Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"NCH Software Suite" and "Graphics Related Programs" Where did they come from?


  • Please log in to reply
14 replies to this topic

#1 smoketwibz

smoketwibz

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester, MN
  • Local time:09:17 AM

Posted 18 January 2014 - 09:55 PM

I was instructed to post this here, by "boopme", after posting in the "Am I Infected" forum.  Here is a link to the topic I started, and the text from my original post is below the link.

 

http://www.bleepingcomputer.com/forums/t/520818/nch-software-suite-and-graphics-related-programs-where-did-they-come-from/

 

Update/Edit:

 

Boopme said it looked like the problem is with system file errors.  This reminded me of a question that I wanted to post on this website, but I haven't got around to it.  Whenever I run "scannow /sfc" it gets to about 95% and then I get a message saying, "Insert your Windows XP Professional CD2 now", which is something I don't have and it's something I've never seen or heard of.  I've tried every solution that I could find, but haven't had any luck resolving the problem.  I've read countless posts where others have this exact same problem, but I haven't found one where the problem is resolved. 

 

My computer, a Gateway Desktop, came with 5 restore CDs, not a stand alone Windows XP operating system disc, but I have one that a friend gave me.  This is the disc that I use whenever I have done the "scannow /sfc".

 

---------------------------------------------- Original Post ----------------------------------------------------------------------

 

In Windows XP SP3, in the start menu, under 'All Programs', there are two shortcuts that I don't recognize and I'm pretty sure that I didn't install these programs.  I just noticed these entries today.

 

- NCH Software Suite

- Graphics Related Programs

 

About a week ago, the default program I use to view pictures changed to a program I'm 100% certain I didn't installed intentionally.  Why I didn't take action when this happened is a mystery to me.  The name of the software that is now the default picture viewer is 'Microsoft Photo Editor'.  I'm assuming this program was bundled with a recently installation of 'Microsoft Office XP Professional', but I'm not sure. 

 

(The above paragraph is something that I just realized while typing out this post)

 

I don't know if the two new entires under 'All Programs' and the change in the default picture viewing program are related, but I'm pretty sure this is the type of strange stuff that happens when a system becomes infected with malware. 

 

I have Malwarebytes installed, but I haven't ran any scans yet, mainly because I've been infected with malware before without anything being detected by it and I've been busy.  I do use 'CCleaner' several times a day, while also clearing my browsing cache and temporary files after browsing with 'Internet Explorer 8'.

 

I've also installed some Free VST's recently for a program I use for making beats.  VST's are software simulated synthesized music instruments used in Digital Audio Workstations.  I only download these VST's from two different websites, and I've never had issue with them in the past, but who can you really trust anymore? 

 

I hope the information that I provided is useful for anyone that is trying to help figure out if my computer is infected.  If there's anything I failed to mention that could be helpful, please don't hesitate to ask!

 

Thank you!

 

Updated

 

Another symptom of an infection just presented itself.  The tray icon for "Avira Free Anti-Virus' indicates that it's not currently protecting my computer, in other words, the umbrella is still shut.  I just restarted my computer and usually it takes about a minute for the umbrella icon to indicate it's protecting my computer, but it has not done this yet..  What's weird is when I double click on the icon and the program opens, it indicates that the real-time protection is enabled. 

 

I'm going to restart my computer again to see if it fixes itself.....

 

I also did a 'quick' scan with Malwarebytes and it didn't find anything. 


Edited by smoketwibz, 19 January 2014 - 03:27 AM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,413 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:17 AM

Posted 19 January 2014 - 11:17 AM

Let's take a look :).

 

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis



#3 smoketwibz

smoketwibz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester, MN
  • Local time:09:17 AM

Posted 19 January 2014 - 09:08 PM

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Owner (administrator) on 19-01-2014 at 20:04:02
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (01/18/2014 10:51:50 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (01/18/2014 10:51:50 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (01/18/2014 10:49:51 PM) (Source: Service Control Manager) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/18/2014 10:49:50 PM) (Source: Service Control Manager) (User: )
Description: The Avira Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 3.3.0.29625)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Agares RackA3 v1.0
Audacity 2.0.3 (Version: 2.0.3)
Avira Free Antivirus (Version: 14.0.2.286)
Beatscape 1.0.2 (Version: 1.0.2)
Blue Cat's Chorus VST 4.01 (Version: 4.01)
Blue Cat's Flanger VST 3.01 (Version: 3.01)
Blue Cat's Freeware Pack VST 2.01 (Version: 2.01)
Blue Cat's FreqAnalyst VST 2.01 (Version: 2.01)
Blue Cat's Gain Suite VST 3.01 (Version: 3.01)
Blue Cat's Phaser VST 3.01 (Version: 3.01)
Blue Cat's Triple EQ VST 4.01 (Version: 4.01)
Cakewalk VST Adapter 4
Camel Audio Alchemy (Version: 1.55.0)
CCleaner (Version: 4.09)
Creative Audio Control Panel (Version: 2.00)
Creative Console Launcher
Creative Software AutoUpdate (Version: 1.40)
Creative System Information
Creative WaveStudio 7 (Version: 7.14)
daHornet Version 1.34
Digital Media Reader (Version: 1.10)
Dimension Pro 1.2 (Version: 1.2)
Dimension Pro 1.2 (Version: 18.0)
DreamStation DXi2
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
Edirol HQ Orchestral VSTi v1.03
ESET Online Scanner v3
FileASSASSIN (Version: 1.06)
Free PDF Tablet (Version: 0.1)
Free YouTube to MP3 Converter version 3.12.12.827 (Version: 3.12.12.827)
Google Chrome (Version: 31.0.1650.63)
Google Earth (Version: 7.1.1.1580)
ImageWalker 2.01 (remove only)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Adapters and Drivers
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
K-Lite Codec Pack 9.9.0 (Full) (Version: 9.9.0)
LAME v3.99.3 (for Windows)
LiveSynth Pro SE (DXi)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2005 (Version: 14)
Microsoft Office XP Professional (Version: 10.0.2627.01)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (Version: 8.00.761)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WinUsb 2.0
Microsoft Works (Version: 08.04.0623)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Keyboard Driver
Native Instruments Guitar Rig 3
Native Instruments Guitar Rig 3 (Version: 3.2.1.004)
Native Instruments Service Center
Native Instruments Service Center (Version: 2.0.6.001)
Nero 6 Ultra Edition
Nomad Bundle VST (Version: 2.00.0000)
OpenAL
Paint.NET v3.5.10 (Version: 3.60.0)
PokerStars
PowerDVD
PSP VintageWarmer 2.0.0 (Version: 2.0.0)
QuickTime
Rapture 1.1 (Version: 1.1)
reFX Nexus VSTi RTAS v2.2.0
Revo Uninstaller 1.95 (Version: 1.95)
Segoe UI (Version: 14.0.4327.805)
SONAR 3 Producer Edition
SONAR 7 Producer Edition (Version: 15.0)
SONAR 8.5 Producer (Version: 18.0)
Sonic Encoders (Version: 1.00)
Sound Blaster X-Fi (Version: 1.0)
SoundFont Bank Manager (Version: 3.21)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 1.6.2)
Steinberg VST Classics 1 (Version: 1.0.0)
Studio Instruments 1.0 (Version: 1.0)
Super TextTwist
SUPERAntiSpyware (Version: 5.6.1014)
Synful Orchestra DXi/VSTi v2.0
System Requirements Lab for Intel (Version: 4.5.15.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Virtual Sound Canvas DXi
VLC media player 2.1.2 (Version: 2.1.2)
Voxengo SPAN (Version: 2.7)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.63 )
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 5.00 beta 2 (32-bit) (Version: 5.00.2)
Wise Video Downloader 1.36 (Version: 1.36)
Z3TA+ 2 (Version: 2.0)

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 2022.59 MB
Available physical RAM: 1354.89 MB
Total Pagefile: 3914.21 MB
Available Pagefile: 3224.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.52 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:591.67 GB) (Free:91.99 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:4.5 GB) (Free:2.04 GB) FAT32

========================= Users: ========================================

User accounts for \\YOUR-67647CD4CE

Administrator            ASPNET                   Guest                   
HelpAssistant            Owner                    SUPPORT_388945a0        

**** End of log ****

 

http://speccy.piriform.com/results/5BDHKWPOimREMj7VPjdBF1z



#4 JohnC_21

JohnC_21

  • Members
  • 22,971 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 20 January 2014 - 12:20 PM

"Insert your Windows XP Professional CD2" Are the 5 disk set of recovery CD's that came with your computer "Windows Media Center Edition"? They came in a 2CD set. When SP3 is installed, the OS still remembers the 2 disk install and after SP3 is installed it still remembers this. Slipstreaming SP3 into MCE is not supported so it's kind of a Catch22. You can't slipstream a MCE disk with SP3 and using a normal SP3 XP install disk will not work because the computer remembers the install of the 2 disks.

 

Microsoft Photo Editor is part of Office.

 

From what I have read nch software is legitimate. It also offers free VST's. But, it does stealth installs also.

 

But I only bought one app…

But, when I paid for and installed this program, Switch, an audio format conversion application, along with their free image editor, I got a surprise. 

When I clicked on Start and chose the All Programs menu to verify that Switch had successfully installed, I was totally blown away.  The NCH installers had installed thirteen folders embedded within one called NCH Software Suite!  Then I found another folder in the All Programs listing, called Graphics Related Programs, and there were three folders embedded within it!

 



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,413 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:17 AM

Posted 20 January 2014 - 01:13 PM

WiseCleaners is a known developer of obnoxious registry cleaning products...I would uninstall anythng with the word "Wise" as part of the title description.

 

Comments above by John re NCH are on target...IME, they will install unwanted items on system.  Both of the folders you mention probably relate to NCH install, they seem to offer many programs to unsuspecting users.  See http://www.nchsoftware.com/software/index.html .

 

Seems that you also have had Iobit products on your system, not a good thing.  Although products now seem to be removed...no way telling what harm may have been done by use.

 

While it has been believed that Media Center and XP Pro are virtually the same...that doesn't seem to be true...there are various instances of OEM systems installed with MCE...which have encountered the request for CD 2 of XP Pro.  Of course...if the system had been installed with XP Pro, the obvious answer would be to simply do a repair install.  You have a problem in that you were not provided XP Pro disks, but MCE disks.

 

If you want to continue with that system, I would suggest using the Gateway restore to factory defaults option provided by the recovery disks that came with the system.

 

Worth reading, IMO:  http://www.updatexp.com/scannow-sfc.html .

 

Louis



#6 smoketwibz

smoketwibz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester, MN
  • Local time:09:17 AM

Posted 20 January 2014 - 03:23 PM

Thanks for the help guys. 

 

I removed the Wise Video Downloader.  IObits is malicious software, or just not recommended?

 

Just to be clear ... You are recommending a full system recovery?


Edited by smoketwibz, 20 January 2014 - 03:26 PM.


#7 JohnC_21

JohnC_21

  • Members
  • 22,971 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 20 January 2014 - 03:34 PM

I don't know if I would exactly call IOBit software malicious. I have used it. But there is a lot of bad history with IOBit especially in regards to it's use of Malwarebyte's database.

#8 smoketwibz

smoketwibz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester, MN
  • Local time:09:17 AM

Posted 20 January 2014 - 03:43 PM

Thanks for clarifying.  I'll do some research into this.  This sort of thing fascinates me. 



#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,413 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:17 AM

Posted 20 January 2014 - 03:45 PM

I'm not "recommending" anything, just saying what I would do in your situation (if such was possiblel).  You haven't reported any system problems so there is really no basis for recommending anything other than fundamental advice regarding computer usage.

 

BC does not support any use of registry cleaners/optimizers.  Not only are such programs unnecessary but the fact that they removed regsitry entries that don't have to be removed and users have no clue as to what these programs are removing...well, systems tend to develop problems that they did not have before.

 

IMO, Iobit and other developers of such programs...do a disservice to the field of computing and, based on that opinion, I would never suggest to anyone to install any product developed/hawked by them.

 

Microsoft support policy for the use of registry cleaning utilities - http://support.microsoft.com/kb/2563254

 

Registry cleaner - Wikipedia, the free encyclopedia - http://en.wikipedia.org/wiki/Registry_cleaner

 

Registry Cleaner FAQ, PC Support - http://pcsupport.about.com/od/registry-cleaner/a/registry-cleaner-faq.htm

 

Bottom line:  It's your system, you can do as you like with it.  I suggested using the recovery disks...because it seems that you are incapable of running the sfc /scannow command or doing a repair install (which would accomplish the same objective)...and I assume that something must have prodded you to try to run the sfc /scannow command.

 

Louis

 

Note:  Malicious software...isn't the only kind that should never be installed on a system.  Adware isn't malicious, it's just uninvited and unwanted.  Browser add-ons are necessarily malicious, but they are unnecessary and can facilitate a path for malware.  Junkware...well, it's not malicious but it's just not beneficial to using the system or the user.  Users cannot just be satisfied with not being infected...if they want to maximize the enjoyment that is obtained from the use of computer systems...IMO :).


Edited by hamluis, 20 January 2014 - 03:52 PM.


#10 smoketwibz

smoketwibz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester, MN
  • Local time:09:17 AM

Posted 20 January 2014 - 03:51 PM

I'm not "recommending" anything, just saying what I would do in your situation (if such was possiblel).  You haven't reported any system problems so there is really no basis for recommending anything other than fundamental advice regarding computer usage.

 

BC does not support any use of registry cleaners/optimizers.  Not only are such programs unnecessary but the fact that they removed regsitry entries that don't have to be removed and users have no clue as to what these programs are removing...well, systems tend to develop problems that they did not have before.

 

IMO, Iobit and other developers of such programs...do a disservice to the field of computing and, based on that opinion, I would never suggest to anyone to install any product developed/hawked by them.

 

Microsoft support policy for the use of registry cleaning utilities - http://support.microsoft.com/kb/2563254

 

Registry cleaner - Wikipedia, the free encyclopedia - http://en.wikipedia.org/wiki/Registry_cleaner

 

Registry Cleaner FAQ, PC Support - http://pcsupport.about.com/od/registry-cleaner/a/registry-cleaner-faq.htm

 

Bottom line:  It's your system, you can do as you like with it.  I suggested using the recovery disks...because it seems that you are incapable of running the sfc /scannow command or doing a repair install (which would accomplish the same objective)...and I assume that something must have prodded you to try to run the sfc /scannow command.

 

Louis

 

I haven't used SFC on this particular install of windows.  I have used it in the past, but I have since done a full system recovery.  I was only asking because I assumed that running SFC is where this was going. 

 

It's weird to me that people with MCE cannot use SFC. 

 

Thanks for your help, and forgive my ignorance.



#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,413 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:17 AM

Posted 20 January 2014 - 04:01 PM

Well...let's just say that MCE was a short-lived experience in the world of computing and I never really understood why it was created as a Windows version.  But it stands out there on its own, unlike XP Home and XP Pro, which were introduced at just about the same time and have more advantages, IMO, as an operating system.

 

My personal thought is that MCE was conceived to sell hardware/systems to users who didn't need a new system to get the features advertised in MCE systems...but many users weren't able to figure that out...and bought MCE systems, thinking that there was "something" distinctly different about them.  There wasn't/isn't.

 

Louis



#12 smoketwibz

smoketwibz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester, MN
  • Local time:09:17 AM

Posted 20 January 2014 - 04:08 PM

I can't believe I actually bought a system that didn't come with actual OS disks. 

 

One more question ... Could I copy the contents of the i386 folder from the recovery disks to my hard drive, and then redirect SFC to scan where I copied the i386 files?  I think this has been answered, but I'm not sure.  I think in order for that to work I'd have to uninstall SP3 or something...  right?



#13 hamluis

hamluis

    Moderator


  • Moderator
  • 55,413 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:17 AM

Posted 20 January 2014 - 04:30 PM

I can't say whether that would work or not...it works for XP Home and XP Pro systems, when done properly...but it should be worth a try.

 

How to perform a SFC -SCANNOW without the CD - TeachNovice Q&A - http://www.teachnovice.com/152/how-to-perform-a-sfc-scannow-without-the-cd

 

How to Run System File Checker (sfc -scannow) without a Windows XP disc - http://forum.kitz.co.uk/index.php?topic=3103.0

 

Louis



#14 smoketwibz

smoketwibz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester, MN
  • Local time:09:17 AM

Posted 20 January 2014 - 04:31 PM

Thank you for your prompt replies and help!



#15 hamluis

hamluis

    Moderator


  • Moderator
  • 55,413 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:17 AM

Posted 20 January 2014 - 04:36 PM

I try :).

 

Happy computing :).

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users