1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Twunk_32 overloading cpu

Discussion in 'Virus & Other Malware Removal' started by Stonage_Joe, Mar 22, 2015.

Thread Status:
Not open for further replies.
  1. Stonage_Joe

    Stonage_Joe Thread Starter

    Mar 22, 2015
    Hey folks,

    New to this forum so my apologies if I don't follow the rules to the letter, I will do my best. So I am having an issue in Windows 7 where twunk_32 and Iexplorer are maxing out my cpu with multiple instances of each program. I have run avg, avira and malwarebytes scans with successful detection and removal of several pieces of malware, however the original problem still persists. I have disconnected my Internet connection for fear of my data being compromised so I will follow-up this post with system info momentarily. Also, I have turned off Internet Explorer under the windows features option. Thank you so much in advance for any assistance you can offer.
  2. Stonage_Joe

    Stonage_Joe Thread Starter

    Mar 22, 2015
    Tech Support Guy System Info Utility version
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: AMD E-350 Processor, AMD64 Family 20 Model 1 Stepping 0
    Processor Count: 2
    RAM: 2666 Mb
    Graphics Card: AMD Radeon HD 6310 Graphics, 384 Mb
    Hard Drives: C: Total - 286074 MB, Free - 19420 MB; D: Total - 14905 MB, Free - 1656 MB; E: Total - 4055 MB, Free - 1108 MB;
    Motherboard: Hewlett-Packard, 3577
    Antivirus: AVG AntiVirus Free Edition 2014, Disabled
  3. Stonage_Joe

    Stonage_Joe Thread Starter

    Mar 22, 2015
    Hello? Is anybody out there? It's dark and lonely in this thread...
  4. Stonage_Joe

    Stonage_Joe Thread Starter

    Mar 22, 2015
    Ran MBAM scan first after updating it, then ran junkware removal tool. Here are the results, seems to be running better but Im not savvy enough to know if this data shows that I have removed the malware so it cannot re-install. Please advise thank you.

    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.6 (03.22.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Joe on Mon 03/23/2015 at 10:14:53.87

    ~~~ Services

    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
    Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name Type Value Data
    BluetoothS REG_EXPAND_SZ rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util whilokii
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT1678857
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3198785
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1678857
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3198785
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{68707A41-514E-4139-8257-C6FC18A13E6B}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

    ~~~ Files

    Successfully deleted: [File] "C:\Windows\wininit.ini"

    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Joe\AppData\Roaming\digitalsite"
    Successfully deleted: [Folder] "C:\Users\Joe\AppData\Roaming\systweak"
    Successfully deleted: [Folder] "C:\Users\Joe\appdata\local\conduit"
    Successfully deleted: [Folder] "C:\Users\Joe\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
    Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"
    Successfully deleted: [Empty Folder] C:\Users\Joe\appdata\local\{0E30126A-4CB3-48CF-9E9F-4FD675328BD4}


    Malwarebytes Anti-Malware

    Scan Date: 3/22/2015
    Scan Time: 8:32:38 PM
    Administrator: Yes

    Malware Database: v2015.03.22.07
    Rootkit Database: v2015.02.25.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Joe

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 369044
    Time Elapsed: 56 min, 12 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 1
    Trojan.FakeMS.ED, C:\Users\Joe\AppData\Roaming\BtvStack.dll, Delete-on-Reboot, [2768390f6e1c52e472e6290fe81a7a86],

    Registry Keys: 1
    Trojan.Sathurbot, HKLM\SOFTWARE\CLASSES\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}, Quarantined, [5e315aee6129142235346bf907fc29d7],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 3
    Trojan.FakeMS.ED, C:\Users\Joe\AppData\Roaming\BtvStack.dll, Delete-on-Reboot, [2768390f6e1c52e472e6290fe81a7a86],
    Trojan.Sathurbot, C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll, Delete-on-Reboot, [5e315aee6129142235346bf907fc29d7],
    Trojan.Sathurbot, C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll, Delete-on-Reboot, [840b291f1476ed49167b58ef14f1fc04],

    Physical Sectors: 0
    (No malicious items detected)

  5. Stonage_Joe

    Stonage_Joe Thread Starter

    Mar 22, 2015
    This is the most useless computer help forum EVER CREATED! Thanks for all the help, Jackasses.
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1145264

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice