New
#21
I have a process in the task manager call LMworker.exe some people say this is a virus, is it possible that this could be the thing thats making my cpu go from 30-50% but hides itself when i open task manager?
I have a process in the task manager call LMworker.exe some people say this is a virus, is it possible that this could be the thing thats making my cpu go from 30-50% but hides itself when i open task manager?
Here's what the knowledge base shows for this entry.
LMworker.exe Windows process - What is it?
Still waiting on the other log.
So far, the tools are working, but more will need to be ran.
John
@Devlin1888,
You can make your life easier by simply attaching the log/txt files to your post. You do not have to copy/paste the info in to the body of your reply. As you have seen, you can only post just so much info into one post... so you have to make post after post to get the info to those helping you.
I re-read post #3 and maybe I'm wrong... maybe Britton30 wanted the info in the body of the posts and not as attachments. I'll let Britton30 clarify that later. But here is the tutorial on how to attach a file or image to a post:
Screenshots and Files - Upload and Post in Seven Forums
Hopefully, johnsmith45jock won't mind scan results/info as text based attachments.
:::goes back to lurking:::
Yeah cheers, i just read on here somewhere that most people prefer them to be in the body of the text, im happy to upload them as files if needed. Cheers again, il do the other scan just now
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Michael on 15/10/2013 at 6:13:09.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1000511198-54521286-2006776693-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440244184404}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244184404}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440244184404}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244184404}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{449F3DA4-0324-45DC-A417-DE00B2448990}
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\sho2DEE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4F84.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho837.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8C8E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF8F7.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Michael\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Michael\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{86F88D9B-6274-4980-BA8A-5EE58ACB4B02}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8D778443-1350-473B-97D9-37787916DE3A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A4CDCC98-D4AF-4F9C-8C6F-7EB29105388E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CD095CB6-297E-4327-8326-5CEF3A465869}
~~~ FireFox
Emptied folder: C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\7qs3y9qi.default\minidumps [9 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Michael\appdata\local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jneaojaoiajhnemidnjhoempalnidbhj
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/10/2013 at 6:20:49.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Not sure how much of they files were harmful though! Probably most of them, you guys are great here!
Would deleting the LMworker cause windows to become disfunctional?
From you post #25.
Is there some sort of medal for this?XD just kidding
It was kind of a reminder that after these good folks help you get your computer clean if you do the same things in the same way you will just get infected again. I hate to have the work you and the members helping you go to waste by just getting infected again a week from now.
Being careful of what one ticks on and all the extra goodies that might come with that one tick.
Using torrents is one of the best way I know of to get infected.
Now I will get out of the way and let these good folks continue to help you.
Yeah it wont happen again, never happened to me in my computing history, maybe the odd virus here and there but nothing like this,
Yeah i will admit to using torrents but i do usually pay for the stuff if i enjoy them, Torrents arent where these came from i am good at monitoring what i download from a particular torrent site, but yeah these guys here deserve alot of credit! Thanks again!