Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Spellchk.svc process show dialog box in a chinese language

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Spellchk.svc process show dialog box in a chinese language

Unread postby manoj469 » May 10th, 2013, 6:26 am

Problem:
Randomly a dialog box appears in chinese language. When I click on the button which looks like close in the dialog box the task stop responding. When i go to the process in the task manager it shows Spellchk.svc.exe. I need to get rid of this.

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 1/21/2013 10:17:32 PM
System Uptime: 5/10/2013 1:57:13 PM (1 hours ago)
.
Motherboard: LENOVO | | 4236RS6
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU | 775/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 161 GiB total, 88.731 GiB free.
D: is FIXED (NTFS) - 305 GiB total, 288.702 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP92: 5/10/2013 2:30:32 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
Adobe Acrobat XI Pro
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player
Apache HTTP Server 2.2.22
Apple Software Update
Bonjour
Bulk Rename Utility 2.7.1.2
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco Systems VPN Client 5.0.07.0290
Conexant 20672 SmartAudio HD
Connected Backup/PC Agent
CutePDF Writer 2.8
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Fiddler
Git version 1.8.1.2-preview20130201
GnuWin32: DiffUtils version 2.8.7
Google Chrome
Google Update Helper
GoToMeeting 5.4.0.1082
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP LJ M1530 MFP Series HP Scan
HTC Driver Installer
HTC Sync Manager
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.0.74.0
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
IntelliJ IDEA 12.0.4
IntelliJ IDEA 5.1
IntelliJ IDEA Community Edition 12.0.4
IPTInstaller
Java 7 Update 13 (64-bit)
Java 7 Update 17
Java Auto Updater
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Power Management Driver
Lenovo Screen Reading Optimizer
Lenovo System Interface Driver
Lenovo System Update
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Forefront Client Security Antimalware Service
Microsoft Forefront Client Security State Assessment Service
Microsoft Lync 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Operations Manager 2005 Agent
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWorx 5.2.6
Node.js
Notepad++
On Screen Display
OpentabUninstall
Opera 12.02
Oracle VM VirtualBox 4.2.6
Pandora Service
PHP 5.2.17
Power Manager
RICOH_Media_Driver_v2.14.18.01
Safari
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
The KMPlayer (remove only)
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkPad Wireless LAN Adapter Software
ThinkVantage Active Protection System
ThinkVantage AutoLock
ThinkVantage Communications Utility
ThinkVantage Fingerprint Software
TortoiseSVN 1.7.11.23600 (64 bit)
Total Video Converter 3.71 100812
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VLC media player 2.0.5
WinMerge 2.14.0
WinRAR archiver
WinSCP 5.1.4
Xecure speller Application
YTD Video Downloader 4.0
.
==== Event Viewer Messages From Past Week ========
.
5/9/2013 5:25:59 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
5/9/2013 5:04:38 PM, Error: Service Control Manager [7031] - The AgentService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/9/2013 3:49:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
5/8/2013 6:49:14 PM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
5/8/2013 5:05:45 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
5/8/2013 4:44:04 PM, Error: NetBT [4321] - The name "TF-NET :1d" could not be registered on the interface with IP address 10.170.10.167. The computer with the IP address 10.170.10.149 did not allow the name to be claimed by this computer.
5/7/2013 6:58:43 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain TF-NET due to the following: The RPC server is unavailable. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
5/7/2013 11:42:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MOM service to connect.
5/7/2013 11:41:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
5/7/2013 11:41:02 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/6/2013 11:24:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.
5/4/2013 4:37:24 PM, Error: Service Control Manager [7024] - The MOM service terminated with service-specific error The operation completed successfully..
5/4/2013 4:35:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
5/4/2013 4:35:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.
5/4/2013 4:34:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MOM service.
5/4/2013 4:34:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AgentService service.
5/10/2013 2:53:41 PM, Error: Service Control Manager [7031] - The AgentService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/10/2013 2:45:30 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
5/10/2013 12:12:53 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain TF-NET due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
5/10/2013 12:12:49 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
.
==== End Of File ===========================


DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2
Run by Manoj.Agarwal at 14:51:02 on 2013-05-10
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\Autonomy\Connected BackupPC\AgentService.exe
C:\Apache2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Apache2\bin\httpd.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\TpShocks.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\manoj.agarwal\AppData\Roaming\OpenTab\Opentab.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\Autonomy\Connected BackupPC\Agent.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.daum.net/
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Blog This in Windows Live v2: {3adefb8e-b923-35e6-86e2-2b7841f5d2a7} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: ¿ÀÇÂÅÇ: {DA742A73-CFA7-4DE2-BF28-1FC51CF214BC} - C:\Users\manoj.agarwal\AppData\Roaming\OpenTab\OpenTab.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: ???: {41ED1FD7-8C37-4806-AF9E-D5238A30E56F} - C:\Program Files (x86)\Speller\SpellerCtrl.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Opentab] C:\Users\manoj.agarwal\AppData\Roaming\Opentab\Opentab.exe
uRun: [Opentabhper] C:\Users\manoj.agarwal\AppData\Roaming\Opentab\Opentabhper.exe
uRun: [Opentabup] "c:\users\manoj.agarwal\appdata\roaming\opentab\opentabup.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [AgentUiRunKey] "C:\Program Files (x86)\Autonomy\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Speller] C:\Program Files (x86)\Speller\SpellerSvc.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe"
TCP: NameServer = 10.170.35.11 10.170.35.12
TCP: Interfaces\{45BC0C98-9A38-452D-AF3C-9B548324708D} : DHCPNameServer = 10.170.35.11 10.170.35.12
TCP: Interfaces\{45BC0C98-9A38-452D-AF3C-9B548324708D}\24F6F6D6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{45BC0C98-9A38-452D-AF3C-9B548324708D}\7456470297F6572702F677E60275966696C2022496473686121212 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D4716196-B993-4E8D-8808-C587241A876B} : NameServer = 10.11.228.67 10.11.228.66
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Microsoft Forefront Client Security Antimalware Service] "C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe"
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 10.27.130.202 dev217.tribalfusion.com
Hosts: 10.27.131.196 dev10.tribalfusion.com
Hosts: 10.27.128.224 dev71.tribalfusion.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\manoj.agarwal\AppData\Roaming\Mozilla\Firefox\Profiles\n8hflj7p.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-14 18:52; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-04-04 15:28; fiddlerhook@fiddler2.com; C:\Program Files\Fiddler2\FiddlerHook
FF - ExtSQL: 2013-04-16 18:48; hotfix@mozilla.org; C:\Users\manoj.agarwal\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
FF - ExtSQL: !HIDDEN! 2013-04-16 18:48; hotfix@mozilla.org; C:\Users\manoj.agarwal\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
.
============= SERVICES / DRIVERS ===============
.
R? AgentService;AgentService
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
R? DozeSvc;Lenovo Doze Mode Service
R? ew_hwusbdev;Huawei MobileBroadband USB PNP Device
R? HTCAND64;HTC Device Driver
R? htcnprot;HTC NDIS Protocol Driver
R? huawei_enumerator;huawei_enumerator
R? Power Manager DBC Service;Power Manager DBC Service
R? PwmEWSvc;Cisco EnergyWise Enabler
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
R? ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
R? StorSvc;Storage Service
R? Synth3dVsc;Synth3dVsc
R? TsUsbFlt;TsUsbFlt
R? tsusbhub;tsusbhub
R? VGPU;VGPU
R? vodafone_zte_cdc_acm;Vodafone Vodafone ZTE CDC-ACM driver (ZTE)
R? vodafone_zte_cdc_ecm;vodafone_zte_cdc_ecm
R? vodafone_zte_cpo;Vodafone Vodafone ZTE Install
R? vodafone_zte_ecm_enum;Vodafone Vodafone ZTE DC Enumerator (ZTE)
R? vodafone_zte_ecm_enum_filter;vodafone_zte_ecm_enum_filter
R? WatAdminSvc;Windows Activation Technologies Service
S? 5U877;USB Video Device
S? Apache2.2;Apache2.2
S? BTWAMPFL;BTWAMPFL
S? btwl2cap;Bluetooth L2CAP Service
S? CxAudMsg;Conexant Audio Message Service
S? DzHDD64;DzHDD64
S? FCSAM;Microsoft Forefront Client Security Antimalware Service
S? FcsSas;Microsoft Forefront Client Security State Assessment Service
S? HTCMonitorService;HTCMonitorService
S? IntcDAud;Intel(R) Display Audio
S? jhi_service;Intel(R) Identity Protection Technology Host Interface Service
S? LENOVO.CAMMUTE;Lenovo Camera Mute
S? LENOVO.MICMUTE;Lenovo Microphone Mute
S? lenovo.smi;Lenovo System Interface Driver
S? LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction
S? Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll
S? LV_Tracker;LV_Tracker
S? MOM;MOM
S? MpFilter;Microsoft Malware Protection Driver
S? PanService;PandoraService
S? PassThru Service;Internet Pass-Through Service
S? risdxc;risdxc
S? RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver
S? SAService;Conexant SmartAudio service
S? SmbDrvI;SmbDrvI
S? smihlp;SMI Helper Driver (smihlp)
S? SROSVC;Screen Reading Optimizer Service Program
S? TPDIGIMN;TPDIGIMN
S? TPHKLOAD;Lenovo Hotkey Client Loader
S? TPHKSVC;On Screen Display
S? UNS;Intel(R) Management and Security Application User Notification Service
S? vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-09 20:14:36 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{BB980147-4DA0-4BB9-A1BE-71BFB05B3B07}\mpengine.dll
2013-05-04 05:19:34 -------- d-----w- C:\ProgramData\SoftPerfect
2013-05-04 05:19:34 -------- d-----w- C:\Program Files\NetWorx
2013-04-25 11:51:32 -------- d-----w- C:\Program Files (x86)\WinSCP
2013-04-22 10:31:26 -------- d-----w- C:\Users\manoj.agarwal\AppData\Local\Broadcom
2013-04-22 10:26:16 53248 ----a-r- C:\Users\manoj.agarwal\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe
2013-04-22 10:26:16 -------- d-----w- C:\Program Files\Common Files\Lenovo
2013-04-22 10:26:12 53248 ----a-r- C:\Users\manoj.agarwal\AppData\Roaming\Microsoft\Installer\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}\ARPPRODUCTICON.exe
2013-04-22 10:26:12 -------- d-----w- C:\Program Files (x86)\Common Files\Lenovo
2013-04-22 10:21:30 39976 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2013-04-22 10:21:30 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2013-04-22 10:21:30 210984 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2013-04-22 10:21:30 184144 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2013-04-21 04:28:12 -------- d-----w- C:\Program Files (x86)\Total Video Converter
2013-04-19 21:04:32 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-04-17 10:34:47 -------- d-----w- C:\Users\manoj.agarwal\node_modules
2013-04-17 07:57:33 -------- d-----w- C:\Program Files (x86)\Git
2013-04-17 07:56:41 -------- d-----w- C:\Users\manoj.agarwal\AppData\Local\Programs
2013-04-17 04:42:23 -------- d-----w- C:\Users\manoj.agarwal\AppData\Roaming\HTC
2013-04-17 04:42:22 -------- d-----w- C:\Users\manoj.agarwal\AppData\Roaming\HTC Sync
2013-04-17 04:42:20 -------- d-----w- C:\ProgramData\HTC
2013-04-17 04:41:07 -------- d-----w- C:\Users\manoj.agarwal\AppData\Local\HTC MediaHub
2013-04-17 04:41:01 -------- d-----w- C:\ProgramData\Motorola
2013-04-17 04:40:03 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2013-04-17 04:40:03 -------- d-----w- C:\Program Files (x86)\HTC
2013-04-11 10:32:46 -------- d-----w- C:\Program Files (x86)\Speller
2013-04-11 10:32:04 -------- d-----w- C:\Users\manoj.agarwal\AppData\Roaming\FileDoumi
2013-04-11 10:31:48 -------- d-----w- C:\Program Files (x86)\Daum
2013-04-11 10:31:45 -------- d-----w- C:\Program Files\Daum
2013-04-11 10:29:55 -------- d-----w- C:\Users\manoj.agarwal\AppData\Roaming\OpenTab
2013-04-11 10:29:19 -------- d-----w- C:\Program Files (x86)\PANDORA.TV
2013-04-11 10:26:21 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2013-04-10 18:02:52 22056 ----a-w- C:\Windows\System32\btwcoins.dll
2013-04-10 18:02:51 598808 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2013-04-10 17:59:02 -------- d-----w- C:\DRIVERS
2013-04-10 16:45:21 -------- d-----w- C:\Program Files (x86)\Citrix
2013-04-10 16:40:59 60864 ----a-w- C:\Users\manoj.agarwal\g2mdlhlpx.exe
.
==================== Find3M ====================
.
2013-03-14 21:21:40 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 21:21:40 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-05 07:59:00 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-03-05 07:57:22 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-05 06:23:56 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-05 06:23:53 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-05 06:23:53 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-04 17:55:40 1490656 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
2013-02-15 09:33:01 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-15 09:32:58 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-02-15 09:32:58 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-02-12 09:58:30 382248 ----a-w- C:\Windows\System32\TpShocks.exe
2013-02-12 09:58:30 280872 ----a-w- C:\Windows\System32\TpShEvUI.exe
2013-02-12 09:58:28 484648 ----a-w- C:\Windows\System32\TpShCPL.dll
2013-02-12 09:58:28 107816 ----a-w- C:\Windows\System32\TpShCTL.exe
2013-02-12 09:58:26 419624 ----a-w- C:\Windows\System32\TpShCPL.cpl
.
============= FINISH: 14:54:22.29 ===============
manoj469
Active Member
 
Posts: 2
Joined: May 10th, 2013, 5:52 am
Advertisement
Register to Remove

Re: Spellchk.svc process show dialog box in a chinese langua

Unread postby manoj469 » May 10th, 2013, 6:41 am

Addl Info : The dialog box application name is "Daum" which is shown in the taskbar.
manoj469
Active Member
 
Posts: 2
Joined: May 10th, 2013, 5:52 am

Re: Spellchk.svc process show dialog box in a chinese langua

Unread postby deltalima » May 10th, 2013, 6:55 am

Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.


This topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware