Try downloading a copy of Helios (do a Google search). It finds many of the known rootkits and hidden processes loaded behind the scenes that are normally invisible to users - and it is free. I have also found the new free product from AVG (the anti-virus folks) called AVG Anti-Spyware to be very effective in picking up processes and applications that most of the other commercial software seems to miss.
<t>Check out Gargoyle Forensic pro by Wetstone Software. Its purpose is to find all MALWARE (malicious Software) installed, or previously installed, on a computer.<br/> <br/> The purpose of Gargoyle is to have a fast and easy way to provide us with valuable information regarding the contents of a suspect’s computer along with essential information about it’s owner's computer use. How many times have we come across a program that was used and then uninstalled to cover the bad guy’s tracks? <br/> <br/> This gives us the capability to quickly determine both the benign applications, (standard desktop software) resident on the system, as well as to determine what doesn’t belong there as well. Malware detection at this level provides an instant mini-profile of the user based on their use of a particular cyber weapon. Almost the same as finding a gun in a suspect’s possession. It doesn’t mean he used it, but he could have. And, that’s important. This layer of digital environmental detection and analysis provides a solid foundation for further investigation.<br/> <br/> We all now how Known File Filtering (KFF) has become a common practice during our digital forensic investigations, but the purpose of KFF has been to filter out files from the investigation that are “known” and benign, in order reduce the amount of digital information that needs to be examined. This does not help when looking for programs that are unknown and can cause harm. This program allows us to go beyond filtering out the non-relevant programs as the National Software Reference Library has done in the past, and allows us to uncover potentially hostile programs on a suspect computer. Just finding traces of their existence or prior existence is sometimes all we need in an investigation. <br/> <br/> As their product description says: “Gargoyle performs rapid searches for known “bad or hostile” programs, their associated files and remnants of files. Once identified, Gargoyle also maps the detected files to the associated cyber weapons, and classifies them into a category of malware. MalWare detection allows investigators to employ datasets like NSRL or build their own specialized databases of hash codes based on hostile or malicious content that can provide significant clues regarding the activities, motives and even the intent of suspects or potential suspects. And the process can be performed in just minutes. Speed and accuracy are the obvious objectives of such a process, however, an added benefits is the automatic generation of new clues and information not just more data. One of the interesting aspects of MalWare detection is the generation of the databases of hash codes that are needed to identify malware.”<br/> <br/> A legitimate program that “can” be used for bad things will never show up in a McAfee or Norton scan.</t>