Warning: Use the following advice entirely at own risk! An automatic analysis should never substitute an expert's analysis.
These are the results of your HijackReader analysis:
Analysis date:12-27-2007, 16:21:45
HijackThis Version: v2.0.2
Log-length: 109 lines
HijackReader Version: HijackReader v1.03 Beta
| Action: | Entry: | Notes: | Description: | Look-up |
| FIX IF UNKNOWN | R0 - HKCU\Software\Microsoft\Internet Explorer\Ma in,Start Page = http://www.startsiden.no/ | Fix it, if you don't recognize the the program. | Internet Explorer Start/Search pages URLs | |
| FIX IF UNKNOWN | R1 - HKLM\Software\Microsoft\Internet Explorer\Ma in,Default_Page_URL = http://go.microsoft.com/fwl ink/?LinkId=69157 | Fix it, if you don't recognize the the program. | Internet Explorer Start/Search pages URLs | |
| FIX IF UNKNOWN | R1 - HKLM\Software\Microsoft\Internet Explorer\Ma in,Default_Search_URL = http://go.microsoft.com/f wlink/?LinkId=54896 | Fix it, if you don't recognize the the program. | Internet Explorer Start/Search pages URLs | |
| FIX IF UNKNOWN | R1 - HKLM\Software\Microsoft\Internet Explorer\Ma in,Search Page = http://go.microsoft.com/fwlink/? LinkId=54896 | Fix it, if you don't recognize the the program. | Internet Explorer Start/Search pages URLs | |
| FIX IF UNKNOWN | R0 - HKLM\Software\Microsoft\Internet Explorer\Ma in,Start Page = http://go.microsoft.com/fwlink/?L inkId=69157 | Fix it, if you don't recognize the the program. | Internet Explorer Start/Search pages URLs | |
| FIX IF UNKNOWN | R0 - HKCU\Software\Microsoft\Internet Explorer\To olbar,LinksFolderName = Koblinger | Fix it, if you don't recognize the the program. | Internet Explorer Start/Search pages URLs | |
| OK | O2 - BHO: Koblingshjelpeprogram for Adobe PDF Rea der - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \Programfiler\Fellesfile r\Adobe\Acrobat\ActiveX\ AcroIEHelper.dll | Checked with TonyK's List. No threats found. | Browser Helper Objects | Google Castlecops |
| OK | O2 - BHO: (no name) - {53707962-6F74-2D53-2644-20 6D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll | Checked with TonyK's List. No threats found. | Browser Helper Objects | Google Castlecops |
| OK | O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B 6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0 _03\bin\ssv.dll | Checked with TonyK's List. No threats found. | Browser Helper Objects | Google Castlecops |
| FIX (CHECK NOTES!) | O2 - BHO: (no name) - {92335157-984B-4692-8405-53 0335CA9F27} - C:\WINDOWS\system32\nflyiyto.dll (f ile missing) | Possible threat found! Please note: \{92335157-984B-4692-8405-530335CA9F27}|X BHO TB|[random filename]|(no name)|ConHook|http://research.sunbelt-software.com/threatdisplay.aspx?threatid=45786 aka Chisyne, http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=48117 trojan variant - VirtuMonde/Vundo, http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99 adware downloader|http://www.castlecops.com/clsid-32907.html. | Browser Helper Objects | Google Castlecops |
| UNDETERMINED | O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03 FF8D167D79} - C:\WINDOWS\system32\fvqfuvxh.dll (f ile missing) | Checked, but not found in Tony K's List. Status unknown. | Browser Helper Objects | Google Castlecops |
| OK | O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD- 4d91-8333-CF10577473F7} - c:\programfiler\google\ googletoolbar3.dll | Checked with TonyK's List. No threats found. | Browser Helper Objects | Google Castlecops |
| UNDETERMINED | O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43 -7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\G oogle\GoogleToolbarNotif ier\2.0.301.7164\swg.dll | Checked, but not found in Tony K's List. Status unknown. | Browser Helper Objects | Google Castlecops |
| OK | O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44 EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\O nline Start\IEFixItNowPl ugin.dll | Checked with TonyK's List. No threats found. | Browser Helper Objects | Google Castlecops |
| OK | O2 - BHO: EpsonToolBandKicker Class - {E99421FB-6 8DD-40F0-B4AC-B7027CAE2F1A} - C:\Programfiler\EPS ON\EPSON Web-To-Page\EPS ON Web-To-Page.dll | Checked with TonyK's List. No threats found. | Browser Helper Objects | Google Castlecops |
| OK | O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B- 4404-994D-C6B60AAEBA6D} - C:\Programfiler\EPSON\E PSON Web-To-Page\EPSON W eb-To-Page.dll | Checked with TonyK's List. No threats found. | IE toolbars | Google Castlecops |
| OK | O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18- 009027A5CD4F} - c:\programfiler\google\googletool bar3.dll | Checked with TonyK's List. No threats found. | IE toolbars | Google Castlecops |
| UNDETERMINED | O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Progra mfiler\Java\jre1.6.0_03\bin\jusched.exe" | *** GOOD: jusched.exe - Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel. *** POSSIBLE THREAT: scvhost.exe - Added by the SDBOT-AVX WORM!. *** POSSIBLE THREAT: javamx.exe. | Autoloading programs from Registry or Startup group | |
| UNDETERMINED | O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE | *** POSSIBLE THREAT: soundman.exe - Added by the RBOT-GCI WORM!. *** GOOD: Soundman.exe - Related to a Silicon Integrated Systems Corp (SiS) product?. *** GOOD: soundman.exe. *** POSSIBLE THREAT: soun.pif. | Autoloading programs from Registry or Startup group | |
| OK | O4 - HKLM\..\Run: [VTTimer] VTTimer.exe | *** GOOD: VTTimer.exe - Driver file for the on-board VIA/S3G KM400/KN400 graphics which enables TV in/out communication. | Autoloading programs from Registry or Startup group | |
| OK | O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe | *** GOOD: VTtrayp.exe - Part of S3 Graphics Controllers - S3 Screentoys Helper. | Autoloading programs from Registry or Startup group | |
| OK | O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bi n\ZLH.EXE /LOAD /SPLASH | *** GOOD: ZLH.EXE - System Tray icon for Norman Antivirus. | Autoloading programs from Registry or Startup group | |
| OK | O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe | *** GOOD: sm56hlpr.exe - Helper utility for Motorola based SM56 software modems - resides in the System Tray. | Autoloading programs from Registry or Startup group | |
| UNDETERMINED | O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WI NDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EX E /P23 "EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48" | Autoloading programs from Registry or Startup group | ||
| UNDETERMINED | O4 - HKLM\..\Run: [ByggsafeServer] C:\Programfile r\Byggsafe\Byggsafe Total\Bin\ByggsafeServer.exe | Autoloading programs from Registry or Startup group | ||
| UNDETERMINED | O4 - HKLM\..\Run: [Telenor Online Start] "C:\Prog ramfiler\Telenor\Online Start\Telenor.exe" | Autoloading programs from Registry or Startup group | ||
| UNDETERMINED | O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] " C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl .exe" | Autoloading programs from Registry or Startup group | ||
| UNDETERMINED | O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C :\WINDOWS\system32\gqxhqxmt.dll",forkonce | Autoloading programs from Registry or Startup group | ||
| UNDETERMINED | O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messe nger\msmsgs.exe" /background | *** POSSIBLE THREAT: msmsgs.exe - Added by the CHODE-J WORM!. *** POSSIBLE THREAT: msmsgs.exe. *** POSSIBLE THREAT: msmsgss.exe. *** GOOD: msmsgs.exe - KITRO.A WORM!. *** POSSIBLE THREAT: msnmsgs.exe. *** POSSIBLE THREAT: msnmsgs.exe. *** POSSIBLE THREAT: msmsgs.exe. *** POSSIBLE THREAT: msmsgs.exe. *** POSSIBLE THREAT: MSMSGS.EXE. *** POSSIBLE THREAT: msnmsgs.exe. *** POSSIBLE THREAT: msmsgs.exe. *** POSSIBLE THREAT: msmsgs.exe. *** POSSIBLE THREAT: msmsgs.exe. *** POSSIBLE THREAT: msmsgs.exe. *** POSSIBLE THREAT: MSMSGS.EXE. *** POSSIBLE THREAT: Explorer.exe, msmsgs.exe. *** POSSIBLE THREAT: ymsmsgs.exe. | Autoloading programs from Registry or Startup group | |
| UNDETERMINED | O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Ad obe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" Ac RdB7_0_8 -reboot 1 | *** POSSIBLE THREAT: updmgr.exe - Added by the SouthBeachTel premium rate adult content dialer. *** GOOD: AdobeUpdateManager.exe - Automatic updates for the Adobe Reader file viewer. *** GOOD: updatemgr.exe. *** GOOD: updatemgr.exe. *** POSSIBLE THREAT: updatemgr.exe. | Autoloading programs from Registry or Startup group | |
| UNDETERMINED | O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\Go ogleToolbarNotifier\GoogleToolbarNotifier.exe | *** POSSIBLE THREAT: wscript.exe [path] ShakiraPics.jpg.vbs - Added by the VBSWG.AQ WORM!. *** GOOD: GoogleToolbarNotifier.exe - Companion to the Google Toolbar that lets you keep Google as your default search engine and prevents this setting from being changed without your consent. Shouldn't remain in memory after the feature is disabled as it's a bug - see here. *** POSSIBLE THREAT: RBSKQQBO.EXE. | Autoloading programs from Registry or Startup group | |
| UNDETERMINED | O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Programfile r\ErrorSafe Free\uers.exe" /min | Autoloading programs from Registry or Startup group | ||
| OK | O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOW S\system32\CTFMON.EXE (User 'LOKAL TJENESTE') | *** GOOD: ctfmon.exe - CTFMon is involved with the language/alternative input services in Office XP. Ctfmon.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see here. Ctfmon can be disabled from Control Panel, Text & Speech Services. Note - the file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan! Can cause problems with some other programs if left enabled - see here for such an example. *** GOOD: ctfmon.exe. *** POSSIBLE THREAT: ctfmon32.exe - CoolWebSearch Ctfmon32 parasite variant. *** POSSIBLE THREAT: ctfmon.exe. *** POSSIBLE THREAT: msupdate32.exe. *** GOOD: ctfmon.exe. ***USERLIST: Office XP-related. | Autoloading programs from Registry or Startup group | |
| OK | O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOW S\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') | *** GOOD: ctfmon.exe - CTFMon is involved with the language/alternative input services in Office XP. Ctfmon.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see here. Ctfmon can be disabled from Control Panel, Text & Speech Services. Note - the file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan! Can cause problems with some other programs if left enabled - see here for such an example. *** GOOD: ctfmon.exe. *** POSSIBLE THREAT: ctfmon32.exe - CoolWebSearch Ctfmon32 parasite variant. *** POSSIBLE THREAT: ctfmon.exe. *** POSSIBLE THREAT: msupdate32.exe. *** GOOD: ctfmon.exe. ***USERLIST: Office XP-related. | Autoloading programs from Registry or Startup group | |
| OK | O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOW S\system32\CTFMON.EXE (User 'SYSTEM') | *** GOOD: ctfmon.exe - CTFMon is involved with the language/alternative input services in Office XP. Ctfmon.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see here. Ctfmon can be disabled from Control Panel, Text & Speech Services. Note - the file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan! Can cause problems with some other programs if left enabled - see here for such an example. *** GOOD: ctfmon.exe. *** POSSIBLE THREAT: ctfmon32.exe - CoolWebSearch Ctfmon32 parasite variant. *** POSSIBLE THREAT: ctfmon.exe. *** POSSIBLE THREAT: msupdate32.exe. *** GOOD: ctfmon.exe. ***USERLIST: Office XP-related. | Autoloading programs from Registry or Startup group | |
| OK | O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOW S\system32\CTFMON.EXE (User 'Default user') | *** GOOD: ctfmon.exe - CTFMon is involved with the language/alternative input services in Office XP. Ctfmon.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see here. Ctfmon can be disabled from Control Panel, Text & Speech Services. Note - the file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan! Can cause problems with some other programs if left enabled - see here for such an example. *** GOOD: ctfmon.exe. *** POSSIBLE THREAT: ctfmon32.exe - CoolWebSearch Ctfmon32 parasite variant. *** POSSIBLE THREAT: ctfmon.exe. *** POSSIBLE THREAT: msupdate32.exe. *** GOOD: ctfmon.exe. ***USERLIST: Office XP-related. | Autoloading programs from Registry or Startup group | |
| UNDETERMINED | O4 - Global Startup: Service Manager.lnk = C:\Pro gramfiler\Microsoft SQL Server\80\Tools\Binn\sqlm angr.exe | *** POSSIBLE THREAT: [path to worm] - Added by the RPCBOT.F TROJAN!. *** GOOD: ivpsvmgr.exe - Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updates. *** POSSIBLE THREAT: winsvc.exe. *** POSSIBLE THREAT: netsvc.exe. *** POSSIBLE THREAT: netsvc.exe. *** GOOD: W3dbsmgr.exe. *** POSSIBLE THREAT: rasmngr.exe. *** GOOD: sqlmangr.exe. *** POSSIBLE THREAT: SERVICEMGR.EXE. *** POSSIBLE THREAT: dxsound.exe. *** POSSIBLE THREAT: service.exe. *** POSSIBLE THREAT: userint32.exe. *** POSSIBLE THREAT: localsvc.exe. *** POSSIBLE THREAT: msgs.exe. *** POSSIBLE THREAT: msnmrg.exe. *** POSSIBLE THREAT: netsvc.exe. *** POSSIBLE THREAT: spoolsvc.exe. *** POSSIBLE THREAT: svcadmin.exe. *** POSSIBLE THREAT: svcman.exe. *** POSSIBLE THREAT: svcmgr32.exe. *** POSSIBLE THREAT: svcrun.exe. *** POSSIBLE THREAT: tcpsvc.exe. *** POSSIBLE THREAT: websvc.exe. *** POSSIBLE THREAT: taskmgr.exe . | Autoloading programs from Registry or Startup group | |
| FIX IF UNKNOWN | O8 - Extra context menu item: E&ksporter til Micr osoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11 \EXCEL.EXE/3000 | Fix it, if you don't recognize the name of the item in IE's right-click menu. | Extra items in IE right-click menu | |
| FIX IF UNKNOWN | O9 - Extra button: (no name) - {08B0E5C0-4FCB-11C F-AAA5-00401C608501} - C:\Programfiler\Java\jre1. 6.0_03\bin\ssv.dll | Fix it, if you don't recognize the button or menuitem (in the IE menu). | Extra buttons or menu-items on main IE toolbar | Google Castlecops |
| FIX IF UNKNOWN | O9 - Extra 'Tools' menuitem: Sun Java Console - { 08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Progra mfiler\Java\jre1.6.0_03\ bin\ssv.dll | Fix it, if you don't recognize the button or menuitem (in the IE menu). | Extra buttons or menu-items on main IE toolbar | Google Castlecops |
| FIX IF UNKNOWN | O9 - Extra button: Oppslag - {92780B25-18CC-41C8- B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE1 1\REFIEBAR.DLL | Fix it, if you don't recognize the button or menuitem (in the IE menu). | Extra buttons or menu-items on main IE toolbar | Google Castlecops |
| UNDETERMINED | O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA 2-40F1-9C6B-12A255F085E1} - C:\Programfiler\Party Gaming\PartyPoker\RunApp .exe (file missing) | Fix it, if you don't recognize the button or menuitem (in the IE menu). ***USERLIST: Poker programs should usually be fixed, unless you want them to be there. | Extra buttons or menu-items on main IE toolbar | Google Castlecops |
| UNDETERMINED | O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7 FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programf iler\PartyGaming\PartyPo ker\RunApp.exe (file mis sing) | Fix it, if you don't recognize the button or menuitem (in the IE menu). ***USERLIST: Poker programs should usually be fixed, unless you want them to be there. | Extra buttons or menu-items on main IE toolbar | Google Castlecops |
| FIX IF UNKNOWN | O9 - Extra button: (no name) - {e2e2dd38-d088-413 4-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnos tic\xpnetdiag.exe | Fix it, if you don't recognize the button or menuitem (in the IE menu). | Extra buttons or menu-items on main IE toolbar | Google Castlecops |
| FIX IF UNKNOWN | O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WI NDOWS\Network Diagnostic \xpnetdiag.exe | Fix it, if you don't recognize the button or menuitem (in the IE menu). | Extra buttons or menu-items on main IE toolbar | Google Castlecops |
| FIX IF UNKNOWN | O9 - Extra button: Messenger - {FB5F1910-F110-11d 2-BB9E-00C04F795683} - C:\Programfiler\Messenger\ msmsgs.exe | Fix it, if you don't recognize the button or menuitem (in the IE menu). | Extra buttons or menu-items on main IE toolbar | Google Castlecops |
| FIX IF UNKNOWN | O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Progr amfiler\Messenger\msmsgs .exe | Fix it, if you don't recognize the button or menuitem (in the IE menu). | Extra buttons or menu-items on main IE toolbar | Google Castlecops |
| UNDETERMINED | O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microso ft.com/microsoftu...b?11 85722149312 | You may check the CLSID using SpywareBlaster's database, or try the Castlecops website. | ActiveX Objects (aka Downloaded Program Files) | Google Castlecops |
| UNDETERMINED | O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftwa re.com/activescanpro/as5 /asproinst.cab | You may check the CLSID using SpywareBlaster's database, or try the Castlecops website. | ActiveX Objects (aka Downloaded Program Files) | Google Castlecops |
| FIX (CHECK NOTES!) | O20 - Winlogon Notify: eulalib - C:\WINDOWS\Regis tration\CRMLog\eulalib.dll (file missing) | O20s are usually (not always) malicious and should be fixed. | AppInit_DLLs Registry value autorun | Google Castlecops |
| UNDETERMINED | O23 - Service: Norman eLogger service 6 (eLoggerS vc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE | O23s should also appear in MSCONFIG. If malicious, the full name is often important sounding, while the filename is garbage. Use Delete NT Service after fixing a malicious O23! | NT Services | Google Castlecops |
| UNDETERMINED | O23 - Service: Google Updater Service (gusvc) - G oogle - C:\Programfiler\Google\Common\Google Upda ter\GoogleUpdaterService .exe | O23s should also appear in MSCONFIG. If malicious, the full name is often important sounding, while the filename is garbage. Use Delete NT Service after fixing a malicious O23! | NT Services | Google Castlecops |
| UNDETERMINED | O23 - Service: InstallDriver Table Manager (IDriv erT) - Macrovision Corporation - C:\Programfiler\ Fellesfiler\InstallShiel d\Driver\1050\Intel 32\I DriverT.exe | O23s should also appear in MSCONFIG. If malicious, the full name is often important sounding, while the filename is garbage. Use Delete NT Service after fixing a malicious O23! | NT Services | Google Castlecops |
| UNDETERMINED | O23 - Service: Norman NJeeves - Unknown owner - C :\Norman\Npm\bin\NJEEVES.EXE | O23s should also appear in MSCONFIG. If malicious, the full name is often important sounding, while the filename is garbage. Use Delete NT Service after fixing a malicious O23! | NT Services | Google Castlecops |
| UNDETERMINED | O23 - Service: Norman ZANDA - Norman ASA - C:\Nor man\Npm\Bin\Zanda.exe | O23s should also appear in MSCONFIG. If malicious, the full name is often important sounding, while the filename is garbage. Use Delete NT Service after fixing a malicious O23! | NT Services | Google Castlecops |
| UNDETERMINED | O23 - Service: Norman Virus Control on-access com ponent (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\ nvcoas.exe | O23s should also appear in MSCONFIG. If malicious, the full name is often important sounding, while the filename is garbage. Use Delete NT Service after fixing a malicious O23! | NT Services | Google Castlecops |
| UNDETERMINED | O23 - Service: Norman Virus Control Scheduler (NV CScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCS CHED.EXE | O23s should also appear in MSCONFIG. If malicious, the full name is often important sounding, while the filename is garbage. Use Delete NT Service after fixing a malicious O23! | NT Services | Google Castlecops |