Twunk_32 overloading cpu

This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.


Thread Starter
Mar 22, 2015
Hey folks,

New to this forum so my apologies if I don't follow the rules to the letter, I will do my best. So I am having an issue in Windows 7 where twunk_32 and Iexplorer are maxing out my cpu with multiple instances of each program. I have run avg, avira and malwarebytes scans with successful detection and removal of several pieces of malware, however the original problem still persists. I have disconnected my Internet connection for fear of my data being compromised so I will follow-up this post with system info momentarily. Also, I have turned off Internet Explorer under the windows features option. Thank you so much in advance for any assistance you can offer.


Thread Starter
Mar 22, 2015
Tech Support Guy System Info Utility version
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD E-350 Processor, AMD64 Family 20 Model 1 Stepping 0
Processor Count: 2
RAM: 2666 Mb
Graphics Card: AMD Radeon HD 6310 Graphics, 384 Mb
Hard Drives: C: Total - 286074 MB, Free - 19420 MB; D: Total - 14905 MB, Free - 1656 MB; E: Total - 4055 MB, Free - 1108 MB;
Motherboard: Hewlett-Packard, 3577
Antivirus: AVG AntiVirus Free Edition 2014, Disabled


Thread Starter
Mar 22, 2015
Ran MBAM scan first after updating it, then ran junkware removal tool. Here are the results, seems to be running better but Im not savvy enough to know if this data shows that I have removed the malware so it cannot re-install. Please advise thank you.

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Home Premium x64
Ran by Joe on Mon 03/23/2015 at 10:14:53.87

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
BluetoothS REG_EXPAND_SZ rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util whilokii
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT1678857
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3198785
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1678857
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3198785
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{68707A41-514E-4139-8257-C6FC18A13E6B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Joe\AppData\Roaming\digitalsite"
Successfully deleted: [Folder] "C:\Users\Joe\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Joe\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Joe\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"
Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{0E30126A-4CB3-48CF-9E9F-4FD675328BD4}


Malwarebytes Anti-Malware

Scan Date: 3/22/2015
Scan Time: 8:32:38 PM
Administrator: Yes

Malware Database: v2015.03.22.07
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joe

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369044
Time Elapsed: 56 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
Trojan.FakeMS.ED, C:\Users\Joe\AppData\Roaming\BtvStack.dll, Delete-on-Reboot, [2768390f6e1c52e472e6290fe81a7a86],

Registry Keys: 1
Trojan.Sathurbot, HKLM\SOFTWARE\CLASSES\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}, Quarantined, [5e315aee6129142235346bf907fc29d7],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Trojan.FakeMS.ED, C:\Users\Joe\AppData\Roaming\BtvStack.dll, Delete-on-Reboot, [2768390f6e1c52e472e6290fe81a7a86],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll, Delete-on-Reboot, [5e315aee6129142235346bf907fc29d7],
Trojan.Sathurbot, C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll, Delete-on-Reboot, [840b291f1476ed49167b58ef14f1fc04],

Physical Sectors: 0
(No malicious items detected)



Thread Starter
Mar 22, 2015
This is the most useless computer help forum EVER CREATED! Thanks for all the help, Jackasses.
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online