mmsvc32.exe	"Added by the NANPY-A WORM!"
X	Microsoft Nod32 Service	nood32.exe	"Added by the RBOT.EJP WORM!"
X	MicroSoft Remote Secure Service	MSRSS.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Secure	Messenger.NET Service	"Added by the FORBOT-AM WORM!"
X	Microsoft Secure Messenger.NET Service	securitychk.exe	"Added by the SDBOT.VT WORM!"
X	Microsoft Security	winService.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Security Center	savservices.exe	"Added by the RBOT-ANU WORM!"
X	Microsoft Security Monitor Process	service.exe	"Added by the DELF.BERW BACKDOOR!"
X	Microsoft Service	microhost.exe	"Added by the RBOT-LC WORM!"
X	Microsoft Service	winsvc.exe	"Added by the SPYBOT-DB WORM!"
X	Microsoft Service	rundll.exe	"Added by the POPO-A WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
X	Microsoft Service	service.exe	"Added by the IRCBOT-XX BACKDOOR!"
X	Microsoft Service	winspl.exe	"Spyman spyware"
X	Microsoft service	cssrs.exe	"Added by the STARTP-DC TROJAN!"
X	Microsoft Service 32	mssvc32.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Service 32	sysddm32.exe	"Added by the SDBOT.AKC WORM!"
X	Microsoft Service Access Manager	Access.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Microsoft Service Boot	sboot.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Service Controller	services.exe	"Added by the KALEL-D WORM! Note - this is not the legitimate services.exe process
X	Microsoft Service Disk Cycle	disksave.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Service Drivers	System.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Service Drivers	VSADNIM.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Service Execution Manager	execute.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Microsoft Service firewall Manager	firewall.exe	"Added by a variant of the SDBOT BACKDOOR! Located in %System%"
X	Microsoft Service Host Manager	32svchost.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Service Host Process	svchost.exe	"Added by the KRYNOS.B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help"
X	Microsoft Service Information	msnservices.exe	"Added by the RBOT.ID WORM!"
X	Microsoft Service Login Manager	winlogin.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft Service Manager	service32.exe	"Added by the IRCBOT.WDW BACKDOOR!"
X	Microsoft Service Manager	winsvc.exe	"Added by a variant of the RBOT WORM! See here"
X	Microsoft Service Pack	WindowsSP.exe	"Added by the RBOT-RF WORM!"
X	Microsoft Service Pack2.1	svchost2.exe	"Added by the RBOT.ASN BACKDOOR!"
X	Microsoft Service Tools	MStools1.exe	"Added by the RBOT-BHT WORM!"
X	Microsoft Services	lsserv.exe	"Added by an unidentified VIRUS
X	Microsoft Services	lssrv.exe	"Added by the RBOT.CW WORM!"
X	Microsoft Services	services.exe	"Added by the ALETS TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Microsoft Services	lsrv.exe	"Added by the RBOT-BK WORM!"
X	Microsoft Services	svshost.exe	"Added by the ALETS.B TROJAN!"
X	Microsoft Services	bsc32.exe	"Added by the BDOOR-AW BACKDOOR!"
X	Microsoft Services	Smss32.exe	"Added by the RBOT-AD WORM!"
X	Microsoft Services	svssshost.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Services	module.exe	"Added by the LAVITS WORM!"
X	Microsoft Services	msmpserv.exe	"Added by the IRCBOT.BKA BACKDOOR!"
X	Microsoft Services Unitd	MSU32.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Servicez Manager	servicemgrz.exe	"Added by the RBOT-ASN WORM!"
X	Microsoft SpA Service	msapps.exe	"Added by the RBOT-VI WORM!"
X	Microsoft SpA Service	win32.exe	"Added by the RBOT.ATS WORM!"
X	Microsoft SpA Service	Winupd32.exe	"Added by the RBOT.LT WORM!"
X	Microsoft SpAr Service	winsbsd32.exe	"Added by the RBOT-RN WORM!"
X	Microsoft Spool ** Service	spool**.exe	"Added by a variant of the IRCBOT TROJAN - where ** represents a 2 digit number"
X	Microsoft Spooler Services	Spoolsv.exe	"Added by a variant of the SPYBOT WORM! See here"
X	Microsoft Startup Manager	sysservice.exe	"Added by the AVALANEC TROJAN!"
X	Microsoft Svchost local services	winoem.exe	"Added by the RBOT-FPE WORM!"
X	Microsoft Svchost local services	nzm23.exe	"Added by the RBOT-GMC WORM!"
X	Microsoft Svchost local services	msnserver.exe	"Added by the RBOT-GPM WORM!"
X	Microsoft System Debug	services32.exe	"Added by the RBOT.AKH WORM!"
X	Microsoft System DLL Services Configuration	windir32.exe	"Added by the SDBOT-ACY TROJAN!"
X	Microsoft System Service	dnservice.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft System Service	taskmgr1.exe	"Added by a variant of the SPYBOT WORM! See here"
X	Microsoft System Service	winIogon2.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft System Service Device	mssdh.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Microsoft System Services	msnmgsr.exe	"Added by the KELVIR.K WORM!"
X	Microsoft System Services	msmsgr.exe	"Added by the RBOT-ZH WORM!"
X	Microsoft TCP Service	scvhost.exe	"Added by the AGOBOT-L WORM!"
X	Microsoft Update	ntservice.exe	"Added by the AGENT-DIS TROJAN!"
X	Microsoft Update	service.exe	"Added by a variant of the RBOT WORM! See here"
X	Microsoft Update Machine	servicez.exe	"Added by the SPYBOT.BI WORM!"
X	Microsoft Update Service	csrss32.exe	"Added by the AGOBOT-HC WORM!"
X	Microsoft Update Service	mswin32.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft update service	systemm.exe	"Added by a variant of the SDBOT WORM!"
X	Microsoft Update SERVICE	phqghum.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Update Service	msupdate.pif	"Added by the RBOT-AQB WORM!"
X	Microsoft Update Service	wmiprvre.exe	"Added by the AGOBOT-NN WORM!"
X	Microsoft Update Services	wcsnfty.exe	"Added by the RBOT-AGK WORM!"
X	Microsoft Update Services	wsnfty.exe	"Added by the RBOT-AFU WORM!"
X	Microsoft Updates	service.exe	"Added by the POISON.HPT BACKDOOR!"
X	Microsoft uptime Service	sysuptime.exe	"Added by the RBOT-ACG WORM!"
X	Microsoft uptime Service	sycuptime.exe	"Added by the RBOT-AHY WORM!"
X	Microsoft usnsvc Service	usnsvc.exe	"Added by a variant of the KOBOT-C WORM!"
X	Microsoft Virtual Service Manager	vservice32.exe	"Added by the MSNWORM.T WORM!"
X	Microsoft Vista Upgrade Validation Service	cfmon.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft Visual SourceSafe	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
X	Microsoft Windows DLL Services	mwindll.exe	"Added by the SDBOT-VX WORM!"
X	Microsoft Windows DLL Services Configuration	newdll.exe	"Added by the SDBOT-ZR WORM!"
X	Microsoft Windows DLL Services Configuration	newdll2.exe	"Added by the SDBOT-ABD WORM!"
X	Microsoft Windows DLL Services Configuration	poker.exe	"Added by the SDBOT-ZY WORM!"
X	Microsoft Windows DLL Services Configuration	poker3.exe	"Added by the SDBOT-AAH WORM!"
X	Microsoft Windows DLL Services Configuration	proxy.exe	"Added by the SDBOT-ZL WORM!"
X	Microsoft Windows DLL Services Configuration	windir32.exe	"Added by the SDBOT.BHF WORM!"
X	Microsoft Windows DLL Services Configuration	windir32a.exe	"Added by a variant of the SDBOT.BHF WORM!"
X	Microsoft Windows DLL Services Configuration	windll32.exe	"Added by the SDBOT.BHD WORM!"
X	Microsoft Windows DLL Services Configuration	winDSL.exe	"Added by the SDBOT-ZG WORM!"
X	Microsoft Windows DLL Services Configuration	dllmanager32.exe	"Added by the SDBOT-BTU WORM!"
X	Microsoft Windows Kernel Services	winkrnl386.exe	"Added by the ZEBROXY TROJAN!"
X	Microsoft Windows Keyboard service	keyboard.exe	"Added by the RBOT-CRF WORM!"
U	Microsoft Windows Media Player Network Sharing Service Configuration Application	WMPNSCFG.exe	"Network sharing tool for Windows Media Player 11 for XP & Vista. When using WMP 11 on home network you can choose to share your favorite music
X	Microsoft Windows Registry Service	wregistry.exe	"Added by the AGOBOT.AKG WORM!"
X	Microsoft Windows Service	winsys.exe	"Added by the RBOT-ADP WORM!"
X	Microsoft Windows Service Pack	winspkn.exe	"Added by the RBOT-AYD WORM!"
X	Microsoft Windows Services	msw32.exe	"Added by the RBOT-FWQ WORM!"
X	Microsoft Windows Services	Sersices.exe	"Added by the SDBOT-NO WORM!"
X	Microsoft Windows Services Edt	ssvvcchhoosst.exe	"Added by the RBOT-FYF TROJAN!"
X	Microsoft Windows Services Edt	dllrun32.exe	"Added by the RBOT-GAF WORM!"
X	Microsoft Windows Socketx32 Services	winsockx32.exe	"Added by the RBOT-FWT WORM!"
X	Microsoft Windows Storage Machine Service	winms.exe	"Added by the RBOT-AHK WORM!"
X	Microsoft Windows System Service Manager	winsvc.exe	"Added by the SPYBOT.LR WORM!"
X	Microsoft Windows Update Client	services.exe	"Added by the AUTORUN.DVE WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Microsoft Windows Update Service	wupdmgr32.exe	"Added by the DOS.AUTOCAT TROJAN!"
X	Microsoft Windows Update Service	msnmsg.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Microsoft Windows W32 Services	mssw32.exe	"Added by a variant of the SPYBOT WORM!"
X	Microsoft Windows WKS Service	gt.exe	"Added by the SDBOT.IR BACKDOOR!"
X	Microsoft Windows WKS Service	mstask0.exe	"Added by the SDBOT.FV WORM!"
X	Microsoft Winsock Service	msusvc.exe	"Added by the RBOT-ANS WORM!"
X	Microsoft World Service	winworld.exe	Added by an unidentified IRC worm with backdoor capability!
X	Microsoft XML Service	msxmlx.exe	"Added by the RBOT.KS WORM!"
X	MicrosoftDriverService32	drsys32.exe	"Added by the IRCBOT.AKX BACKDOOR!"
X	MicrosoftROMDriverService	cdrss.exe	"Added by the IRCBOT.BLF BACKDOOR!"
X	Microsofts Help Services	msnmngr.exe	"Added by the SDBOT-PJ WORM!"
X	Microsofts Service	lcsrv16.exe	"Added by a variant of the RBOT WORM!"
X	MicrosoftServiceManager	mstask32.exe	"Added by the YAHA.P WORM!"
X	MicrosoftServiceManager	Wintsk32.exe	"Added by the YAHA.U WORM!"
X	MicrosoftServiceManager	EXPLORERE.EXE	"Added by the YAHA.AB WORM!"
X	MicrosoftServiceManager	msupdat.exe	"Added by the YAHA.AA WORM!"
X	MicrosoftXP Service Pack 2	servicepack2.exe	"Added by the RBOT.EMC WORM!"
X	Microst dds service	wsrss.exe	Added by an unidentified WORM or TROJAN!
X	Mircosoft DNS Service	svchost.exe	"Added by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""drivers"" subfolder"
N	MMReminderService	MMReminderService.exe	"Mind Manager from Mindjet - ""easy way to organize ideas and information"". Registration reminder"
X	MMtask Service	mmtask.exe	"Added by the BACKGAT.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename"
X	Monitoring Service	svchost.exe	"Added by the CONE.C WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\tasks"
X	MP Services	mpsvc.exe	"Added by the WOOTBOT.EQ WORM!"
X	MPtask Services	mptask.exe	"Added by the LALA or AOT TROJANS!"
X	MS Config Service	Msloader32.exe	"Added by the RBOT-KJ WORM!"
X	MS Java Service Wrapper Windows NT & XP	wrapper.exe	"Added by the VANEBOT-D WORM!"
X	MS Registry Service	MSRMS32.exe	"Added by the RBOT-AKP WORM!"
X	MS Security Authority Service	lsass.exe	"Added by the KALEL-B WORM! Note - this is not the legitimate lsass.exe process
X	MS Security Hotfix	service5.exe	"Added by the GAOBOT.AG WORM!"
X	MS service	msservice.exe	"Added by the RBOT-ZG WORM!"
X	MS Service Drivers	winscv.exe	"Added by the SDBOT-COG WORM!"
X	ms spool service	msspooler.exe	"Added by a variant of the RBOT WORM!"
X	Ms Update WinServices NT/XP	winservnt32.exe	"Added by the VANEBOT-G WORM!"
X	MS Win32 Network Services	windriver.exe	"Added by the AGOBOT.ADH WORM!"
X	MS Windows TASK Service	MSWTASK32.exe	"Added by a variant of the RBOT WORM!"
X	MS-DOS Boot Service	Boot32.pif	"Added by the RBOT-AMF WORM!"
X	MS-DOS Security Service	ms-dos.pif	"Added by the RBOT-AMR WORM!"
X	MS-DOS Service	MS-DOS.pif	"Added by the RBOT-AII WORM!"
X	MS-DOS Windows Service	MS-DOS.PIF	"Added by the RBOT-AJW WORM!"
X	msconfig service	MSupdate32.exe	"Added by a variant of the SPYBOT WORM!"
X	MSDOS Security Service	msdos.pif	"Added by the RBOT-AMP WORM!"
X	MSDOS Service	MSDOS.PIF	"Added by the RBOT-AIY WORM!"
X	MSDOS Windows Service	MSDOS.PIF	"Added by the RBOT-AKF WORM!"
X	mservices.exe	mservices.exe	"Added by the SDBOT.WJ WORM!"
X	MSFTP Service Config	r3grun.exe	"Added by a variant of the SDBOT WORM!"
X	msjava service	xpcd.exe	"Added by the SDBOT.VM WORM!"
X	MSN	services51651.exe	"Added by the IRCBOT-AAL TROJAN!"
X	MSN	msservice.exe	"Added by the IRCBOT-ABZ TROJAN!"
X	MSN BETA	service.exe	"Added by the RBOT.AUU WORM!"
X	MSN Message Service	msnmsg.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN messenger service	mssgs.exe	Added by an unidentified TROJAN!
X	Msn Messenger Service	msnmsg.exe	"Added by the SDBOT.BMU WORM!"
X	MSN Messenger Service Starter	msnmgsr.exe	"Added by the RBOT-AOS WORM!"
X	MSN Messenger Service Startup	msnservice.exe	"Added by a variant of the RBOT WORM! See here"
X	MSN Messenger Services	msnmgr.exe	"Added by the RBOT.ADF TROJAN!"
X	MSN Messenger Services	msnmgr.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Msn Messenger update	msnservice.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	MSN service	msnmgr16.exe	"Added by a variant of the RBOT WORM!"
X	MSN Service	amsnmsgrs.exe	"Added by a variant of the SDBOT WORM!"
X	Msn Service	matrixcam.exe	"Added by the MYTOB.JH WORM!"
X	Msn Service	raloded.exe	"Added by the MYTOB-DY WORM!"
X	MSN service	msnmsgr16.exe	"Added by the RBOT-RZ WORM!"
X	MSN service	NTDKRN.EXE	"Added by the RBOT.UJ WORM!"
X	MSN Service	msnsvc.exe	"Added by the SLENFBOT.EG WORM!"
X	MSN Service Updates	winproc.exe	"Added by the KELVIR-BB WORM!"
X	MSN Service Utilities	nkn.exe	"Added by the KELVIR-BC WORM!"
X	MSN Service!	msnservice.exe	"Added by a variant of the RBOT WORM! See here"
X	MSN Servicer	msnsrv.exe	"Added by a variant of the IRCBOT TROJAN!"
X	MSN Servicer	msnservicer.exe	"Added by the SLENFBOT.PQ WORM!"
X	MSN Services	msnserv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN Services	msnservice.exe	"Added by the IMPARD-A TROJAN!"
X	Msn Update Service	userx.exe	"Added by the MYTOB.JF WORM!"
X	MSN Update Service	msnupdsv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN User Server!	msnservices.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN User Service	msnsvc.exe	"Added by the SLENFBOT.NS WORM!"
X	MSN User Service!	msnserv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN User Services	msnuserv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	MSN32 X Service	MSN32x.EXE	Added by an unidentified WORM!
X	MSNService	MSNService.exe	"Added by the CARPET.C WORM!"
X	MSOffice	services.exe	"Added by the DLOADER-EU TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an ""MSOffice"" subfolder"
X	MSOfficeCfg	qservice.exe	Premium rate adult content dialer
X	msservice	msserv.exe	"Added by the HYD WORM!"
X	MSService_v1.0	realsched.exe	"EHU adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name"
X	MSService_v1.0	vfp02.exe	"NewWeb adware"
X	MsvcService	msvcs.exe	"Added by the RBOT-RK WORM!"
X	mswkork Service	msework.exe	"Added by a variant of the RBOT WORM!"
X	Multimedia extensions	mservice.exe	"EasySearch adware"
X	Multimedia extensions	mservice1.exe	"Added by the DLOADR-AWD TROJAN!"
N	mumservice	mumservice.exe	"Software updater for Motorola products"
N	MutexServiceEx	Sys32Smm.exe	"Webroot Sofware's discontinued ""Privacy Master"""
X	Myapp	service.exe	Homepage hijacker
Y	MyCIO Agent Service	myagtsvc.exe	"Part of the now obsolete McAfee VirusScan ASaP online anti-virus and anti-spyware security tool for small businesses. Starts via a registry ""RunServices"" key on Windows 98/Me and as a service on Windows NT/2K/XP"
Y	Naimagent_service	EPOAgentnaimas32.exe	"Networked version of McAfee VirusScan. Installs
X	NAV Scan Service	NAVSCAN32.EXE	"Added by the SDBOT.VG WORM!"
N	NeroNETTrayIcon	NNServiceCtrl.exe	"System tray access to NeroNET - Ahead Software's network-capable extension of their CD/DVD burning program. NeroNET allows a burner to be shared across a network"
X	NetManagerService	ntss.exe	"Added by the BESTPICS.A TROJAN!"
U	Netscape	InstallService.exe	Related to Netscape installation
X	NetService	ntsvc.exe	"Added by the QQPASS-DU TROJAN!"
X	netservices	recall.exe	"Added by the WOOTBOT.D WORM!"
X	netservices	svchostn.exe	"Added by the SDBOT.GI WORM!"
X	NETServices	csxrs.exe	"Added by a variant of the SDBOT WORM!"
X	Network Administration Service	rsvc32.exe	"Added by the RBOT.ABH WORM!"
U	Network Associates Error Reporting Service	TBMon.exe	Network Associates Error Reporting Tool - tool traps errors and requests submission to NAI for the purpose of betatesting new software
X	Network Host Service	msmnart32.exe	"Added by the RBOT-CJV WORM!"
X	Network Host Service	[random]32.exe	"Added by the RBOT-BAB WORM!"
X	Network Protocol Service	wuamgrd.exe	"Added by the RBOT.EA WORM!"
X	Network protocol service	wintcp.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Network Provisioning Service	WinNPS.exe	Added by an unidentified WORM/TROJAN!
X	Network Service	svchost.exe	"Added by the STARTPA-CC TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Network Service	svhost.exe	"Added by the HACDEF-K TROJAN!"
X	Network Service	MccTrayApp.exe	Added by an unidentified WORM or TROJAN!
X	NETWORK SERVICE	SV�HOST.exe	"Added by the DELF-EW BACKDOOR!"
X	Network Service Manager	netsvc.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Network Services	netsvacs.exe	"Added by the GAOBOT.AIS WORM!"
X	Network Translation System Service	ntss.exe	"Added by the UNPDOOR TROJAN!"
?	News Service	ispnews.exe	"F-Secure antivirus related. However
U	NFM Service	NPDOR9x.exe	"Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required"
?	nMTaskBarService	nMtsk.exe	"Taskbar control for ISDN NetMod modem. What does it do and is it required?"
X	Nod23 Service	nod23.exe	"Added by the RBOT-GMK WORM!"
X	Nod29 Service	nodwr.exe	"Added by a variant of the RBOT WORM!"
X	Nod32 Service	nod64.exe	"Added by the RBOT.ESJ WORM!"
X	Nod32 Service	alserv32.exe	"Added by the RBOT.DHN WORM!"
X	Nod32 Service	AutoUpdateWin32.exe	"Added by the SDBOT-DJG WORM!"
X	Nod32 Service	nod6.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Norton Auto-Protect	SERVICES.exe	"Added by the AHKER.B WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Also
X	Norton Service Driver	wsul.exe	"Added by the RBOT-ABI WORM!"
X	Norton Service Process	navapvc.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	Norton Service Process	navapsvc.exe	"Added by the AGOBOT-GV WORM! Note - this is not the valid Norton Anti-Virus service which has the same file and is located in %ProgramFiles%\Norton AntiVirus. This one is located in %System%"
?	NovaPortal Single User Service	NPSU.exe	"??"
X	nsdcmd services	nsdcmdav.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	NT Logging Service	Syslog32.exe	"Added by the DONK.B WORM and variants!"
X	NT Printing Service	spoolsc.exe	"Added by the BUZUS-K WORM!"
X	NT Printing Service	chkdsks.exe	"Added by the ARCHIVARIUS series of WORMS!"
X	NT Printing Service	chkdskss.exe	"Added by the ARCHIVARIUS series of WORMS!"
X	NT Printing Services	chkdsks.exe	"Added by the BUZUS-M TROJAN!"
X	NT Service	NTOKSRNL.EXE	"Added by the RBOT-AAG WORM!"
X	NT Services	ntsvc.exe	"Added by the AGOBOT.VJ WORM!"
X	NTSet32	services.exe	"Added by the WINSPY-C TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\dll32"
U	NVIDIA� NVRAID	nvraidservice.exe	"Part of NVIDIA® MediaShield™ Storage - NVIDIA's management utility for creating and monitoring hard disk RAID arrays for the controllers integrated on their motherboards. Includes a Disk Alert System for troubleshooting with notifications via the System Tray. Not required if you don't have a RAID array or if you created the array at the BIOS level. Some users complain that it can report false errors"
U	NVRaidService	nvraidservice.exe	"Part of NVIDIA® MediaShield™ Storage - NVIDIA's management utility for creating and monitoring hard disk RAID arrays for the controllers integrated on their motherboards. Includes a Disk Alert System for troubleshooting with notifications via the System Tray. Not required if you don't have a RAID array or if you created the array at the BIOS level. Some users complain that it can report false errors"
U	Octoshape Streaming Services	OctoshapeClient.exe	"Octoshape Live Streaming - ""is a revolutionary technology that will reduce your bandwidth cost and improve the quality in sound and picture"""
N	Odebit Multimedia V3 - Services	Odebit.exe	"Odébit Multimedia - free French multimedia player giving access to the best of television
X	OLEDb Service	runoledb32.exe	"Added by a variant of the SPYRE.B TROJAN!"
X	Online Service	svchost.exe	"Added by the HOSTIDEL.B or HOSTIDEL.C or TARNO.B TROJANS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	Online Services	twain.exe	"Added by the AGENT.BEA TROJAN!"
X	Open Service Drivers	opiater.exe	"Added by a variant of the RBOT WORM!"
N	OptusNet Desktop Service Centre	DSC.exe	OptusNet DSL or Dial-Up connection software
X	Outlook Mail Services	express.exe	"Added by the RBOT.CJN WORM!"
X	Outlook Mail Services	outlook.exe	"Added by the RBOT-BKA TROJAN! Note that the valid Microsoft Outlook executeable is located in %ProgramFiles%\Microsoft Office\Office whereas this one is located in %System%"
U	Panda Antispam Server Service	PasSrv.exe	"AntiSpam part of an older version of Panda Internet Security"
Y	Panda Preventium+ Service	PREVSRV.EXE	"Part of the 2004 & 2005 versions of Panda Antivirus and Internet Security"
N	PCMService	PCMService.exe	"Part of Cyberlink's PowerCinema - which can be used to watch movies
N	pdservice	pdservice.exe	"Part of SafeGuard PrivateDisk from Utimaco - which ""securely and transparently protects sensitive files on notebooks and desktop computers
N	PDService.exe	pdservice.exe	"Part of SafeGuard PrivateDisk from Utimaco - which ""securely and transparently protects sensitive files on notebooks and desktop computers
?	Peeramid	PService.exe	"In a ""Koptimizer"" folder in Program Files. What does it do and is it required?"
U	PGPSERVICE	pgpservice.exe	"PGPservice.exe has two main purposes: (1) it handles a large part of the PGPnet functionality (along with the PGPnet driver) and (2) it allows efficient access to the PGP preferences database. The individual PGP modules normally access the preferences through PGPservice
U	piiserviceOE	N/A	"Spam Inspector (nee Postal Inspector) from The Giant Company or iHateSpam from Sunbelt Software - spam filter add-ons for OE"
X	PK Services	pksvc.exe	"Added by the FORBOT-BW WORM!"
X	Plasdll service	[random filename]	"Added by a variant of the SDBOT WORM!"
N	PlayMovie	PMVService.exe	"Part of Acer Arcade Deluxe lets you browse pictures
?	PMCS	PMC.Service.Main.exe	"Related to MediaCenterService from Pinnacle Systems. What does it do and is it required?"
X	PNtask Services	pntask.exe	"Added by the LALA.C TROJAN!"
X	Preview AdService	PrevAdServ.exe	Windupdates adware variant
X	Print Driver Helper Service	crsrr.exe	"Added by the AGENT-BC TROJAN!"
X	Print Services	spolserv32.exe	"Added by the RBOT.ZP WORM!"
X	Printer Services	spool.exe	"Added by the RBOT-Y WORM!"
X	Printer spool Service	spool.exe	"Added by the RBOT-ACP WORM!"
N	PrivateDisk	pdservice.exe	"Part of SafeGuard PrivateDisk from Utimaco - which ""securely and transparently protects sensitive files on notebooks and desktop computers
X	Program Access Service	[10 random letters].exe	"Added by the RBOT.GJJ WORM!"
X	PrU Async Service	[path to worm]	"Added by the IRCBOT-UG WORM!"
X	PService	svcnow32.exe	"Added by the SPYBOT-DJ TROJAN!"
X	pushbot	service52.exe	"Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger"
U	QPService	QPService.exe	"HP QuickPlay - ""brings your favorite music and movies to life with the touch of a button"""
X	qservices	qservice.exe	"Added by the PROGENT-A TROJAN!"
Y	Raptor Mobile	vpnservices.exe	"Symantec VPN Client used to connect to corporate networks. If unchecked
X	RasCon Remote Access Service Manager	rasmngr.exe	"Added by the SPYBOT.EM WORM!"
X	rCron	dservice.exe	"""Switch"" premium rate adult content dialler variant"
X	Reg Service	winsy.exe	"Added by a variant of the SPYBOT WORM!"
X	Reg Service	winslogon.exe	"Added by the AGOBOT-SC WORM!"
X	Reg Service	ipcfg.exe	"Added by the AGOBOT-SO WORM!"
X	Reg Service	REGSRV32.EXE	"Added by the RBOT.ZW WORM!"
X	Reg Service	WinnConfig.exe	"Added by the AGOBOT-PF WORM!"
X	Reg Service	NT32.exe	"Added by the AGOBOT.G TROJAN!"
X	Reg Services	Winboot32.exe	"Added by the RBOT.PB WORM!"
X	RegDone	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
X	Registration Service	toker.exe	"Added by the SDBOT-BB WORM!"
X	Registration Service	msvdm6.exe	"Added by the SDBOT-HE TROJAN!"
X	Registry Service	REGSRV32.EXE	"Added by a variant of the RBOT WORM!"
X	Registry Service	resvs.exe	"Added by the DELBOT-I WORM!"
X	Registry Service	regsvc.exe	"Added by the IRCBOT-ZM BACKDOOR!"
X	Registry Services	Registry.exe	"Added by the CILE TROJAN!"
X	Registry Value Name	service.exe	"Added by the RBOT-AHT WORM!"
X	Regkey for autostart	winservice.exe	"Added by the RBOT-NU WORM!"
X	regservices.exe	regservices.exe	"Added by an unidentified VIRUS
X	Remote Access Service Manager	rasmngr.exe	"Added by the AGOBOT.KU WORM!"
X	Remote Services Manager	msrmsvc.exe	"Added by the SLENFBOT.AJ WORM!"
X	Required Service Drivers	micront.exe	"Added by the RBOT-ABD WORM!"
X	RPC Service	[random filename]	"Added by the BDOOR-AAD BACKDOOR!"
X	RPCser32g	services.exe	"Added by the RITDOOR-C WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RPCser32g1	services.exe	"Added by the PREX.D WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RPCser32g3	services.exe	"Added by the PREXOT.D BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RPCser32g4	services.exe	"Added by the PREXOT.E BACKDOOR! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RPCserv32	services.exe	"Added by the MYDOOM.AL WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	RPCserv32g	services.exe	"Added by the BOBAX.AA WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	run	services.exe	"Added by the KREPPER-N TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\inet10066"
X	Run Services as Application	localsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	netsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	svcadmin.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	svcman.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	svcrun.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	tcpsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Run Services as Application	websvc.exe	"Added by the DLOADER-NY TROJAN!"
U	RunAlert	AService.exe	"PC Alert III - MSI motherboard monitoring software. Only required if you ""overclock"" your system. Appears as a service in XP/Vista and under the ""RunServices"" registry key in Win98/2K"
X	RunServices	runsvc32.exe	"Added by the AGOBOT.QJ WORM!"
X	runservices	services.exe	"Identified as a variant of the SMALL.QO TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	rw service	alg32.exe	"LOOPAD.A adware"
X	r_server	service.exe	"Added by the MULTIDR-CP TROJAN!"
?	SA Service	SAservice.exe	"Associated with Cyber Trio and Warner troubleshooting software from G-Tek Technologies and pre-installed on some Packard Bell and NEC PCs. What function does this perform and is it required?"
U	SAGENTSERVICE	Sagent.exe	"TinySpyAgent commercial keystroke logger. Uninstall this software if you did not install it yourself"
X	SANS Service	sansv.exe	"Added by the VANEBOT-AH WORM!"
X	Scheduler Service	wsass.exe	"Added by the LIOTEN.KX WORM!"
X	scssrr.exe	Services.exe	"Added by the VB-EMX TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	security service	syss.exe	Added by an unidentified WORM or TROJAN!
X	Security Service	secsvc.exe	"Added by the RBOT-GGF WORM!"
X	Security Service DB	secservice.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Security Service Process	svhost.exe	"Added by the AGOBOT-LC WORM!"
X	Security Update Service	wmiprvce.exe	"Added by the AGOBOT.ZW WORM!"
X	Security Update Service Process	svrhost23.exe	"Added by the AGOBOT-GN WORM!"
X	Serices Hostin	servicez.exe	"Added by the SLENFBOT.MF WORM!"
X	Service	service.exe	"Added by the ALADINZ.H TROJAN!"
X	Service	[trojan filename]	"Added by the KAITEX.E TROJAN!"
X	Service	services.exe -serv	"Added by the NETSKY or NETSKY.B WORMS! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Service	SYSNT.exe	"Added by the CHA TROJAN!"
X	Service	Service.pif	"Added by the ASSIRAL-C WORM!"
X	service	wN2S.exe	"Added by a variant of the RBOT WORM!"
U	Service Centre	launcher.exe	"Management tool for the Open Networks iConnect series of products - as used by Australian ISP's such as iiNet and Hotkey"
X	Service Cleaner	filen.exe	"Added by the RBOT.BRH WORM!"
X	Service Client	winsvcli.exe	"Added by an unidentified WORM or TROJAN! See here"
N	Service Connection	sccenter.exe	For Compaq PC's. Part of Backweb
N	Service Connection	bwtray.exe	For Compaq PC's. Part of Backweb
X	Service Control Manager	scm.exe	"Added by the AGOBOT-GD BACKDOOR!"
X	Service Controller	Csrrs.exe	"Added by the GAOBOT.AO WORM!"
X	Service Controller	service.exe	"Added by the PREVERT TROJAN!"
X	Service Defender	[random filename]	"Added by a variant of the ZLOB TROJAN! See here"
X	Service Drivers	msnpg.exe	"Added by the RBOT.BMD WORM!"
X	Service Drivers	PC.EXE	"Added by the SDBOT-WK WORM!"
X	Service Drivers	Compt.exe	"Added by the RBOT-ZJ WORM!"
X	Service Drivers	abl.exe	"Added by the SDBOT-YX WORM!"
X	Service Drivers	MSNMEssenger.exe	"Added by a variant of the RBOT WORM!"
X	Service Host	svchost.exe	"Added by the TORVEL WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Service Host	[filename].exe	"Added by the TORVEL.B WORM!"
X	Service Host	spoolxx.exe	"Added by the TORVEL WORM!"
X	Service Host	svchost.exe	"Added by the DAOSER-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\Services\{C922CCC4-CF61-4589-A0D1-828160704853}"
X	Service Host	svchost.exe	"Added by the DAOSER-C TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\Services\[random]"
X	Service Host	svchosts.exe	"PornCleanser spyware"
X	Service Host Driver	svchost.exe	"Added by the HITON TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Service Host Process	spoolsvc.exe	"Added by the GAOBOT.GEN!POLY WORM!"
N	Service Manager	sqlmangr.exe	"SQL Server Service Manager - provides tray access to SQL server
X	Service Manager	SERVICEMGR.EXE	"Added by the PASSMAIL-D VIRUS!"
X	Service Manager	dxsound.exe	"Added by the PROXY-GRIC TROJAN!"
X	service manager	service.exe	"Added by the DONBOMB.A TROJAN!"
X	Service Manager	serv3manager.exe	"Added by the SDBOT-AGO WORM!"
X	Service Monitor	msnfilen.exe	"Added by the RBOT-ALE WORM!"
X	Service Monitor	javams32.exe	"Added by the DELF-NK TROJAN!"
X	Service Monitor	javams64.exe	"Added by the SDBOT-AFO WORM!"
X	Service Monitor	msnserve.exe	"Added by the SPYBOT.YQW WORM!"
X	Service Monitor	WinOcx.exe	"Added by the RBOT-AQJ WORM!"
X	Service Monitor	csnss.exe	"Added by the RBOT.EEH WORM!"
X	Service Monitor	filen.exe	"Added by a variant of the RBOT WORM!"
X	Service Monitor	winxpser.exe	"Added by the RBOT-BDF WORM!"
X	Service Pack	[various filenames]	"Added by the LERPA-A WORM! Note - the file name will be one of the following common.exe
X	Service Pack 1	[random filename]	"Added by the VXGAME.Z TROJAN! Note - the filename is random - see the link. Typical examples are vexg6ame4.exe
X	Service Pack DLL Runtime	spdll32.exe	"Added by a variant of the RBOT WORM!"
X	Service PAck SFVP	[worm filename].exe	"Added by a variant of the RBOT WORM! The filename is 4 random characters"
X	Service Process	SVCHOST.EXE	"Added by the DARKER WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Service Process	winset.exe	"Added by a variant of the SPYBOT WORM!"
X	Service Process	service.exe	"Added by the DCMBOT-C TROJAN!"
X	Service Process	smss.exe	"Added by the DCMBOT-E TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""config"" subfolder"
X	Service Process	svchost.exe	"Added by the DCMBOT-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""config"" subfolder"
X	Service Registry NT Save	jdbgmgrnt.exe	"Added by the BANCOS-CG TROJAN!"
X	Service Registry NT Save	taskmgrnt.exe	"Added by the BANCOS-BY TROJAN!"
X	Service Registry NT Save	regeditnt.exe	"Added by the BANCOS-BM TROJAN!"
X	Service Scheduler	scheduler.exe	"Added by the AGOBOT-PH WORM!"
X	Service System	kernels32.exe	"Added by the BANCOS-DA TROJAN!"
X	Service System	windowsXP.exe	"Added by the BANCOS-EL TROJAN!"
X	Service System	kgbfsm344.exe	"Added by the BANCOS-FS TROJAN!"
X	Service System	wernell87.exe	"Added by the BANCOS-FJ TROJAN!"
X	service updaer	qualityz.exe	"Added by an unidentified VIRUS
X	Service Update Client	svcupdcli.exe	"Added by an unidentified WORM or TROJAN! See here"
X	Service.exe	Service.exe	"""servedby.advertising"" popup generator"
X	Service2	Service2.exe	Identified as a variant of the Win32.Iroffer malware. Located in %Windir%\Drivers\Intel
X	service32	service32.exe	"Added by the AGOBOT-ST WORM!"
X	service32.exe	[path to trojan]	"Added by the DLOADR-AYX TROJAN!"
X	Service	SERVICES.EXE	"Added by the BRONTOK-BH WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
X	ServiceAdministrator	SERVICES.EXE	"Added by the KORRON.B WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
U	ServiceConfig	ispbeg.exe	"Comcast Transition Wizard. On June 30th
X	serviceconnect	serviceconnect.exe	"Added by the AGOBOT.AIR WORM!"
X	Servicee	services.exe	"Added by the AGENT.DEI TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	ServiceHost	svch0st.exe	"Added by the VB.HE VIRUS!"
X	ServiceHst	svcnost.exe	"Added by the AGOBOT-RS WORM!"
X	servicelayer	servicelayer.exe	"Added by the RENOS.FJ TROJAN! Note - do not confuse this with the Nokia service of the same name which resides in %ProgramFiles%\Common Files\PCSuite\Services or %Program Files%\PC Connectivity Solution. This one is located in %Windir%"
X	servicemng	service.exe	"Added by the TAME-C WORM!"
X	ServiceOptionMP3	winamp.dll.exe	"Added by the SAMSON-A TROJAN!"
X	Servicer	servcr.exe	"Added by the SDBOT.BAH TROJAN!"
X	Servicerepclient1	SERVICES.EXE	"Added by the BRONTOK-BT WORM and variants! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
X	services	start.bat	"Added by the ZCREW TROJAN!"
X	Services	[path to trojan]	"Added by the METEORSHELL TROJAN!"
X	Services	back32.exe ...service.exe	"Added by an unidentified VIRUS
X	Services	services.exe	"Added by a number of VIRUSES
X	Services	winread.exe	"Added by an unidentified VIRUS
X	Services	windns.exe	"Added by a variant of the RBOT WORM!"
X	Services	mshost.exe	"Added by the LANFILT-J TROJAN!"
X	services	Svchosts.exe	"Added by the SDBOT-N TROJAN!"
X	Services	csrss.exe	"Added by a variant of the RANKY.U TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	Services	scks32.exe	"Added by a Proxy Trojan variant"
X	Services	sockys32.exe	Added by the RANKY.L TROJAN!
X	Services	sys.exe	"Added by a Proxy Trojan variant"
X	services	windows32.exe	"Added by the FLYVB-C WORM!"
X	services	socks.exe	Added by the WIN32.SMALL.N TROJAN!
X	Services	services.exe	"Added by the ZINCITE.A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Services	[path to trojan]	"Added by the RANCK-DB TROJAN!"
X	Services	iexplore.exe	"Added by the MOGI WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
X	Services	svchost.exe	"Added by the REPER-B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Services	sysamp.exe	"Added by a variant of the SDBOT WORM!"
X	Services	prosys32.exe	Added by an unidentified WORM or TROJAN!
X	Services	iexplorer.exe	Added by an unidentified WORM or TROJAN! Note - this is not the legitimate Internet Explorer (iexplore.exe)
X	Services	iexploler.exe	"Added by the RANCK-LT TROJAN!"
X	Services	iexpolere.exe	"Added by the RANCK.LU TROJAN!"
X	services	sample.exe	"Added by a variant of the RANKY TROJAN!"
X	Services	csrss32.exe	"Added by the ANACON-D VIRUS!"
X	Services Administrator	localsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Services Administrator	netsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Services Administrator	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Services Administrator	svcadmin.exe	"Added by the DLOADER-NY TROJAN!"
X	Services Administrator	svcman.exe	"Added by the DLOADER-NY TROJAN!"
X	Services Administrator	svcrun.exe	"Added by the DLOADER-NY TROJAN!"
X	Services Administrator	tcpsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Services Administrator	websvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Services Controller	lsassa.exe	Added by the CIADOOR.122 VIRUS!
X	Services Controller	services.exe	"Added by the CIADOOR-F TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Services DLL Loader	srvdll.exe	"Added by the SLENFBOT.ZS WORM!"
X	Services Host	Scchost.exe	"Added by the DONK WORM!"
X	Services Host	svchost32.exe	"Added by the AGOBOT-TG WORM!"
X	Services host	svchost.com	"Added by the RBOT-EU WORM!"
X	Services Logon	services.exe	"Added by the CROWT.A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Templates"
X	Services Management Clients	servc.exe	"Added by the RIZO.A TROJAN!"
X	Services Managements	servcs.exe	"Added by the RBOT-GUC WORM!"
X	Services Manager	svsmanager.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Services Manager!	svmanager.exe	"Added by the IRCBOT.ATZ BACKDOOR!"
X	Services Managers	svcmanager.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Services Network	Services.exe	"Added by the SWISYN-E WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	Services Process	services.exe	"Spyware - detected by Kaspersky as the SMALL.X TROJAN! Note - this is not the legitimate services.exe process
X	Services Process	smss.exe	"Added by the SMALL-EK TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""config"" subfolder"
X	Services Start2	odcwinst.exe	"Added by the PYSKE-D WORM!"
X	Services Startup	services.exe	"Added by the CROWT.A WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %ProgramFiles%\Common Files"
X	Services Startup	svhost33.exe	"Added by a variant of the RBOT WORM!"
X	Services++	services.exe	"Added by the SILLYFDC.BDM WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in C:\RECYCLER"
X	Services.dll	smss.exe	"Added by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system and note the space at the beginning of the ""Startup Item"" field"
X	Services.EXE	services.exe	"Added by the KAZPING WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	services.exe	servicess.exe	"Added by the MSNSPY-B TROJAN!"
X	Services004	[worm filename]	"Added by the BUGBROS WORM!"
X	services32	mc-110-12-0000079.exe	Added by the TrojanDownloader.Agent.rv TROJAN!
X	services32	mc-58-12-0000120.exe	"""Shorty"" adware - also detected as the AGENT.FD TROJAN!"
X	services32	mc-58-12-0000140.exe	"""Shorty"" adware - also detected as the AGENT.FD TROJAN!"
X	Services32 Startup	win32dll.exe	"Added by the SDBOT-XO WORM!"
X	ServicesActive	cssrs.exe	"Added by the AGOBOT-GB BACKDOOR!"
X	ServicesAdministrator	SERVICES.EXE	"Added by the PUNYA-B WORM! Note - this is not the legitimate services.exe process
X	Servicesara	services.exe	"Added by the BRONTOK-BS WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in Documents and Settings\<User>\Local Settings\Application Data\WINDOWS"
X	ServicesLoad	lsass.exe	"Added by the DEARIS-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	ServicesLog	ccapp32.exe	"Added by the RBOT-AMX WORM!"
U	ServicesNotify	ServicesNotify.exe	"Defender Pro Antispy"
X	servicestub.exe	servicestub.exe	"Added by the RBOT.CN BACKDOOR!"
X	Servicewin	Hide32.exe	"Added by the MSNVB-D WORM!"
X	SES Service	sesvc.exe	"Added by the SDBOT-CZU WORM!"
X	SFtrb Service	cftrb32.exe	"Added by the SOBIG.D WORM!"
X	SiS Mpc Service	mpcsvc.exe	"Added by the CIADOOR-CJ TROJAN!"
U	siService.exe	siService.exe	"Spam Inspector - anti email spam software"
X	Sistem Services	syspool.exe	"Added by the AGOBOT-GF WORM!"
Y	SkySurfer Management Service	SmaServ.exe	For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
N	Smart Card Service	ScardSvr.exe	"For Smart Card readers. Known to cause problems
Y	SMC Service	smc.exe	Sygate Firewall
Y	SMC Service	spfsmc.exe	Sygate Firewall
Y	SmcService	smc.exe	Sygate Firewall
Y	SmcServices	smc.exe	Sygate Firewall
Y	SmcServices	spfsmc.exe	Sygate Firewall
U	SMS Client Service	clisvc95.exe	"When the SMS Client service starts on a domain controller
X	Sound services	SOUND32.EXE	"Added by the AGOBOT.GG WORM!"
X	Special Firewall Service	avguard.exe	"Added by the NETSKY.G WORM! Note - do not confuse with AntiVir® antivirus which uses the same filename. This one is located in %Windir%"
X	Spooler de Impress	services.exe	"Added by the AGENT-NEX TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %User%"
X	Spooler Service	Spoolsrv.exe	"Added by the JOINER.C1 TROJAN!"
X	Spools Service Controller	spools.exe	"Added by the KASSBOT-C WORM!"
X	SpoolService	spolsv.exe	"Added by the AGOBOT-CS WORM!"
X	spoolsv service	spoolsv32.exe	"Added by the RBOT-AHP WORM!"
U	SpriteService	SpriteService.exe	"Sprite Backup is a backup application for Windows Mobile Pocket PC or Smartphone"
X	SQL Server Service	sql.exe	"Added by the RBOT-ADF"
X	sqservices	wins32.exe	"Added by the PROGENT-B TROJAN!"
X	Srv32 spool service	runsrv32.exe	"Topantispyware.com malware - detected by Kaspersky as the SPYRE.B TROJAN!"
X	Srv32 spool service	spoolsrv32.exe	"Added by the SPYRE-B TROJAN!"
X	Srv32 spool service	[path to trojan]	"Added by the DLOADER-LB TROJAN!"
U	SSC Service Utility	ssc_serv.exe	"SSC Service Utility is a printer utility for refilled Epson cartridges"
X	SSK Service	winssk32.exe	"Added by the SOBIG.E WORM!"
U	Start Service	upssrv.exe	"Cyber Power PowerPanelPlus software. ""During a power failure the system automatically saves and closes open files within the battery backup time and safely powers down your computer"""
X	State Service	csrss.exe	"Added by the DADOBRA-CP TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
U	STOPzilla Service	SZNTSVC.EXE	"StopZilla! - pop-up killer"
X	StubPath	Sservice.exe	"Added by the PRORAT TROJAN!"
X	SuperBar.Component	[path to services.exe]	"Added by the SMALL-AQ TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\Inetsrv"
X	SuperBar.Component	services.exe	"FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an ""Inetsrv"" subfolder"
X	SVC Service	svcinit.exe	"Added by the SINIT TROJAN!"
X	SVC Service	svcinit.exe	"CoolWebSearch parasite variant"
X	SVC Service	svcpack.exe	"CoolWebSearch Svcinit parasite variant"
X	SVC Service	svc32.pif	"Added by the RBOT-ASC WORM!"
X	Svchost Service	svchost.exe	"Added by the VB-DVQ WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\help"
X	Svchost Windows Remote Services	svhost.exe	"Added by the IRCBOT-IV WORM!"
X	Svhost Service Server	svhostser.exe	"Added by a variant of the RBOT WORM! See here"
X	svhost windows services	svhost8.exe	"Added by the RBOT-WQ WORM!"
X	Svshost Update Service	svcbind.exe	"Added by the MYTOB.LH WORM!"
X	SVX Control Service	svxhost.exe	"Added by the FORBOT-K WORM!"
X	Sygate Personal Firewall	service.exe	"Added by a variant of the RBOT WORM!"
X	Sygate Personal Firewall Start	services32.exe	"Added by the RBOT-MB WORM!"
U	SyGateService	sgserv95.exe	"SyGate is a useful little program that lets you share an internet connection over an intranet. Is it needed - it saves a lot of headache to just let SyGate load at startup. Available via Start -> Programs"
X	Symantec Service	ccApp.exe	"Added by the AKHER.D WORM! Note - this is also not the valid Norton AV file with the same filename"
X	sysinit	services.exe	"Added by the NEWLFRM-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\golumm"
X	SysService	SysService.exe	"Added by the BDFORM-A BACKDOOR!"
U	SysService	SERVICES.EXE	"NSKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!"
X	SysService32	SysService32.exe	"Added by the KINDAL VIRUS!"
X	SysService32	ln32k.dll	"Added by the KINDAL VIRUS!"
X	SysService32l	systask32l.exe	"Added by the THEUG WORM!"
X	SysServices	SERVICES.EXE	"Added by the DELF-EY TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	system	services.exe	"Added by the DELF-LQ TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\HELP"
X	System Backup Services	backups32.exe	"Added by a variant of the RBOT WORM!"
X	System Host Service	svchost.exe	"Added by the CONE.F WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\tasks"
X	System Management Service	smsc.exe	"Added by the RBOT-ANN WORM!"
X	System Service	MSREXE.EXE	"Added by the AML TROJAN!"
X	system service	spoolcrv.cpl	Added by the INSPIR.11 TROJAN!
X	System Service	systems.exe	"Added by the AGOBOT.VZ WORM!"
X	System Service	coderxt.exe	"Added by the RBOT-ALD WORM!"
X	System Service	exp0lrer.exe	"Added by a variant of the RBOT WORM!"
X	System Service	servicent.exe	"Added by the RBOT-AJI WORM!"
X	System service	system.exe	"Added by the BANCOS.AA TROJAN!"
X	System Service	msnwindows.exe	"Added by the SPYBOT.YCL WORM!"
X	System Service	servicez.exe	"Added by the RBOT-AOY WORM!"
X	System Service	msnxpexe.exe	"Added by the RBOT-AUA WORM!"
X	System Service	teskmangr.exe	"Added by the RBOT-AUV WORM!"
X	System Service	backup.exe	Added by the PACKBOT.AA WORM!
X	System Service	serious.exe	"Added by the RBOT-FMV WORM! Note - deactivates the Microsoft Internet Connection Firewall (ICF)"
X	System Service	b4db0yz.exe	"Added by the RBOT-CLO WORM!"
X	SYSTEM service helper	svchelper.exe	"Added by the MONKBD-A WORM!"
X	SYSTEM service helper	syshelp.exe	"Added by a variant of the MONKBD-A WORM!"
X	System Service Manager	lsmas.exe	"Added by the AGOBOT-IK BACKDOOR!"
X	System Service Manager	norton.exe	"Added by the GAOBOT.AJE WORM!"
X	System Service Manager Device	svho.exe	"Added by the RBOT.GCG BACKDOOR!"
X	System service**	pokapoka**.exe	"EliteBar adware - where ** represents the numbers 61 to 79"
X	System service78	[path to file]	"Added by the ELITEBAR-T and ELITEBAR-U TROJANS!"
X	System service79	[path to file]	"Added by the ELITEBAR-V TROJAN!"
X	System Services	[random file name]	"Added by a variant of the RBOT WORM!"
X	System Services	connection.exe	Added by an unidentified WORM or TROJAN!
X	System Services	svcsenes.exe	"Added by a variant of the RBOT WORM!"
X	System Services	svcsenes32a.exe	"Added by the RBOT-AFG WORM!"
X	System Services	ssms.exe	"Added by a variant of the RBOT WORM!"
X	System Services Monitor	server.exe	"Bifrost malware"
X	System Tray Services	spooles32.exe	"Added by the AGOBOT.ZH WORM!"
X	System Update Service	wmiprvsa.exe	"Added by the AGOBOT-RG TROJAN!"
X	System Update Service	winupd32.exe	"Added by the ADTODA-A TROJAN!"
X	System Update Service	system.pif	"Added by the RBOT-ALL WORM!"
X	System Update Service	update.pif	"Added by the SPYBOT.WOE WORM!"
X	System Update Service	wmiprvsv.exe	"Added by the AGOBOT.YG WORM!"
X	System Update Service	csrss32.exe	"Added by the AGOBOT-HI WORM!"
X	System Update2	services.exe	"Added by the AUTOTROJ-C TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	System Updater Service	wmiprvsw.exe	"Added by the GAOBOT.AFC WORM!"
X	System Updates Service	updates.pif	"Added by the RBOT-AMA WORM!"
X	System-Service	EXPLORER.SCR	"Added by the BENJAMIN.A WORM! KaZaA file-sharing users beware!"
X	System32 Temp Service	systmp.exe	"Added by the RBOT-AET WORM!"
X	system32.exe	services32.exe	"Added by a variant of the IRCBOT TROJAN!"
X	SystemBoot	services.exe	"Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help\Help"
X	SystemCheck	services.exe	"Added by the SOBER-M WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Config\system"
X	Systems Service	drivex.exe	"Added by a variant of the RBOT WORM!"
X	SystemService	msocfg.exe	Premium rate adult content dialler
X	SystemService	navchk.exe	Premium rate adult content dialler
X	SystemService	qservice.exe	Premium rate adult content dialler
X	SystemService	shman.exe	Premium rate adult content dialler
U	SystemService	nsserver.exe	"NiceSpy keystroke logger/monitoring program - remove unless you installed it yourself!"
X	systr2	SERVICE.exe	"Added by the VB-DQY WORM!"
X	SystrayServices	Msxpw.exe	"Added by the CITOR WORM!"
X	SYS_CLEAN	Service.exe	"Added by the FLOPCOPY WORM!"
X	Task Monitoring Service	svchost.exe	"Added by the CONE.D WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\tasks"
X	task service	taskservices.exe	"Added by a variant of the RBOT WORM!"
X	Task service	taskmgs.exe	"Added by a variant of the RBOT WORM!"
X	Taskbar Service	taskbar.svc	Unidentified adware
X	TCP Internet Services	TCPSVC32.EXE	"Added by the SPYBOT.X TROJAN!"
Y	TELUS Security service	freedom.exe	"Freedom Internet Security & Privacy - anti-virus
X	Terminal Services	mstscc.exe	"Added by the SDBOT-CZW WORM!"
X	Text Tray Service	tstray.exe	"Added by the SILLYFDC.BCC WORM!"
X	TEXTCONV	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
X	The Service Pack Loader	spxp.exe	"Added by the RBOT-BYM WORM!"
X	TimeService	trun.exe	"TlfLic-A premium rate adult content dialler"
X	Torrent Management Service	system32.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Torrent Management Service	TMANAGESVC.EX	"Added by a variant of the IRCBOT TROJAN!"
U	tpopservice	tpopservice.exe	DirecWay two-way satellite internet service enhanced POP proxy server for email
?	TSService	NSSERVICE.EXE	"??"
X	twunk service	twunk16.exe	"Added by the RBOT.BAT WORM!"
X	UltimateServices	ultsvcs.exe	"Added by the AGENT-LGT TROJAN!"
X	Universal USB Service	svchost32.exe	"Added by the KELVIR.R WORM!"
X	Up Service	up32.pif	"Added by the RBOT-ARI WORM!"
Y	Update Service	Update.exe	"Loaded by Handybits programs such as EasyCrypto. Re-instates itself every time the program is run so best to leave it enabled. Prevent it dialling out via a firewall"
X	update service	svxhost.exe	"Added by the RBOT-MG WORM!"
X	Update Service	winu32.exe	"Added by the RBOT-MG WORM!"
X	update service	winx.exe	"Added by a variant of the RBOT WORM!"
X	Updater Service Process	svhost32.exe	"Added by the AGOBOT.TY WORM!"
X	Updater Service Process	csrss32.exe	"Added by the AGOBOT-GP BACKDOOR!"
X	UpdateService	wservice.exe	"Added by the DREF-K WORM!"
X	upDpacketo	services.exe	"Added by the NAFBOT-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\TEMPER"
X	Updt Service	updt.pif	"Added by the RBOT-AYU WORM!"
X	Upgrade Service	sxchost.exe	"Added by the TOFGER-I TROJAN!"
X	Upgrade Service	winupd.exe	"Added by the TOFGER-U TROJAN!"
X	UPNPService	WinSVCservice.exe	"Added by the AGOBOT.UN WORM!"
X	UpTimes service	WinUp.exe	"Added by the RBOT-AKB WORM!"
X	USB Device	servicelog.exe	"Added by the WOOTBOT.CB WORM!"
X	USB Fix 1.1	wuservices.exe	"Added by a variant of the SDBOT WORM!"
X	USB Host Service	usbsvc.exe	"Added by the RBOT-GG WORM!"
X	USB Updates	mservices.exe	"Added by a variant of the SDBOT WORM!"
X	usbdrv	servicetask.exe	"Added by a variant of the SDBOT WORM!"
X	User Hosting Service	usnhost.exe	"Added by the IRCBOT.SN WORM!"
X	User Input Services	CTFMON32.EXE	"Added by the MANCSYN.AK TROJAN!"
X	User Servicer	usnsrvc.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	User Services	usersvc.exe	"Added by the REVCUSS.A TROJAN!"
X	User Services	usrsvc.exe	"Added by the IRCBOT.SN WORM!"
X	User Sharing Services	usnsvc.exe	"Added by a variant of the KOBOT-C WORM!"
U	VerizonServicepoint.exe	VerizonServicepoint.exe	"Part of Verizon Online Support Manager"
X	Video Services	explore.exe	"Added by the GAOBOT.GL WORM!"
X	Video Services	videol_32.exe	"Added by the AGOBOT-DM WORM!"
X	Video Services	sys32.exe	"Added by the AGOBOT.PS WORM!"
U	VPCUserServices	VMUSrvc.exe	"Part of ""DOS Virtual Machine Additions"" for Microsoft Virtual PC
X	Web Service	[random filename].exe	"Added by the ADMINCASH TROJAN!"
X	Web Service	sm.exe	"Added by the BUBE-F VIRUS!"
X	Web Service	MSXMIDI.EXE	"CoolWebSearch parasite variant
?	Webcam Go Sti Service Application	wbcgosvc.exe	"Control software for the portable Creative Webcam Go digital camera/PC web cam. What does it do and is it required?"
X	whxpin service	ssvsol.exe	"Added by a variant of the SDBOT WORM!"
X	WiFix service	[random filename]	"Added by a variant of the SDBOT WORM!"
X	Win Updator Services	ctfnom.exe	"Added by a variant of the WOOTBOT WORM!"
X	Win32 Help32 Service	win32help.exe	"Added by the DELBOT-U WORM!"
X	Win32 Information Service	crsrs.exe	"Added by the RINBOT.Y WORM!"
X	Win32 NT Adv Services	taskmngr.exe	"Added by the RBOT-ADE WORM!"
X	Win32 Security Service	crsss.exe	"Added by the DELBOT-O WORM!"
X	Win32 Service	bazzi.exe	"Added by the AHKER.E WORM!"
X	Win32 Service	[trojan filename]	"Added by the AGENT-GBO TROJAN!"
X	Win32 Services	odbc32.exe	"Added by the SPYBOT-EK WORM!"
X	Win32 Services	wuamngr.exe	"Added by the SDBOT-N WORM!"
X	Win32 Services Config	winwkys.exe	"Added by the RBOT.BKY WORM!"
X	Win32 Services1	wuamngr1.exe	"Added by the SDBOT-PV WORM!"
X	Win32 Src Service	win32src.exe	"Added by the RBOT-SX WORM!"
X	Win32 System Kernel	winservice.exe	"Added by the SDBOT.KIN WORM!"
X	win32 update service	svchostt.exe	"Added by a variant of the SDBOT WORM!"
X	Win32 USB2.0 Driver	service.exe	"Added by the SDBOT-QF WORM!"
X	Win32 Word Services	msword32.exe	"Added by a variant of the RBOT WORM!"
X	Win32BaseServiceMOD	Wintask.exe	"Added by the NAVIDAD WORM!"
X	win32serv	servicesetup.exe	"Added by a variant of the PUSHBOT WORM! A family of worms that spread using MSN Messenger"
X	WinCheck	services.exe	"Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft and note the space at the beginning of the ""Startup Item"" field"
X	WinCheck	services.exe	"Added by the SOBER.S WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft"
X	Wind Logd File	servicelogd.exe	"Added by a variant of the RBOT WORM!"
X	WinData	services.exe	"Added by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData and note the space at the beginning of the ""Startup Item"" field"
X	Windeows NetStart Service2	tesakrmger.exe	"Added by the RBOT-AMY WORM!"
X	WinDLL (service.exe)	service.exe	"Added by the AGENT.BX WORM! The ""service.exe"" file is found in %System%"
X	Window service	[random filename]	"Added by the RBOT-ACH WORM!"
X	Windows	services.exe	"Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity and note the space at the beginning of the ""Startup Item"" field"
X	Windows	services.exe	"Added by the SOBER-Z WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\WinSecurity"
X	Windows	services.exe	"Added by the DLOADR-GW TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""Windows"" subfolder"
X	Windows Acer Service	acersv.exe	"Added by the IRCBOT.YFQ BACKDOOR!"
X	Windows AdService	WinAdServ.exe	Windupdates adware variant
X	Windows ASN Service	rge.exe	"Added by the RBOT-AOK WORM!"
X	Windows ASN Service	[random filename]	"Added by the AGOBOT-TC WORM!"
X	Windows ASN4 Services	gamo.exe	"Added by the RBOT-EHK WORM!"
X	Windows Audio Service	sndmic32.exe	"Added by the ACKANTTA.C WORM!"
X	Windows Audio Services	jvm.exe	"Added by the ACKANTTA.F WORM!"
X	Windows Authority Service	lsass.exe	"Added by the KALEL-E WORM! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!"
X	Windows Browser Services	browser128.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Browser Services	browser32.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Browser Services	browser64.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Browser Services	Browsr32.exe	"Added by the IRCBOT.BUR BACKDOOR!"
X	Windows Browser Services	browsr64.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows bypass security SMSS Service	SbiCvy.exe	"Added by the RBOT-GRF WORM!"
X	Windows Cleaner Service	winclean.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Client Service 32	csrss.exe	"Added by the RBOT-ALB WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a drivers\winsdriver subfolder"
X	Windows Custom Services	CSRCS.EXE	"Added by the SPYBOT-EI WORM!"
X	Windows Dialup Service	dialup.exe	"Added by the AGOBOT.AAH WORM!"
X	Windows DLL Services	winsvc32.exe	"Added by the RBOT-ZF WORM!"
X	Windows DLL Services	svchost.exe	"AGENT.H spyware. Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	Windows DLL Services	system.exe	"AGENT.H spyware"
X	Windows Driver Services	msdrvs32.exe	"Added by the WOOTBOT.L WORM!"
X	Windows Event Service	winserv.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows Explorer Services	exploresys.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows File Verification Service	wfvs.exe	Added by the RANKY.AC TROJAN!
X	Windows FileSharing Service	mcwsvc.exe	"Added by the IRCBOT.AJF BACKDOOR!"
X	Windows Firewall	ipservice32.exe	"Added by a variant of the RBOT WORM!"
X	Windows Firewall Service	wfsvc.exe	"Added by the IRCBOT-YL WORM!"
X	Windows Generic Services	winsvc32.exe	"Added by the AGOBOT-ZF BACKDOOR!"
X	Windows Genuine Validate	winservicessss.exe	"Added by the IRCBOT.UUI BACKDOOR!"
X	Windows Help Service	winhelpsv.exe	"Added by the RBOT-LP WORM!"
X	Windows Help Service	winhlp.pif	"Added by the RBOT-AKW WORM!"
X	Windows Host Service	scvhosts.exe	"Added by the SPYBOT.NLI WORM!"
X	Windows Host Service	host.exe	"Added by the KELVIR.AN WORM!"
X	Windows Host Service	svchoste.exe	"Added by the KELVIR.BF WORM!"
X	Windows Host Service	svchosts32.exe	"Added by the KELVIR.AW WORM!"
X	Windows HTTP services	winhttps.exe	"Added by a variant of the SDBOT WORM! See here"
X	Windows Instruction Services	winstruct32.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Internet Browser Services	internet.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Internet Browser Services	internet128.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Internet Browser Services	internet32.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Internet Browser Services	internet64.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Internet Service	wininet.exe	"Added by the RBOT-AUX WORM!"
X	Windows IP Security Service	ipsecs.exe	"Added by the RBOT.BPW WORM!"
X	Windows Kernel System Service	wkssvr.exe	"Added by a variant of the RANDEX.GEL WORM!"
X	Windows Keyboard Services	winkeyboard.exe	"Added by the IRCBOT.AFS WORM!"
X	Windows Keyboard Services	winkeybrd.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Keyboard Services	winkeybrd32.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Live Messenger Servicer	msmgslive.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Live Messenger Services	msgrlive.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Live Service	msnlive.exe	"Added by the SLENFBOT.DI WORM!"
X	Windows Live Servicer	usrserv.exe	"Added by the SMALL.LU BACKDOOR!"
X	Windows Loader	winServices.pif	"Detected by Kaspersky as the CARDSPY.D TROJAN!"
X	Windows Loader Service	civsc.exe	"Added by a variant of the RBOT WORM!"
X	Windows Local Services	localsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Local Services	netsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Local Services	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Local Services	svcadmin.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Local Services	svcman.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Local Services	svcrun.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Local Services	tcpsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Local Services	websvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Login Service	winlog.exe	"Added by the RBOT-AFN WORM!"
X	Windows Login Service	winlogin.pif	"Added by the SDBOT-ACU WORM!"
X	Windows Logon Application	services.exe	"Added by the CIADOOR-L TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows Logon Service	winlogon.pif	"Added by the RBOT-AOU WORM!"
X	Windows Logon Service	napi32.exe	"Added by the SPYBOT.ANDM WORM!"
X	Windows Logon Service	winlogoservice.exe	"Added by the SPYBOT.ANOO WORM!"
X	Windows Media Player Service	wmedia.exe	"Added by the RBOT.213504 WORM!"
X	Windows media service	crvss.exe	"Added by the SDBOT.VP WORM!"
X	Windows media service	crsss.exe	"Added by the RBOT.ACY WORM!"
X	Windows media service	Sygate32.exe	"Added by the RBOT.ADE WORM!"
X	Windows media services	cvrsss.exe	"Added by the RBOT-MW WORM!"
X	Windows Memory Running Services	memrun.exe	"Added by the IRCBOT.BLL BACKDOOR!"
X	Windows Messenger Service	winsmsgr.exe	"Added by the RBOT-VW WORM!"
X	Windows Messenger Service	kaspersky.exe	"Added by the MYTOB.HY WORM!"
X	Windows MeTaLRoCk service	metalrock.exe	"Added by the TASTYRED TROJAN!"
X	Windows Microsoft Service	[random filename]	"Added by the AGENT-HCD TROJAN!"
X	Windows Microsoft Services	[8 random letters].exe	"Added by the KOLAB.AW WORM!"
X	Windows Monitor Services	winmonitor.exe	"Added by the RBOT-XX WORM!"
X	Windows Monitoring Service	winmon.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Mouse Services	winmouse.exe	"Added by the IRCBOT.AGA BACKDOOR!"
X	Windows Mouse Services	winmouse64.exe	"Added by the IRCBOT.AIA BACKDOOR!"
X	Windows Net Cfg	service.exe	"Added by a variant of the RBOT WORM!"
X	Windows NetStart Service	winsN2S.exe	"Added by the RBOT-ZX WORM!"
X	Windows NetStart Service2	winsN2S.exe	"Added by the RBOT-ABN WORM!"
X	Windows NetStart Service2	winsN2SD.exe	"Added by a variant of the RBOT WORM!"
X	Windows Network Service	winvc32.exe	"Added by the RBOT.RY WORM!"
X	Windows Network Service	Msconf32.exe	"Added by a variant of the RBOT WORM!"
X	Windows Network Service	Realteks.exe	"Added by the RBOT-GTG WORM!"
X	Windows Network Services	winnetwork.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Network Services	winnetwork128.exe	"Added by the SLENFBOT.J WORM!"
X	Windows Network Services	winnetwork32.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows Network Services	winnetwork64.exe	"Added by a variant of the IRCBOT TROJAN! See here"
X	Windows NT Service Name	winshock.exe	"Added by the RBOT-PK WORM!"
X	Windows NT Service Name	svchcst.exe	"Added by the RBOT-NV WORM!"
X	Windows Reg Services	ffservice.exe	"Added by the DLOADER-PL or DLOADER-XM TROJANS!"
X	Windows Reg Services	dservice.exe	"Added by the PRORAT-D TROJAN!"
X	Windows Reg Services	fservice.exe	"Added by the PRORAT-D TROJAN!"
X	Windows Reg Services	ssservice.exe	"Added by the PRORAT-D TROJAN!"
X	Windows Reg Services	lncom.exe	"Added by the PRORAT-O TROJAN!"
X	Windows Reg Services	lservice.exe	"Added by the PRORAT-O TROJAN!"
X	Windows Reg Services	wservice.exe	"Added by the PRORAT-O TROJAN!"
X	Windows Registers	winservicess.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Registry Services	regserv.exe	"Added by the SLENFBOT.BB WORM!"
X	Windows Relay Service	ipcbind.exe	"Added by the DELFINJECT.F TROJAN!"
X	Windows Relay Service	irfnga.exe	"Added by the DROPPER.ACO TROJAN!"
X	Windows Running DLL Service	rundll128.exe	"Added by the IRCBOT.XDH BACKDOOR!"
X	Windows Running DLL Service	rundll64.exe	"Added by the SLENFBOT.HV WORM!"
X	Windows Screensaver	Service.exe	"Added by the KELVIR.P WORM!"
X	Windows Secure Services	ssms.exe	"Added by the RBOT-GAR WORM!"
X	Windows Security Authority Service	lsass.exe	"Added by the KALEL-A WORM! Note - this is not the legitimate lsass.exe process
X	Windows Security Service	[random file name]	"Added by the RBOT-ALV WORM!"
X	Windows Security Service	arrdt.exe	"Added by a variant of the RBOT WORM!"
X	Windows Security Service	windows.pif	"Added by the RBOT-AMG WORM!"
X	Windows Server Client Verification Service	wscvs.exe	"Added by the AGENT.AWC TROJAN!"
X	Windows Server IP Verification Service	wsivs.exe	"Added by an unidentified WORM or TROJAN! See here"
X	Windows Server Peer Verification Service	wspvs.exe	"Added by a variant of the RANKY TROJAN!"
X	Windows service	wuamgrd.exe	"Added by the RBOT-QW WORM!"
X	Windows Service	dddd.exe	"Detected by Kaspersky as Dialer.Salc
X	Windows Service	prvdi.exe	"Malware - detected by Kaspersky as the SMALL.RD TROJAN!"
X	Windows Service	video.exe	Added by an unidentified TROJAN!
X	Windows Service	svvhost.exe	"Added by the AGOBOT-HL WORM!"
X	Windows Service	private-zone.exe	Added by an unidentified WORM or TROJAN!
X	Windows Service	pd7.exe	"Added by the SMALL.VZ TROJAN!"
X	Windows Service	dstart4.exe	Added by an unidentified TROJAN!
X	Windows Service	pd14.exe	"Adware - detected by DiamondCS TDS-3 anti-trojan as the DELF.DG TROJAN!"
X	Windows Service	video2.exe	Added by the DOWNLOADER.SMALL.MY TROJAN!
X	Windows Service	services.exe	"Added by the KALEL-A WORM! Note - this is not the legitimate services.exe process
X	Windows Service	WINSVC.EXE	"Added by the SPYBOT-DH TROJAN!"
X	Windows Service	r.exe	"Added by a variant of the SMALL.VZ TROJAN!"
X	Windows Service	windowz.exe	"Added by the SDBOT-AYI WORM! Note - dissables the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF)"
X	Windows service	iexpl0rer.exe	"Added by the SDBOT.RO WORM!"
X	Windows Service	service.exe	"Added by the IRCBOT-ACV WORM!"
X	Windows Service	svchost.exe	"Added by the SPYBOT-AW TROJAN! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!"
X	Windows Service Ag3nt	[6 random letters].exe	"Added by the SDBOT.EZX TROJAN!"
X	Windows Service Agccnt	jeqcfyo.exe	"Added by the RBOT-GST WORM!"
X	Windows Service Agccnt	[random].exe	"Added by the SDBOT-DHL WORM!"
X	Windows Service Agccnt	rmizjgz.exe	"Added by the SDBOT-SIM WORM!"
X	Windows Service Agent	czf.exe	"Added by the RBOT-GAJ WORM!"
X	Windows Service Agent	[random filename].exe	"Added by the IRCBOT-XE TROJAN!"
X	Windows Service Agent	agl23.exe	"Added by the RBOT-GQU WORM!"
X	Windows Service Agent	co0l.exe	"Added by the RBOT-GQY WORM!"
X	Windows Service Agent	dsass.exe	"Added by the RBOT.MIRCO.BNG WORM!"
X	Windows Service Agent	msnmagr.exe	"Added by a variant of the SLAPER TROJAN!"
X	Windows Service Agent	taskmgr32.exe	"Added by the RBOT-GMN WORM!"
X	Windows Service Agent	win32wins.exe	"Added by the RBOT-LOL WORM!"
X	Windows Service Agent	winup32.exe	"Added by the RBOT-GQX WORM!"
X	Windows Service Agent	winupds32.exe	"Added by the RBOT-GQT WORM!"
X	Windows Service Agent	wit.exe	"Added by the RBOT-GQV WORM!"
X	Windows Service Agent	wmscc.exe	"Added by the RBOT-GQP WORM!"
X	Windows Service Agent	spoolvs.exe	"Added by the RBOT-GXI WORM!"
X	Windows Service Agent	spools.exe	"Added by the AGENT-GJF TROJAN!"
X	Windows Service Agent	msngear.exe	"Added by the RBOT.AHW BACKDOOR!"
X	Windows Service Agent	msngerr.exe	"Added by the RBOT.EOZ WORM!"
X	Windows Service Agent	[3 random letters].exe	"Added by the AGENT.AMEB TROJAN - see examples here and here"
X	Windows Service Agent	cxfrru.exe	"Added by the SDBOT.GAV WORM!"
X	Windows Service Agent	izszbayz.exe	"Added by the KOLAB.TC WORM!"
X	Windows Service Agent	jnxrcyc.exe	"Added by the RBOT.XAT BACKDOOR!"
X	Windows Service Agent	kafdprs.exe	"Added by the IRCBOT.HDE BACKDOOR!"
X	Windows Service Agent	krqbs.exe	"Added by the IRCBRUTE.AZ TROJAN!"
X	Windows Service Agent	lcaqmsp.exe	"Added by the RBOT.WFR BACKDOOR!"
X	Windows Service Agent	msnmsgr.exe	"Added by the RBOT.ABIK BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%"
X	Windows Service Agent	mxjunj.exe	"Added by the RBOT.EMC BACKDOOR!"
X	Windows Service Agent	ndibbeu.exe	"Added by the RBOT.XVD BACKDOOR!"
X	Windows Service Agent	nimcoo.exe	"Added by the RBOT.EWV WORM!"
X	Windows Service Agent	nod32.exe	"Added by the RBOT.BNG BACKDOOR!"
X	Windows Service Agent	sjbsm.exe	"Added by the SMALLTRO.II TROJAN!"
X	Windows Service Agent	sjbsmgm.exe	"Added by the IRCBOT.AHX WORM!"
X	Windows Service Agent	tjybssd.exe	"Added by the RBOT.XVD BACKDOOR!"
X	Windows Service Agent	umvcnm.exe	"Added by the RBOT.EMC BACKDOOR!"
X	Windows Service Agent	uqgpq.exe	"Added by the SMALLTRO.II TROJAN!"
X	Windows Service Agent	vbsxkhk.exe	"Added by the IRCBOT.AHX WORM!"
X	Windows Service Agent	wge23.exe	"Added by the RBOT.HHK BACKDOOR!"
X	Windows Service Agent	Windo.exe	"Added by the RBOT.NQS WORM!"
X	Windows Service Agent	ywgma.exe	"Added by the RBOT.DZT BACKDOOR!"
X	Windows Service Agent	winupd32.exe	"Added by the SDBOT.SYM WORM!"
X	Windows Service Agent	WinTcpip.exe	"Added by the SPYBOT.AP WORM!"
X	Windows Service Agent	idvcqv.exe	"Added by the AGOBOT-AJB WORM!"
X	Windows Service Agent 32	mrthd.exe	"Added by the AGENT-GAQ TROJAN!"
X	Windows Service Agnts	[8 random letters].exe	"Added by the SDBOT.BCQ WORM!"
X	Windows Service Ajav	java128.exe	"Added by the RBOT.BNG WORM!"
X	Windows Service alge	[random filename]	"Added by the RBOT.GJO TROJAN!"
X	Windows Service Controller	services.exe	"Added by the KALEL-B WORM! Note - this is not the legitimate services.exe process
X	Windows Service Controller Agent	taksmgr.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Service DC	uhpnjcjl.exe	"Added by the RBOT-GLY WORM!"
X	Windows Service Exec	ServiceLayer.exe	"Added by the SPYBOT-OI WORM! Note - do not confuse this with the Nokia service of the same name which resides in %ProgramFiles%\Common Files\PCSuite\Services or %Program Files%\PC Connectivity Solution. This one is located in %Windir%"
X	Windows Service Find	wrfkuk.exe	"Added by the IRCBOT-XZ TROJAN!"
X	Windows Service help	winservices.exe	"Added by the DROPPER.TT TROJAN!"
X	Windows Service Host	scvhost.exe	"Added by the SDBOT.N TROJAN!"
X	Windows Service Host	svchost.exe	"Added by the CONE.B WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows Service Host	svchost.exe	"Added by the KALEL-C WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	Windows Service Host	schost.exe	"Added by the GAOBOT.AO WORM!"
X	Windows Service Host Process	[path to file]	"Added by the EZIO-A WORM!"
X	Windows Service Hosting	USERINIT.exe	"Added by the GOMMER-A WORM!"
X	Windows Service Layer	config.exe	"Added by the RBOT.DDJ WORM!"
X	Windows Service Loader	Window.exe	"Added by the RBOT-XO WORM!"
X	Windows Service Management	svcmngmt.exe	"Added by the AGOBOT-NM WORM!"
X	Windows Service Manager	userint32.exe	"Added by the OSCABOT-C WORM!"
X	Windows Service Manager	localsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	msgs.exe	"Added by the OSCABOT-E WORM!"
X	Windows Service Manager	msnmrg.exe	"Added by the OSCABOT-G WORM!"
X	Windows Service Manager	netsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	svcadmin.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	svcman.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	svcmgr32.exe	"Added by the OSCABOT-D WORM!"
X	Windows Service Manager	svcrun.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	tcpsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	websvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Service Manager	taskmgr.exe	"Detected by Kaspersky as the IAMBIGBROTHER.91 TROJAN! Note - this is not the legitimate taskmgr.exeprocess which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""fonts\svc"" sub-folder"
X	Windows Service Manager	initsvc.exe	"Added by the RBOT-BWT WORM!"
X	Windows Service oi worms	[6 random letters].exe	"Added by the SYSTEMHI.OS TROJAN!"
X	Windows Service Pack 2	WindowsSP2.exe	"Added by the SDBOT-TQ WORM!"
X	Windows Service Pack Auto Update	winworks.exe	"Adware downloader - detected by eScan antivirus as the AGENT.BT TROJAN!"
X	Windows Service Pack Auto Update	figgaz.exe	"Detected by Kaspersky as the AGENT.BT TROJAN!"
X	Windows Service Pack Auto Update	ballin.exe	Added by an unidentified WORM or TROJAN!
X	Windows Service Pack Auto Update	del-me.exe	"Adware
X	Windows Service Pack2	svchhost.exe	"Added by a variant of the RBOT WORM!"
X	Windows Service Pack2	WIN43.EXE	"Added by the GAOBOT.G WORM!"
X	Windows Service Supply	winsupply.exe	"Added by the SLENFBOT.CZ WORM!"
X	Windows Service Support Call	SVSS32.EXE	"Added by the RBOT-XQ WORM!"
X	Windows Service SV	sv32.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Windows Service Threads	svcthreading.exe	"Added by the SHEUR.AUM TROJAN!"
X	Windows Service Threads	svcthreads.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Service Update	livecal.exe	"Added by the SDBOT-DEY WORM!"
X	Windows Service Update	crsss.exe	"Added by the SDBOT.CWX WORM!"
X	Windows Service Update	mswsgs.exe	"Added by the RBOT.FQB WORM!"
X	Windows Service Utitity	winsrvc.exe	"Added by the RBOT-ASI WORM!"
X	Windows Service XP	XpFirewall.exe	"Added by the MYTOB.AM WORM!"
X	Windows Servicer	xqobypik.exe	"Added by the SDBOT-DFB WORM!"
X	Windows Services	service.exe	"Added by the RANDEX.R WORM!"
X	Windows Services	svchosts.exe	"Added by the AGOBOT-KL TROJAN!"
X	Windows Services	Explorer.exe	"Added by the SDBOT-WT WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%"
X	Windows Services	NetworkDriver32.exe	"Added by the RBOT-ACR WORM!"
X	Windows Services	scmsg.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Services	scvhoste.exe	"Added by the SPYBOT.OBZ WORM!"
X	Windows Services	winsvc32.exe	"Added by the MYTOB-CB WORM!"
X	Windows Services	NetworkDrivers.exe	"Added by the SDBOT-YO WORM!"
X	Windows Services	smsc.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Services	spoolsvc.exe	"Added by the SDBOT.CPZ WORM!"
X	Windows Services	iexplore.exe	"Added by the RBOT-WE WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%"
X	Windows Services	avsrv32.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows Services	servicez.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services	w32edus.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services	w32service.exe	"Added by the AUTORUN-FU WORM!"
X	Windows Services	w32services.exe	"Added by the AUTORUN-FT WORM!"
X	Windows Services	winlogon.exe	"Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate winlogon.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows Services	winsysdll.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services	winsyssrv.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services	winudp.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows Services	filename.exe	"Added by the SDBOT.FSK BACKDOOR!"
X	Windows Services	svhost33.exe	"Added by the RBOT.AFN WORM!"
X	Windows Services	services.exe	"Added by the AGENT-MVC TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows Services	wupdate.exe	"Added by the GAOBOT.ZT WORM!"
X	Windows Services Agant	regs32.exe	"Added by the SDBOT-DIK WORM!"
X	Windows Services Aganters	[10 random letters].exe	"Added by the RBOT.CUN WORM!"
X	Windows Services Agent	msngears.exe	"Added by the VB-EMS TROJAN!"
X	Windows Services alges2	[8 random letters].exe	"Added by a variant of the RBOT WORM!"
X	Windows Services B-Runner	svcbrun.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services B-Runner	svcbrunner.exe	"Added by the IRCBOT.BYV BACKDOOR!"
X	Windows Services Certification	svccert.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services Guide	svcguide.exe	"Added by the SLENFBOT.KQ WORM!"
X	Windows Services Guide	svcguides.exe	"Added by the SHEUR.YS BACKDOOR!"
X	Windows Services Host	svchost.exe	"Added by the CONE or CONE.E WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	Windows Services Hosts	svhosts.exe	"Added by the SDBOT-YH TROJAN!"
X	Windows Services Ink Platform Tablet Input Subsystem	wsiptis.exe	"Added by the RBOT.APC WORM!"
X	Windows Services Jog	svcjog.exe	"Added by the AGENT.ALWZ WORM!"
X	Windows Services Jog	svcjogg.exe	"Added by the AGENT.QAF WORM!"
X	Windows Services Joger	svcjoger.exe	"Added by the RBOT.CAT WORM!"
X	Windows Services Jogging	svcjogging.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Services Joging	svcjoging.exe	"Added by the IRCBOT.AVI BACKDOOR!"
X	Windows Services Layer	winlogz2.exe	"Added by the RBOT-FZE WORM!"
X	Windows Services Layer	winl0g0.exe	"Added by the RBOT-FZQ WORM!"
X	Windows Services Layer	sslms.exe	"Added by the RBOT-GAH WORM!"
X	Windows Services M7	ctfmon32.exe	"Added by the AGENT.WOH TROJAN!"
X	Windows Services Tower	svctowers.exe	"Added by the IRCBOT.AGJ BACKDOOR!"
X	Windows Services Tower	svctowing.exe	"Added by the SLENFBOT.LA WORM!"
X	Windows Services Update	svch0st.exe	"Added by a variant of the RBOT WORM! Note - the filename has the digit 0 rather then the uppercase ""o"""
X	Windows smss service	service.exe	"Added by the AGENT-FPY TROJAN!"
X	Windows SpoolaPrint Service	spoolasrv.exe	"Added by the SDBOT-AYD WORM!"
X	Windows Spooler Control Service	qwidh.exe	"Added by a variant of the SPYBOT WORM! See here"
X	Windows Spooler Services	spool.exe	"Added by the AGOBOT-AMO WORM!"
X	Windows SpoolPrint Service	spoolersrv.exe	"Added by the SDBOT-ZT WORM!"
X	Windows spoolservr Service	spoolservr.exe	"Added by the SDBOT-AAN WORM!"
X	Windows Spoolsre Service	spoolsre.exe	"Added by the SDBOT-AAE WORM!"
X	Windows Spoolsrv Service	spoolmsv.exe	"Added by the SDBOT-ZS WORM!"
X	windows spoolsrv service	spoolssv.exe	"Added by the SDBOT-AWV WORM!"
X	Windows Spoolsurf Service	spoolsurf.exe	"Added by the SDBOT-ZZ WORM!"
X	Windows SpooltPrint Service	spooltsrv.exe	"Added by the SDBOT-AYE WORM!"
X	Windows Spoolvvv Service	spoolvvv.exe	"Added by the SDBOT-AAW WORM!"
X	Windows Sql Service For Windows 32 Bit	winsql32.exe	"Added by the FORBOT-FC WORM!"
X	Windows Startup	services21.exe	"Added by the AGOBOT-MX WORM!"
X	Windows svchost	service.exe	"Added by the PUSHBOT.DU WORM!"
X	Windows svchost	serviceaaa.exe	"Added by the PUSHBOT.ER WORM!"
X	Windows svchost	servicean.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows svchost	serviceam.exe	"Added by the PUSHBOT.EY WORM!"
X	Windows Svshost Service Update 32	svcsshost32.exe	"Added by the FORBOT-GD WORM!"
X	Windows System 32-Bat Service	win32bat.exe	"Added by the MYTOB.FI WORM!"
X	windows system service	winsock.exe	"Added by the RBOT-MR WORM!"
X	Windows System Service	wnuserv.exe	"Added by the SPYBOT.ANDM WORM!"
X	Windows System Service	[worm filename]	"Added by the RBOT.XG WORM!"
X	Windows Task Service (32-bits)	tasksys.exe	"Added by the DREFIR.D WORM!"
X	Windows Taskmanager	service.exe	"Added by the PUSHBOT.OR WORM!"
X	Windows TaskManager Service	windns32.exe	"Added by the AGOBOT-JP WORM!"
X	Windows Temperate Services	wintmp.exe	"Added by the SLENFBOT.ZW WORM!"
X	Windows Time	tmservice.exe	"Added by a variant of the RBOT-YK WORM!"
X	Windows Time Service Diagnostic Tool	winscrvs.exe	"Added by the RBOT.FTV BACKDOOR!"
X	Windows UDP Control Services	wksvcsc.exe	"Added by the ANTIAV-C TROJAN!"
X	Windows Update Client Service	windrvl32.exe	"Added by the AGOBOT-MM TROJAN!"
X	Windows Update Monitoring Service	winupdt.exe	"Added by the RBOT-PL WORM!"
X	Windows Update Service	csrs.exe	"Added by the AGOBOT-NI WORM!"
X	Windows Update Service	smcg.exe	"Added by the SDBOT.QY WORM!"
X	Windows Update Service	SP00ISS.exe	"Added by the SDBOT-ZH WORM!"
X	Windows Update Service	update32.pif	"Added by the RBOT-ALC WORM!"
X	Windows Update Service	trest.exe	Identified by BitDefender as a variant of the PEED TROJAN!
X	Windows Update Service	wmiprvse32.exe	"Added by the AGOBOT.NI WORM!"
X	Windows Update Service	regscv.exe	"Added by the AGOBOT-AM BACKDOOR!"
X	Windows Update Service	msupdate32.exe	"Added by the DLOADR-CRJ TROJAN!"
X	Windows Update Service 2004/2005	systemupdate.exe	"Added by the RBOT-JE WORM!"
X	Windows Update services	wins32svcs.exe	"Added by a variant of the RBOT WORM!"
X	Windows Update Services	winupdate32.exe	"Added by a variant of the RBOT WORM!"
X	Windows Updater Service Manager	winupdatr.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Windows Updater Services	msnupdate.exe	"Added by a variant of the RBOT WORM!"
X	Windows Updating Service	updating.pif	"Added by the RBOT-ALW WORM!"
X	Windows USB 2.0 Driver	usbservice.exe	"Added by the RBOT-BLF WORM!"
X	Windows USB Service	666.exe	"Added by the MYTOB.AR WORM!"
X	Windows Version Service	sysvers.exe	"Added by the SLENFBOT.IF WORM!"
X	Windows Version Service	sysvers32.exe	"Added by the SLENFBOT.HZ WORM!"
X	Windows Virtual Services	winvirtual.exe	"Added by the SLENFBOT.IE WORM!"
X	Windows Virtual Services	winvirtual32.exe	"Added by the SLENFBOT.IB WORM!"
X	Windows Vista Corparation Agent Services	winxp_sp3.exe	"Added by a variant of the IRCBOT TROJAN!"
X	Windows Web Services	localsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	netsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	spoolsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	svcadmin.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	svcman.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	svcrun.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	tcpsvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Web Services	websvc.exe	"Added by the DLOADER-NY TROJAN!"
X	Windows Winhlp32 Stub Service	winhlp32.pif	"Added by the AIMBOT.AH TROJAN!"
X	Windows WKS Services	wkssvr1.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	Windows Workstation Service	explore.exe	Added by unknown malware
X	Windows Workstation Service	wkssvc.exe	"Added by the IRCBOT-AAI WORM!"
X	Windows Workstation Service (32-bits)	wkssvc32.exe	"Added by a variant of the SDBOT WORM!"
X	Windows Workstation Service [5.1-2600]	windrm.exe	"Added by the RBOT-CNY WORM!"
X	Windows Workstation Start Service	mslanmgr.exe	"Added by a variant of the RBOT WORM!"
X	Windows Xp Service Pack 2	svchost.exe	"Added by the XPLOS-A TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!"
X	Windows-XP-Service-Pack	xpspz.exe	"Added by the SDBOT-AAC WORM!"
X	Windows32 Messenger Service	msmsgv.exe	"Added by the RBOT.ANS WORM!"
X	WindowsNT CWServices	CWServices.com	"Detected by Bitdefender as the AGENT.AGDK TROJAN! See here"
X	WindowsNT Services	Services.com	"Detected by Bitdefender as the DELF.OFC TROJAN! See here"
X	Windowss Service Agent	mssngear.exe	"Added by the RBOT.KGU BACKDOOR!"
X	WindowsService	[random name].dll	"Added by the VUNDO-X TROJAN!"
X	WindowsServicesH	servicedhs.exe	"Added by the AGOBOT-JD WORM!"
X	WindowsServicesStartup	svchost.exe	"Added by the ECUP WORM! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Temp%"
X	WindowsUpdate Service	wuautlc.exe	"Added by the RBOT-NR WORM!"
X	Windowsupdate Service	csrss.exe	"Added by the BABA-B WORM! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root folder (ie
X	Windows_Serivce	SERVICE.exe	"Added by the WOOTBOT.AH WORM!"
X	WinFix service	rsswjzgp.exe	"Added by the RBOT-FAE WORM!"
X	WinFixer service	[random filename].exe	"Added by a variant of the SDBOT WORM!"
X	WinINet	services.exe	"Added by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus and note the space at the beginning of the ""Startup Item"" field"
X	winlogon service	urx.exe	"Added by the SPYBOT.EN WORM!"
X	WinLsass	servicec.exe	"Added by the SCANE WORM!"
X	WinRaR Service	WinrarCO.com	Added by an unidentified WORM/TROJAN!
X	WinReg32 service	holqdnoxpmeu.exe	"Added by a variant of the SDBOT WORM!"
X	Wins Service Driver	winet.exe	"Added by the RBOT-APV WORM!"
X	Wins Update 32	services32.exe	"Added by the FORBOT-FN WORM!"
X	Winservice	winmain.exe	Adult content related malware
X	winservice	svchost.exe	"Added by the CVK BACKDOOR! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""services"" sub-folder"
X	WinService	hosth.exe	"Added by the DWNLDR-FUX TROJAN!"
X	WinService	Ttt.exe	"Added by the MSNVB-D WORM!"
X	WinService	WinServ.exe	"Added by the SKOWOR-O WORM!"
U	WinService32	ssmgr.exe	"007 Spy Software - ""stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"""
U	WinService32	svchost.exe	"007 Spy Software - ""stealthy monitoring program which allows you to secretly track all activities of computer users and automatically deliver logs to you via Email or FTP"""
X	WinServices	WinServices.exe	"Added by the YAHA.K or YAHA.M WORMS!"
X	winservices	bootvfy.exe	Added by an unidentified WORM or TROJAN!
X	Winsock6 MIC driver	ieservicesupd.exe	"Added by the SPYBOT.AFZ WORM!"
X	winsrv3	services.exe	"Added by the NAFBOT-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	WinStart	services.exe	"Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status and note the space at the beginning of the ""Startup Item"" field"
X	Winupdate Service	winxp.exe	"Added by the SPYBOT.IR WORM!"
X	Winux Piriax Service	PH32.EXE	"Added by the RANDEX.G WORM!"
X	WinXPService	lsass.exe	"Added by the ZAPCHAS-AS TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""Lavan"" subfolder"
X	WinXPService	taksmgr.exe	Identified as a variant of the IRC/Flood.tool malware
X	WinXPService	Tskdbg.exe	"Added by the MDROP-BPQ TROJAN!"
X	WinXPService	ctfmon.exe	"Added by a variant of the IRCBOT BACKDOOR! Note - this is not the legitimate ctfmon.exe process associated with alternate text inputs which is always located in %System%. This one is located in a ""ctf"" sub-folder"
X	WinXPService	mirc.exe	"Added by a variant of the IRCBOT BACKDOOR! See here"
X	WinXPService	nero.exe	"Added by the IRCFLOOD.AG BACKDOOR! Note - this is not the Nero CD/DVD burning software by Ahead Software which is normally located in %ProgramFiles%\Ahead\Nero. This file is found in %System%"
X	WinXPService	taksmgr.exe	"Added by the KIRSUN.A BACKDOOR! The file is located in %System%"
X	WinXPService	taksmgr.exe	"Added by the KIRSUN.A BACKDOOR! The file is located in the root directory
X	WinXPService	wacult.exe	"Added by the KIRSUN.A BACKDOOR! The file is located in %Windir%\Fonts"
X	WinXPService	wacult.exe	"Added by the KIRSUN.A BACKDOOR! The file is located in %System%\mnut"
X	WinZix Service	wakeservice.exe	"WinZix adware"
X	WMAudio	services.exe	"Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process
X	WMDM PMSP Service	cssrss.exe	"Added by the KNOCKIT-A TROJAN!"
X	WMI Performance Adapter Services	wmiapsrvs.exe	"Added by the RBOT.COU BACKDOOR!"
X	WMI Service Client	wmispv.exe	"Added by the AUTORUN-ASX WORM!"
X	WMSDOS-ServicePack2	cmd.exe /c C:WMSDOS.sys	"Detected by Bitdefender as the DELF.OFC TROJAN! See here. Note that cmd.exe is a legitimate Microsoft file normally located in %System% and shouldn't be deleted"
X	WN Services	wnsvc.exe	"Added by the KBBOT-A TROJAN!"
X	Workstation Services	wrkstn.exe	"Added by the RBOT-OJ WORM!"
X	WPSVC Services	wpnsc.exe	"Added by a variant of the IRCBOT BACKDOOR!"
X	Wsdata service	WSconf.exe	"Added by the SDBOT.ZU WORM!"
U	WService	WService.exe	"Tablet client Driver for UC-Logic Pen/Graphics Tablet"
U	WSVCS	SERVICES.EXE	"WSLogger keystroke logger/monitoring program - remove unless you installed it yourself!"
Y	WUOLService	WUOLService9x.exe	"Remote wakeup status agent. Part of Novell's ZenWorks. Processes Wake-up on LAN requests (turn on a computer remotely on LAN)"
U	WZCBDLService	WZCBDL9X.exe	WZCBDLService Launcher from D-Link - configuration/drivers
X	wzservice	hess.exe	Added by the HACKARMY.W TROJAN!
U	X10 Device Network Service	x10nets.exe	Belongs to X10 video streaming device(s)
X	XML Service	msxml.exe	"Added by the RBOT-HD WORM!"
X	XP Service Pack	xpservicepack.exe	"Added by the SDBOT.AQA WORM!"
X	xp service pack 2	xpsp2.exe	"Added by the RBOT-KW WORM!"
X	Xpsystem	SERVICES.EXE	"Added by the DAEMOZ.A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\SERVICES"
X	xpsystem	services.exe	"CoolWebSearch parasite variant. Note - this is not the legitimate services.exe process
X	xp_system	services.exe	"Added by the KREPPER-N TROJAN and variants! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! The one is located in a %Windir%\inet*** - where *** varies dependent upon the variant
X	XTN Service Drivers	winxtn.exe	"Added by the SDBOT-YK WORM!"
X	XTServiceUpdate	XTServiceUpdate.exe	hahame.net adware downloader
Y	ZENworks Imaging Service	ZISWin.exe	"Imaging Agent. Part of Novell's ZenWorks - "Complete End-to-End Directory-enabled Network Management""
X	zSecurity Service	szsvc.exe	"Added by the SDBOT-DAB WORM!"
X	zsmsgs	iservice.exe	"Added by the BANCOS-BU TROJAN!"
X	[random name]	services.exe	"PurityScan adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!"
X	[various names]	Serviceprocess.exe	"Wareout - malware masquerading as a spyware and dialer remover"
X	_ntrRescueService	_ntrrs.exe	"Added by the DLOADER-JV TROJAN!"
X	_Services.dll	smss.exe	"Added by the SOBER-L WORM! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\msagent\system"
X	_SystemBoot	services.exe	"Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Help\Help"
X	_WinCheck	services.exe	"Added by the SOBER.V WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus\Microsoft"
X	_WinData	services.exe	"Added by the SOBER-AD WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\PoolData"
X	_Windows	services.exe	"Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %windir%\WinSecurity"
X	_WinINet	services.exe	"Added by the SOBER.R WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\ConnectionStatus"
X	_WinStart	services.exe	"Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Connection Wizard\Status"
X	{357AA41A-B7A8-4632-A27D-5B980B25CF43}	services.exe	"FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in an ""Inetsrv"" subfolder"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.