Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of the dreaded NCH Software ......


  • Please log in to reply
10 replies to this topic

#1 CleaningFrenzy

CleaningFrenzy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 13 January 2014 - 02:20 PM

Have run Adwcleaner a few times and every time it says that:
 
- under Files, it has found C:\Windows\System32\Tasks\NCH Software
- and under Registry it has found HKLM\Software\DeviceVM
 
I tell it to Clean and it does, then reboots - the resulting .txt file says that the above have been removed, but on running another Adwcleaner then Scan again it reports that they are back!
 
Three questions:
 
(i) Are they harmful?
(ii) If they are harmful, in what way are they harmful?
(iii) how do I remove them if they are harmful?
 
Thanks! :)

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due to the absence of any malware logs included with this topic. ~ Animal


Edited by CleaningFrenzy, 13 January 2014 - 03:20 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:45 AM

Posted 13 January 2014 - 03:12 PM

Hello -

Have you downloaded any music or sound apps ?? This is basically what the program is involved with.

 

A link to their main site Is Here

Please follow http://www.nch.com.au/general/uninstall.html#AAA <= Uninstall instructions.

 

Thank You -

Edited to check site -


Edited by noknojon, 13 January 2014 - 03:15 PM.


#3 CleaningFrenzy

CleaningFrenzy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 13 January 2014 - 03:20 PM

I don't recall downloading any of their music or sound apps.

 

Have checked under Control Panel|Uninstall Programs and I have a few orphaned NCH program entries but removing these doesn't help.

 

Any other ideas please?

 

Many thanks



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:45 AM

Posted 13 January 2014 - 03:41 PM

Hi -

Always allow for a full shutdown and restart after you remove these add ons.

 

Looks like we need to have a deeper view at this -

 

First -

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.

 

Next -

Please download MiniToolBox and run it.
Checkmark following boxes:
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the result. (result.txt)

 

Last -

Clear Cache / Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
• For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

Thanks -



#5 CleaningFrenzy

CleaningFrenzy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 13 January 2014 - 05:27 PM

Thanks, now done all that.

 

Here's the Screen317 checkup.txt, followed by the MiniToolBox result.txt (have also run TFC).

 

BTW, do I need to re-run Awdcleaner?

 

 Results of screen317's Security Check version 0.99.78  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 4.2   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player     11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (26.0)
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

report.txt:

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by xxxx (administrator) on 13-01-2014 at 21:59:51
Running from "C:\Users\xxxx\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.backup.ftp", "razorproxy.com"
"network.proxy.backup.ftp_port", 80
"network.proxy.backup.gopher", "razorproxy.com"
"network.proxy.backup.gopher_port", 80
"network.proxy.backup.socks", "razorproxy.com"
"network.proxy.backup.socks_port", 80
"network.proxy.backup.ssl", "razorproxy.com"
"network.proxy.backup.ssl_port", 80
"network.proxy.ftp", "razorproxy.com"
"network.proxy.ftp_port", 8080
"network.proxy.gopher", "razorproxy.com"
"network.proxy.gopher_port", 8080
"network.proxy.http", "razorproxy.com"
"network.proxy.http_port", 8080
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "razorproxy.com"
"network.proxy.socks_port", 8080
"network.proxy.ssl", "razorproxy.com"
"network.proxy.ssl_port", 8080
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.


========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (01/13/2014 06:47:49 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (01/13/2014 06:47:49 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe AIR (Version: 3.5.0.1060)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0328.2218.38225)
AMD Media Foundation Decoders (Version: 1.0.80328.2203)
AMD Steady Video Plug-In  (Version: 2.06.0000)
AMD VISION Engine Control Center (Version: 2013.0328.2218.38225)
AMD Wireless Display v3.0 (Version: 1.0.0.10)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Avidemux 2.6 (32-bit) (Version: 2.6.4.8696)
AviSynth 2.5
Battle.net
Binary Splitter
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225)
CCC Help Czech (Version: 2013.0328.2217.38225)
CCC Help Danish (Version: 2013.0328.2217.38225)
CCC Help Dutch (Version: 2013.0328.2217.38225)
CCC Help English (Version: 2013.0328.2217.38225)
CCC Help Finnish (Version: 2013.0328.2217.38225)
CCC Help French (Version: 2013.0328.2217.38225)
CCC Help German (Version: 2013.0328.2217.38225)
CCC Help Greek (Version: 2013.0328.2217.38225)
CCC Help Hungarian (Version: 2013.0328.2217.38225)
CCC Help Italian (Version: 2013.0328.2217.38225)
CCC Help Japanese (Version: 2013.0328.2217.38225)
CCC Help Korean (Version: 2013.0328.2217.38225)
CCC Help Norwegian (Version: 2013.0328.2217.38225)
CCC Help Polish (Version: 2013.0328.2217.38225)
CCC Help Portuguese (Version: 2013.0328.2217.38225)
CCC Help Russian (Version: 2013.0328.2217.38225)
CCC Help Spanish (Version: 2013.0328.2217.38225)
CCC Help Swedish (Version: 2013.0328.2217.38225)
CCC Help Thai (Version: 2013.0328.2217.38225)
CCC Help Turkish (Version: 2013.0328.2217.38225)
ccc-utility (Version: 2013.0328.2218.38225)
CCleaner (Version: 4.07)
CoreAVC Professional Edition (remove only)
CPUID CPU-Z 1.56
CPUID HWMonitor 1.24
D3DX10 (Version: 15.4.2368.0902)
Desktop Live Streamer (Version: 0.9.2000)
Direct WAV MP3 Splitter version 2.7.0.25 (Version: 2.7.0.25)
DivX Setup (Version: 2.6.1.5)
ESET NOD32 Antivirus (Version: 4.2.64.12)
ffdshow v1.1.3326 [2010-03-19] (Version: 1.1.3326.0)
Futuremark SystemInfo (Version: 4.22.211)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
GPU Boost Driver (Version: 1.01.15)
iTunes (Version: 11.1.3.8)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
LightScribe System Software (Version: 1.18.22.2)
Logitech GamePanel Software 3.06.109 (Version: 3.06.109)
Logitech SetPoint 6.51 (Version: 6.51.8)
LSI USB 2.0 Soft Modem (Version: 2.2.102)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2000 SR-1 Professional (Version: 9.00.3821)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
MiniTool Partition Wizard Home Edition 5.2
MozBackup 1.5.1
Mozilla Firefox 26.0 (x86 en-GB) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSI Afterburner 2.3.1 (Version: 2.3.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT110 (Version: 16.4.1108.0727)
OCCT 4.4.0 (Version: 4.4.0)
OpenAL
PowerChute Personal Edition 3.0.2 (Version: 3.0.2)
Python 2.7.5 (Version: 2.7.5150)
QuickShare (Version: 1.6.1.635)
QuickTime (Version: 7.74.80.86)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.23.623.2010)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.6650)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)
Sandboxie 3.60 (32-bit)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab CYRI (Version: 4.4.26.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
UxStyle Core Beta (Version: 0.2.1.1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 2.1.2 (Version: 2.1.2)
Windows Driver Package - Sunix Co., Ltd. Golden Adapter Driver (12/20/2007 6.4.2.1) (Version: 12/20/2007 6.4.2.1)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver


========================= Devices: ================================

Name: HID-compliant game controller
Description: HID-compliant game controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 3327.18 MB
Available physical RAM: 2384.41 MB
Total Pagefile: 6652.64 MB
Available Pagefile: 4968.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:148.2 GB) NTFS
3 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
4 Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
5 Drive g: () (Fixed) (Total:465.66 GB) (Free:31.32 GB) NTFS

========================= Users: ========================================

User accounts for \\xxxx-NEW

Administrator            Guest                    xxxx


**** End of log ****
 


Edited by CleaningFrenzy, 13 January 2014 - 05:29 PM.


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:45 AM

Posted 13 January 2014 - 05:43 PM

ESET NOD32 Antivirus 4.2    Antivirus up to date!  (On Access scanning disabled!) ??From Report.

Please ensure that your Antivirus is currently Enabled and Active.

Note that the readinf is often wrong -
 

 

BTW, do I need to re-run Awdcleaner? <= This is part 2 of the clean up.

First -

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -

 

Important: Do not reboot your computer until you complete the next step.

 

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* NOW - Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
+ Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Now -

As you have Malwarebytes Anti-Malware installed, please Manually Update the program

Now run a Full Scan and post the log back here -

 

Thanks -



#7 CleaningFrenzy

CleaningFrenzy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 14 January 2014 - 05:16 AM

Regarding: "ESET NOD32 Antivirus 4.2    Antivirus up to date!  (On Access scanning disabled!)"

 

This is because I'm now running Malwarebytes Anti-Malware and I read that both it and NOD32 shouldn't be running simultaneously. Is that correct?

 

Here's the Rkill log:

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/14/2014 10:02:40 AM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 01/14/2014 10:02:46 AM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)
 

 

 

Here's the first Report from Adwcleaner:

 

# AdwCleaner v3.017 - Report created 14/01/2014 at 10:04:33
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : xxxx
# Running from : C:\Users\xxxx\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\Software\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (en-GB)

[ File : C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\f4hbwgrc.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12762 octets] - [14/11/2013 18:10:12]
AdwCleaner[R1].txt - [6694 octets] - [14/11/2013 18:34:14]
AdwCleaner[R2].txt - [1652 octets] - [13/01/2014 18:17:29]
AdwCleaner[R3].txt - [1278 octets] - [13/01/2014 18:29:23]
AdwCleaner[R4].txt - [1398 octets] - [13/01/2014 18:34:27]
AdwCleaner[R5].txt - [1458 octets] - [13/01/2014 18:45:58]
AdwCleaner[R6].txt - [1578 octets] - [13/01/2014 18:48:43]
AdwCleaner[R7].txt - [1638 octets] - [13/01/2014 19:15:16]
AdwCleaner[R8].txt - [1318 octets] - [14/01/2014 10:04:33]
AdwCleaner[S0].txt - [6834 octets] - [14/11/2013 18:34:49]
AdwCleaner[S1].txt - [1733 octets] - [13/01/2014 18:25:12]
AdwCleaner[S2].txt - [1343 octets] - [13/01/2014 18:32:16]
AdwCleaner[S3].txt - [1523 octets] - [13/01/2014 18:46:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [1618 octets] ##########
 

 

And here's the post-clean report from Adwcleaner:

 

# AdwCleaner v3.017 - Report created 14/01/2014 at 10:06:06
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : xxxx
# Running from : C:\Users\xxxx\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (en-GB)

[ File : C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\f4hbwgrc.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12762 octets] - [14/11/2013 18:10:12]
AdwCleaner[R1].txt - [6694 octets] - [14/11/2013 18:34:14]
AdwCleaner[R2].txt - [1652 octets] - [13/01/2014 18:17:29]
AdwCleaner[R3].txt - [1278 octets] - [13/01/2014 18:29:23]
AdwCleaner[R4].txt - [1398 octets] - [13/01/2014 18:34:27]
AdwCleaner[R5].txt - [1458 octets] - [13/01/2014 18:45:58]
AdwCleaner[R6].txt - [1578 octets] - [13/01/2014 18:48:43]
AdwCleaner[R7].txt - [1638 octets] - [13/01/2014 19:15:16]
AdwCleaner[R8].txt - [1698 octets] - [14/01/2014 10:04:33]
AdwCleaner[S0].txt - [6834 octets] - [14/11/2013 18:34:49]
AdwCleaner[S1].txt - [1733 octets] - [13/01/2014 18:25:12]
AdwCleaner[S2].txt - [1343 octets] - [13/01/2014 18:32:16]
AdwCleaner[S3].txt - [1523 octets] - [13/01/2014 18:46:37]
AdwCleaner[S4].txt - [1623 octets] - [14/01/2014 10:06:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1683 octets] ##########
 

 

 

I've also just run Adwcleaner again and C:\Windows\System32\Tasks\NCH Software and HKLM\Software\DeviceVM have returned ...................


Edited by CleaningFrenzy, 14 January 2014 - 06:35 AM.


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:45 AM

Posted 14 January 2014 - 06:50 AM

ESET NOD32 Antivirus 4.2 and Mbam generally play OK together (several members use them)

 

DivX Setup (Version: 2.6.1.5) <= This is the program (as listed)

Direct WAV MP3 Splitter version 2.7.0.25 (Version: 2.7.0.25) <= This is where it is from I think.

 

Open AL basic description from sevenforums.

 

 

NOW - See the Bottom Comment First -

 

If C:\Windows\System32\Tasks\NCH Software is a major concern to you, go to Accessories > Windows Explorer > C: Drive > Programs and Right click > Delete it.

However I do not think it is a "severe" infection, rather than an item that will always show up.

This often happens with programs that are picked up, but do not actually need removal.

 

You can try this similar program -

 

Please download Junkware Removal Tool by thisisu and save it to your Desktop.
* Close all open programs and shut down any protection/security software now to avoid potential conflicts.
* Double-click on JRT.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
* Copy and paste the contents of JRT.txt in your next reply.
These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entires (values, keys)

 

 

Java 7 Update 25  -  Java version out of Date!
Java Auto Updater <= Go Control Panel > Java icon and open it. Click Update, then remove all old versions from Programs and Features.

 

 

A safer way to check this program is this way with Autoruns.

 

Download Autoruns to your desktop
Double click on Autoruns exe.
Allow the program to fully populate (this will take a few minutes)

Go > File > Save > Save as Autoruns.txt > File Type > All Files
Save to Desktop
Copy and Paste the Autoruns.txt back here

 

Thanks -


Edited by noknojon, 14 January 2014 - 06:52 AM.


#9 CleaningFrenzy

CleaningFrenzy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 14 January 2014 - 08:05 AM

Thanks - have re-enabled NOD32 etc and also deleted the NCH Software folder as you suggested.

 

As you don't think it's harmful I think I'll leave it at that  - I've spent hours on this now and I think i've had enough. :)

 

MANY thanks for your help. :D



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:45 AM

Posted 14 January 2014 - 03:50 PM

No problem -

I was just going to use Autoruns to Disable it and not remove it.

You may need it for something else.

 

Regards -



#11 HydroxCookieHoax

HydroxCookieHoax

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 27 January 2016 - 03:13 PM

NCH Software is taking steps in the right direction:

(Page added Jan 2016)

 

http://www.nch.com.au/software/safety-guarantee.html






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users