It is up to the user...to determine whether a listed service is valid...or not, since malware can be disguised or misinterpreted for a valid service when one looks only at a filename.
IMO, the key characteristics a user needs are:
a. The ability to use Google or some other search engine to look up available info on any suspect file.
b. The understanding that what one "sees" is often not what is on that printed page. Example: iexplore.exe is valid, while iexplorer.exe is often seen by users to be the valid service.
c. The understanding that file placement and typical file size data is readily available, using Google or other search engine, for many (if not most) valid filenames. If a file presumed to be legit is in a location that it should not be...and the file size does not tie in with listed known filesizes...that should be an alarm.
Dates, but still apllicable: Are You Infected Detecting Malware Infection - http://www.securityfocus.com/infocus/1666
Malware grows more sophisticated daily, while users seem to grow more careless or unconcerned, IMO. The chief weakness in any system's security posture...seems to lie with the user, not with all the programs, schemes, and procedures which have been devised...to assure users a system that is free of malware or at least capable of negating such.
That's the approach I take...there is no easy answer other than to address my biggest obstacle to system security...which is...myself.