Author Topic: Help removing NCH software  (Read 2000 times)

Offline avastreally?

  • Full Member
  • ***
  • Posts: 145
    • Personal Message (Offline)
Help removing NCH software
« on: December 02, 2013, 10:26:00 AM »
Hi, i ran adwcleaner and found a nch entry and prompt delte and restart, after scanning again the task its back

# AdwCleaner v3.014 - Report created 01/12/2013 at 18:17:40
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : PatricK - PATRICK-PC
# Running from : C:\Users\PatricK\Desktop\Marvin Gaye\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

[ File : C:\Users\PatricK\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\PatricK\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [939 octets] - [01/12/2013 18:06:03]
AdwCleaner[R1].txt - [860 octets] - [01/12/2013 18:17:40]
AdwCleaner[S0].txt - [1001 octets] - [01/12/2013 18:07:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [979 octets] ##########
Intel Celeron E3300 Dual Core/ 3GB Ram/ Windows 7 Ultimate 32bit SP1/ Avast Free 2013 9.0.2006/ Comodo Firewall 6.3/ Google Chrome 30.0.1599.101/ Adblock Plus/ Web of Trust/ Bitdefender Traffic Light/ DoNotTrackMe/ LastPass/ Malwarebytes Pro 1.75/ SuperAntiSpyware Free 5.6/ SpywareBlaster/ Malwarebytes Anti-Exploit/ Key Scrambler Free/ Sandboxie 4.04/

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21774
  • Gender: Male
    • Personal Message (Offline)
Re: Help removing NCH software
« Reply #1 on: December 02, 2013, 10:39:57 AM »
have you tried to run it from safe mode...
does MBAM detect it...

if not attach a OTL diagnostic log and wait for essexboy to arrive later today

the file seems to be something to do with a audio/video software ..... google the name



« Last Edit: December 02, 2013, 10:42:50 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Online magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3246
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Online)
Re: Help removing NCH software
« Reply #2 on: December 02, 2013, 11:04:01 AM »
Quote
File Found : C:\Windows\System32\Tasks\NCH Software
This is leftover task. Non-active task ...

Quote
-\\ Mozilla Firefox v
[ File : C:\Users\PatricK\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]

It is deleted the profile file firefox related. The result of this is when firefox load next time if he can't find prefs settings it shall create it again with default settings.
Or in translation, FF did a half-reset itself. AdwC did not detect nothing important. The same goes for Chrome

But if you want to check the system, follow Pondus advice.

Offline avastreally?

  • Full Member
  • ***
  • Posts: 145
    • Personal Message (Offline)
Re: Help removing NCH software
« Reply #3 on: December 02, 2013, 08:48:31 PM »
have you tried to run it from safe mode...
does MBAM detect it...

if not attach a OTL diagnostic log and wait for essexboy to arrive later today

the file seems to be something to do with a audio/video software ..... google the name
Havent tried safe mode, MBAM , hitmanpro, SAS,Avast (modified to high settings) all come back clean
:)
but ive ran adwcleaner alot since last week and its usually clean (nch software usually popups up but not in system32)
Intel Celeron E3300 Dual Core/ 3GB Ram/ Windows 7 Ultimate 32bit SP1/ Avast Free 2013 9.0.2006/ Comodo Firewall 6.3/ Google Chrome 30.0.1599.101/ Adblock Plus/ Web of Trust/ Bitdefender Traffic Light/ DoNotTrackMe/ LastPass/ Malwarebytes Pro 1.75/ SuperAntiSpyware Free 5.6/ SpywareBlaster/ Malwarebytes Anti-Exploit/ Key Scrambler Free/ Sandboxie 4.04/

Offline avastreally?

  • Full Member
  • ***
  • Posts: 145
    • Personal Message (Offline)
Re: Help removing NCH software
« Reply #4 on: December 02, 2013, 08:55:13 PM »
Quote
File Found : C:\Windows\System32\Tasks\NCH Software
This is leftover task. Non-active task ...

Quote
-\\ Mozilla Firefox v
[ File : C:\Users\PatricK\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]

It is deleted the profile file firefox related. The result of this is when firefox load next time if he can't find prefs settings it shall create it again with default settings.
Or in translation, FF did a half-reset itself. AdwC did not detect nothing important. The same goes for Chrome

But if you want to check the system, follow Pondus advice.
about nch i check the folder and its contains 0 bytes and one of the group user name is CREATOR OWNER (though this account does have any ticked privileges), i posted it here because i ran adwcleaner alot since last 2 weeks and its popped up nch but nothing system32 related (only registry) and after than the log where clean, then this week i saw this popup so i was wondering how come especially since its in system32
but you say its no active so dont worry about it?
I havent had firefox for a long while, so i can delete the appdata entry? ( though chrome cpu usage has been off the charts when loading pages , jump to 90+ percent then dips ever since i updated)
Intel Celeron E3300 Dual Core/ 3GB Ram/ Windows 7 Ultimate 32bit SP1/ Avast Free 2013 9.0.2006/ Comodo Firewall 6.3/ Google Chrome 30.0.1599.101/ Adblock Plus/ Web of Trust/ Bitdefender Traffic Light/ DoNotTrackMe/ LastPass/ Malwarebytes Pro 1.75/ SuperAntiSpyware Free 5.6/ SpywareBlaster/ Malwarebytes Anti-Exploit/ Key Scrambler Free/ Sandboxie 4.04/

Offline avastreally?

  • Full Member
  • ***
  • Posts: 145
    • Personal Message (Offline)
Re: Help removing NCH software
« Reply #5 on: December 03, 2013, 09:33:53 PM »
bump
Intel Celeron E3300 Dual Core/ 3GB Ram/ Windows 7 Ultimate 32bit SP1/ Avast Free 2013 9.0.2006/ Comodo Firewall 6.3/ Google Chrome 30.0.1599.101/ Adblock Plus/ Web of Trust/ Bitdefender Traffic Light/ DoNotTrackMe/ LastPass/ Malwarebytes Pro 1.75/ SuperAntiSpyware Free 5.6/ SpywareBlaster/ Malwarebytes Anti-Exploit/ Key Scrambler Free/ Sandboxie 4.04/

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21774
  • Gender: Male
    • Personal Message (Offline)
Re: Help removing NCH software
« Reply #6 on: December 03, 2013, 09:36:27 PM »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline avastreally?

  • Full Member
  • ***
  • Posts: 145
    • Personal Message (Offline)
Re: Help removing NCH software
« Reply #7 on: December 04, 2013, 01:10:51 AM »
 ::)
Intel Celeron E3300 Dual Core/ 3GB Ram/ Windows 7 Ultimate 32bit SP1/ Avast Free 2013 9.0.2006/ Comodo Firewall 6.3/ Google Chrome 30.0.1599.101/ Adblock Plus/ Web of Trust/ Bitdefender Traffic Light/ DoNotTrackMe/ LastPass/ Malwarebytes Pro 1.75/ SuperAntiSpyware Free 5.6/ SpywareBlaster/ Malwarebytes Anti-Exploit/ Key Scrambler Free/ Sandboxie 4.04/

Offline plsrepli

  • Full Member
  • ***
  • Posts: 102
    • Personal Message (Offline)
Re: Help removing NCH software
« Reply #8 on: December 04, 2013, 01:19:43 AM »
I can confirm that NCH software does place something on your PC but I'm not sure what I would call it. Specifically, I noticed a link to their website kept reappearing in Firefox and this CNET review also warns of browser hijacking as well. I fixed mine with an image restoral but I'm sure there are other ways to deal with this issue so good luck.

http://download.cnet.com/VideoPad-Video-Editor-Professional/3000-13631_4-10906278.html

Offline avastreally?

  • Full Member
  • ***
  • Posts: 145
    • Personal Message (Offline)
Re: Help removing NCH software
« Reply #9 on: December 05, 2013, 01:12:52 AM »
I can confirm that NCH software does place something on your PC but I'm not sure what I would call it. Specifically, I noticed a link to their website kept reappearing in Firefox and this CNET review also warns of browser hijacking as well. I fixed mine with an image restoral but I'm sure there are other ways to deal with this issue so good luck.

http://download.cnet.com/VideoPad-Video-Editor-Professional/3000-13631_4-10906278.html
Yup, even amazon has some weird bots running in the firewall even when your are not on the site
the thing is i dont know any active nch software is have , ill have to check again
thanks for the input
waiting for log reply from the guys
Intel Celeron E3300 Dual Core/ 3GB Ram/ Windows 7 Ultimate 32bit SP1/ Avast Free 2013 9.0.2006/ Comodo Firewall 6.3/ Google Chrome 30.0.1599.101/ Adblock Plus/ Web of Trust/ Bitdefender Traffic Light/ DoNotTrackMe/ LastPass/ Malwarebytes Pro 1.75/ SuperAntiSpyware Free 5.6/ SpywareBlaster/ Malwarebytes Anti-Exploit/ Key Scrambler Free/ Sandboxie 4.04/

Online magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3246
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Online)
Re: Help removing NCH software
« Reply #10 on: December 05, 2013, 05:15:19 PM »
Re-run OTL.exe.

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]

:FILES
C:\Users\PatricK\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi
C:\Users\PatricK\Desktop\*.tmp

:OTL
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.

:COMMANDS
[CREATERESTOREPOINT]
[EMPTYTEMP]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn't appear, it can be found here:

c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log







  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



---------------------------------------


Any improvements?

Offline avastreally?

  • Full Member
  • ***
  • Posts: 145
    • Personal Message (Offline)
Re: Help removing NCH software
« Reply #11 on: December 06, 2013, 08:18:02 AM »
JRT log too big i attached it


All processes killed
========== FILES ==========
C:\Users\PatricK\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi moved successfully.
C:\Users\PatricK\Desktop\~WRL1853.tmp moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
 
User: HomeGroupUser$
->Temp folder emptied: 0 bytes
 
User: PatricK
->Temp folder emptied: 3145626 bytes
->Temporary Internet Files folder emptied: 1425463 bytes
->Google Chrome cache emptied: 347622534 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14439046 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 350.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12052013_162713

Files\Folders moved on Reboot...
C:\Users\PatricK\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
« Last Edit: December 06, 2013, 08:28:44 AM by avastreally? »
Intel Celeron E3300 Dual Core/ 3GB Ram/ Windows 7 Ultimate 32bit SP1/ Avast Free 2013 9.0.2006/ Comodo Firewall 6.3/ Google Chrome 30.0.1599.101/ Adblock Plus/ Web of Trust/ Bitdefender Traffic Light/ DoNotTrackMe/ LastPass/ Malwarebytes Pro 1.75/ SuperAntiSpyware Free 5.6/ SpywareBlaster/ Malwarebytes Anti-Exploit/ Key Scrambler Free/ Sandboxie 4.04/

Online magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3246
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Online)
Re: Help removing NCH software
« Reply #12 on: December 06, 2013, 11:45:15 AM »
Any improvements?

Offline avastreally?

  • Full Member
  • ***
  • Posts: 145
    • Personal Message (Offline)
Re: Help removing NCH software
« Reply #13 on: December 07, 2013, 02:25:50 AM »
Any improvements?
Yes, just was wondering why nch keep pooping up in adwarecleaner , even though weeks before its was clean
the only problem now is high cpu usage from chrome (which occurs since the ewer update, cpu usage jumps to 100% each page load then drop back to 2%)
Intel Celeron E3300 Dual Core/ 3GB Ram/ Windows 7 Ultimate 32bit SP1/ Avast Free 2013 9.0.2006/ Comodo Firewall 6.3/ Google Chrome 30.0.1599.101/ Adblock Plus/ Web of Trust/ Bitdefender Traffic Light/ DoNotTrackMe/ LastPass/ Malwarebytes Pro 1.75/ SuperAntiSpyware Free 5.6/ SpywareBlaster/ Malwarebytes Anti-Exploit/ Key Scrambler Free/ Sandboxie 4.04/

Online magna86

  • Anti Malware Fighter
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 3246
  • Gender: Male
    • Ambulanta MyCity Forum - ASAP Member
    • Personal Message (Online)
Re: Help removing NCH software
« Reply #14 on: December 07, 2013, 11:01:36 AM »
Re-run AdwCleaner and click on Uninstall button.
Re-run OTL and click on CleanUp! button.

Chrome and CPU problem isn't malware related.


Cheers  ;)

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now