1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I have Search.us.com and TNT2user.exe !!

Discussion in 'Malware Removal' started by flywelder, Dec 16, 2012.

Thread Status:
Not open for further replies.
  1. flywelder

    flywelder Private E-2

    How do I remove something called search.us.com and TNT2user.exe ? and what are these any how?
    and they are currently attempting to start but i repeatedly respond no. Just in case, I went to add and remove programs and I found search.us.com and choose to remove it, but, I think that has caused more issues! and now my screen has an area the size and dimensions of a toll bar that will not fill in but always displays my desk top image? so frustrating!


    i am using XP professional ver. 2002 with service pack 3 on a E machine.

    My Thanks to all who reply, and help me correct what ever is wrong!
    I am a novice with computers but can find my way if given detailed, step by step instructions.
     
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Welcome to the Malware Removal Forum.

    Please read ALL of this message including the notes before doing anything.

    Pleases follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide


    and attach the requested logs when you finish these instructions.
    • **** If something does not run, write down the info to explain to us later but keep on going. ****
    • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
  3. flywelder

    flywelder Private E-2

    OK, so you know, rougue killer would not start. and there was no icon for it on the desk top just a image with a blue bar and three dots inside that bar?

    and MG tools did not create a icon on my desk top or in my list of programs. So I utilized search and found it, and I double clicked it from there and started it. it ran for a while and the window with the prompts appeared with all the wording that you said it would and then some! the suddenly it disappeared and so did MG Tools!.. and I never saw anything more from MGTools..? I thought there would be a log that I was to post here? was I incorrect?

    Malware bytes found no infections.

    Just so you know, before I came to your site for help I downloaded and ran super anti spyware. it found 210 issues... mostly cookies, and one something else that it marked as urgent I quarantine and then remove, So i did. I don't recall what that was.. sorry.. hopefully it is in the log which I am also attaching. and I followed the instructions and deleted the cookies. But I still had the tool bar issue. so frustrating!
    I am also including screen shots of my monitor so that you can have a visual of what I am referring to. on these you'll see just above the Major Geeks emblem the trouble area.... you'll see parts of the paint program I had just used and closed and part of my email web site at Live.com.

    Also, just so you know, the hitman instructions you provide are great but the screen shot images need updated as the program has evolved and they added additional questions and steps for the user to choose..it was a bit confusing for me. ..and maybe only for me? :)?:confused
     

    Attached Files:

  4. flywelder

    flywelder Private E-2

    My first Mbs.exe scan log is attached

    Here attached is the malwarebytes logs and also what I can find as Scan Logs for Comodo. and I am getting rid of Comodo and going with malwarebytes after this is cleared up! I am afraid of uninstalling comodo right now as i may release some nasty ones or cause other issues... but when the issues are corrected, I am dumping comcodo!

    Also, my version of malwarebytes says the trial version is not available for my version? :confused ..... I just installed it tonight what could be wrong...was it something that I am not doing correctly?
    Also if you see anything in these logs that I should get rid of besides viruses, please point those out to me.,, and inform me of why I should get rid of them. as I am a real novice !

    Also I have not run the scans in safe mood as yet. for it is late and I am having difficulty holding my head up right now.
    Thanks
     

    Attached Files:

  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Rerun Hitman and have it delete Malware remnants, and Potential Unwanted Programs.

    From running MGTools.exe, do you not have a MGlogs.zip? Should be right on C:\ if that's where you boot from.

    Download OTL to your desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Attach both of these logs into your next reply.

    Also...

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.

    and...


    Run this and attach the results.

    Using ESET's Online Scanner
     
  6. flywelder

    flywelder Private E-2

    Re: I have Search.us.com and TNT2user.exe ! Update report

    Hi, thanks so much for these instructions and working with me to correct this issue! I really appreciate this!
    SO I was able to find MG Tools.exe and to get it to work. However it has stopped at the same point now for 6 and 1/2 hrs.... is this normal amount of time? I have just a 132GB hard drive.

    The attached screen print shows what i see on my monitor right now. and that has not changed like I said, for over 6 - 1/2 hrs.

    I want to get the logs from the other programs you said to use, to you as soon as possible, so Can i run the other scans that you want now?

    I have attached a zipped files that I found in the MGTool folder, I hope it contains the info your seeking...let me know. :)
     

    Attached Files:

  7. flywelder

    flywelder Private E-2

    Would you send me a link to Hitman so I can run it again as you asked, .. as I am not locating it on my computer or at Major geeks. I'm sure it is there, .. I just am not great at locating programs like that. and I wish i could find some web site to learn how to fully utilize a search engine. So I could get results faster and better. :(

    I greatly appreciate this. ! :)

    Thank you
     
  8. flywelder

    flywelder Private E-2

    Re: I have an update and logs to report

    Don't need a link to Hitman, for after 2 hrs. I found it and ran it again. Hooray!
    Also, I ran it and all these scans in safe mode.

    The hitman report I included as a screen print because i was not certain where it would be saved to but I wanted something to post here. I'll keep searching for the hitman log.
     

    Attached Files:

  9. flywelder

    flywelder Private E-2

    Also thought It important to tell you that Malwarebytes ran on a scheduled scan, Before I ran Hitman ,Junk box, or any of these others you had me run, and interestingly enough, it found no infections? :confused

    How do I up load to you, a log from Malwarebytes?

    Also, can you advise me if in the general settings tab of Malwarebytes, if I should place a check mark in the box next to terminate internet explorer during threat removal ?

    Again, Thank you!
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: I have Search.us.com and TNT2user.exe ! Update report

    There is a bug in Windows XP that cause the WMIC process to hang sometimes. See if the below new version of MGtools works better for you. It attempts to bypass this bug. Also this new version will also place a copy of MGlogs.zip on your Desktop for easy access. ;) Attach the new log.


    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )



    Now attach the below log:
    • C:\MGlogs.zip
     
  11. flywelder

    flywelder Private E-2

    Thank you Chaslang!
    While I down load and run that new program, may i leave with you new Qs. I seek your answers to?
    These concern virus removal also, and came up while I have been reading so many of these wonderful tips on malware prevention that you have posted!.. again thanks for them!
    OK So after reading, I decided it best to down load and burn to a cd, Kasersky rescue disc and Avira Rescue CD so I would have them in my arsenal for future use with a malware infected/possessed comp that will not boot.

    So I downloaded them. I attempted to burn them to a CD using BurnAware Free. But there are issues, and the program will not make the CDs for some reason?:confused
    First , I don't really know which type of CD to make? I tried with ata; Boot disc; make iso; make iso boot, but no program would finish making a disc :confused

    2)Each time, the programs stop and ask me to 'specify a boot image file in options' :confused... I have no clue what that is :confused

    I don't know what the program is wanting nor do I have any idea where to find the answer for it. :( :confused

    Help!.... and Might I ask you for these answers and instructions on how to go about making these CD please?
    Thank you so much!
     
  12. flywelder

    flywelder Private E-2

    Chaslang, that MGTOOL program worked! and it only took about 4 mins to start and complete! WOW! and like you said, created the zipped file on my desk top!,,, now that is a nice program , it downloads, opens, runs, and does what it should with no hassles! NICE! Thanks! I should mention that I ran the MG tools in safe mode on this computer, for it is the only way I can use this computer. ...hope that was correct and ok?
    And have I posted everything you need correctly so far? .. let me know yes or no . thanks.
    Also, I have noticed these postings saying, "this person has been thanked _____, times in ____ posts" What is this all about and how does one go about thanking some one other than writing it? as I see no button to click on.
    Attached is the log.
     

    Attached Files:

    Last edited: Dec 20, 2012
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    What happens when you try to boot normally instead of safe mode?

    Delete these folders:
    • C:\Documents and Settings\All Users\Application Data\Tencent
    • C:\Documents and Settings\All Users\Application Data\Viewpoint
    You can rerun Hitman and have it fix the adware Starware.
     
  14. flywelder

    flywelder Private E-2

    I have been very afraid to boot into normal mode until I had confirmation from you to attempt to do so. Are you giving that instruction now?

    At the time of writing this I have not deleted the folders you listed for me to do, but I will do so right after posting this and then follow the instructions for running hit man again. and then will update you.
    PS: I m so very glad your here with me guiding me through this! thank YOU!
     
  15. flywelder

    flywelder Private E-2

    :wave
    OOPS I forgot to ask you:
    Do I need to boot into normal windows mode in order to remove those folders?:confused

    Also I'm not sure where those folders are so i am going to copy and paste them into 'search'...does this get your approval?

    I'm waiting for your reply.
     
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Normal mode would be preferable yes. :)

    I already gave you the file path to those folders. ;)
     
  17. flywelder

    flywelder Private E-2

    Oh Kestrel13..... I can't remember how to find the hitman scan log to post it !?... this is so awful of me! Forgive me! please advise.

    I ran hit man, and had it remove the you said., yet I still have the same issues.

    I have attached screen shots of what I am seeing.

    I am still getting the firewall warnings from comodo about 'Svchost' and

    TNT2user,

    5) I cannot find and the computer can not find:
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    Nor the other one.
    When i enter these into the search engine, nothing comes back resembling the request?
    Check the attachments
    6) is this svchost safe and trust worthy and I can allow it? What shall i do with eat?
    tell me how and where to find these, please thanks.
     
  18. flywelder

    flywelder Private E-2

    The attachments did not load the first time . this did now and are attached.

    Also since Malwarebytes is a light weight program, what do you recommend I was download and install to work with or that covers / protects what malwarebytes does not?

    Also, when this is all done, please advise on how to find all the scans and logs and such that has been placed on this computer, thanks
    Thank you very much!
     

    Attached Files:

  19. flywelder

    flywelder Private E-2

    When I boot up in normal mode it takes 4-5 minutes.
    Every time i go on the web, Comodo firewall warns me of TNT2user.exe and Svchost.exe are trying to connect to another computer and do I want to allow this?
    Shall I continue to block or not?
    Is Svchost a safe program or not? what is Svchost any how?:confused

    Seeing how I can not activate the free full trail version of malwarebytes, Should I uninstall malwarebytes now and reinstall it now? or wait?
    Thanks!

    Windows search feature cannot find these below, that you asked me to find and delete. Where do I find ?

    C:\Documents and Settings\All Users\Application Data\Tencent
    C:\Documents and Settings\All Users\Application Data\Viewpoint
     
  20. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You actually attached that executable! Just delete it please.
    Just leave it alone at the moment please.
    I wanted you to navigate to the folders following the file path but here we go, we will do it an easier way which perhaps I should have done in the first place.

    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.

    Code:
    :Files
    C:\Documents and Settings\All Users\Application Data\Tencent
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    :Commands
    [emptytemp]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

    Now that you have delete the TNT executable, how are things running?
     
  21. flywelder

    flywelder Private E-2

    OH, this must be very frustrating for you, and I do so apologize!
    Today I tried even to find these document folders using run, and my computer.
    And I don't understand how I attached an executable...I would like to know how i did, I as i thought I just posted a screen print :)
    Your most likely going to scream at me for this also, but when I attempt to download the OTM from the link you provided, Comodo anti virus lights up and stops the process! says it is a known malicious virus: Malware @#2@jaz5hz____ ( something) and puts the co bash on the download. I tried three times. with the same results.
    I have attached screen prints, I made using 'paint', of all this so you can see what i am seeing. Know that all my attachments are just zipped files of screen print images I created using paint program. I zipped them because they would not upload any other way.

    I also went back to an earlier posting of yours, and found a link to a OTM and downloaded it again, although i did not see everything you mentioned and so I also made a screen print of what i saw on my monitor and have attached it so that maybe I was on the right path and didn't know it and you can tell me yes and to try that again or no don't do that.

    However, while your reading this I am going to try again and because I trust you completely, this time I'll tell comodo to allow the OTM. and I'll attempt to carry out your instructions. and post the results... wish me lots of luck as I'm very nervous.
    Thank you for your tremendous patients with me threw all this! And like you I'm sure, I wish there were a means for us to more quickly communicate than waiting for each others replies it would be less frustrating perhaps.:-o I would be happy to place a phone call and have the charges be on me if this would help us.

    So Here I go, wish me luck!....and by the way, I like the verse you add at the bootm of your name... it causes me to think. ;) and for what it is worth, I don't understand why someone would create such vicious malware just to make people's lives miserable, when life is difficult enough as it is! what thrill or enjoyment could be realized ? what did I do to anger the ones who created this malware any how? this is beyond me! rrrg! You Kestrel13 deserve more than just thanks!, for you are a super person!... and again I thank you!:)
     

    Attached Files:

  22. flywelder

    flywelder Private E-2

    Hurray! So far my computer is still functioning,meaning it didn't crash like comodo had me believing. ! right now I am using our only fully functioning computer to type this.
    What happened since my last post is:
    I told comodo to allow the OTM and then to report it to comodo as a possible false positive, which I m not certain what that means, but it sounded to be correct for my situation. your the Greatest, Kestrel13!
    Now my Questions are, ' how long should that OTM program run before it finishes?'
    because it has been running for 90 mins and the screen looks the same and there appears to be no mention of a log and every function on the computer is very, very, very slow and there is a hour glass symbol on the screen continuously.

    2nd) should I have gotten off the internet before I started OTM?....b/c I didn't, in order to refer back and forth to your instructions posted here.
     
    Last edited: Dec 24, 2012
  23. flywelder

    flywelder Private E-2

    3rd.) You asked me to delete TNT2user.exe.... and I would if i knew how. but I don't ever see any button that allows me to choose 'delete'.
    What I see on my monitor is: comodo just offers to me the options to allow or block. I would need step by step instructions on how to delete TNT2user.exe. What I see when comodo warns me is in one of the attached zipped microsoft paint folders I attached earlier. I don't mean to be ignorant or difficult. I'm just a layman and i guess I need lead by the hand ...I'm sorry Kestel13, I don't mean to be difficult to instruct. Please bear with me, when we get through this I will be singing your praises major geek executives just how super you are!
     
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    In the last fix, Kestrel13! gave you a fix for OTM not OTL. The image you attached shows you were running OTL. If you do not run the correct program, you will not see the correct items mentioned in the fixes.
     
  25. flywelder

    flywelder Private E-2

    Oops!.. so very sorry! I blame it on all the hustle and bustle happening on my end right there at the holiday! Please for give me. and also thank you for pointing out my mistake.
    here is a progress report.

    I ran OTM
    Every thing happened fast and when the program asked me to reboot, I agreed yes.
    however, I forgot to copy the info from the results! oops, damn! screwed up again!

    i doubt there is a log that was saved anywhere that I can retrieve, or is there?
    Can i run OTM again to get the results?

    know this: I think Comodo is hindering us, and that I should uninstall it. What do you think?
    I think this way because, when the computer rebooted after OTM ran, ... every click I made took 90 secs. to react.

    Also, a window eventually came up from comodo saying it sand boxed OTM then another window appeared from Comodo saying it sand boxed something called Magic______ ? the window disappeared before I could record all the info but, I think, i was able to make a screen print of it, and if I was so fortunate, it is the upload titled 'untitled'

    Also, there is a rhythmic ticking from my computer's hard drive, ticking like a pocket watch.

    Finally when I was able to get the mouse to respond to me, and click on Firefox to come to major geeks, a Comodo firewall window appeared announcing that TNT2user wants to connect and then also a window appeared from comodo firewall informing me that svchost.com wants to connect to the internet...I answered all these with 'block' other wise I'm an not able to get on line. Also, when I arrived at major geeks, I was constantly re directed to other points of major geeks, until finally able to get to forum and sign in, then the rerouting stated again before I could get to my profile and subscribed threads, in order to get here. wow!

    What is scvhost? and is it dangerous?

    When I did finally get on line, the area at the top of my screen is still there and still the size of a 'search bar'...the very same as I have had all along this journey.
    To my amateur computer user's mind, I'm sorry to report that nothing has improved.

    I have attached some more screen prints of what I was seeing happen on my monitor, I made using Microsoft paint. Maybe they can help us, as clues?
    I apologize that i was not able to create screen prints of everything and that is because the mouse and start button, and paint programs were not quick to, i guess, 'load'
    What are our next steps, and my next instructions please?...I haven't lost hope !
     

    Attached Files:

    Last edited: Dec 26, 2012
  26. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Wow. You have written so much in these last few posts and it is ALOT to take in and read. I need to get all caught up.

    Have you ever used Nvidia? I was thinking this is what the TNT file could relate to but after looking at it, not so sure.

    SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      TNT2user.exe
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  27. flywelder

    flywelder Private E-2

    No never used Nvidia. what is it and what does it do?

    I have attached the note pad results.
     

    Attached Files:

  28. flywelder

    flywelder Private E-2

    Did I run and attach the correctly the 'System Look program' ?

    I readily admit I know very little about what we're doing and how this all works, yet I was wondering if anything from Malwarebytes would help us?
    maybe their:
    Anti-root kit - Beta ?

    Or File Assassin

    or RegASSASSIN

    Also, seeing how the malwarebytes version I have installed on this computer will for some unknown reason, not allow me to start the trial version of the full malwarevytes program ( even though, I have watched, in the bottom Right corner of my screen, that every time this computer has re-booted up, malwarebytes informs me that my trial version has gone from 5 days to now it is has 1 day left ?????...yet I cannot activate the full version, or use any of the tools offered with the full version?????? why is this ?????)

    Are we dealing with a nasty, nasty malware?:confused

    Also, I don't want to sound like a broken record, but you have not answered my questions about svchost, that comodo keeps bringing to my attention every time I click to go onto the web and this forum. is it related to this tnt2user or is it separate malware?:confused

    Thanks, I'm watching for your replies.
     
  29. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Comodo us just a bit aggressive in my opinion, it can be configured to not warn you of every little thing though but I am not familiar with it so this you would have to ask about in software forum. Svchost is nothing to worry about, it hooks into lots of processes. This is normal behaviour.

    Now let's get rid of this folder/file:

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.

    Code:
    :Files
    C:\Documents and Settings\User\Local Settings\Application Data\TNT2
    
    :Commands
    [emptytemp]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

    Gone now?
     
  30. flywelder

    flywelder Private E-2

    OK will do. First because of your great instructions, I was able to locate what I think is the first OTM log that you requested and that I forgot to get. This log is from the scan i did on Dec. 26, 2012 Maybe this is of no use but I sure feel better having located and retrieved it and posting it here! :)

    My next post should have the log from the next OTM scan / request. :)
     

    Attached Files:

  31. flywelder

    flywelder Private E-2

    All processes killed
    ========== FILES ==========
    File/Folder C:\Documents and Settings\User\Local Settings\Application Data\TNT2 not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Eknies account

    User: Guest

    User: LocalService

    User: NetworkService

    User: User

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 0.00 mb

    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Eknies account

    User: Guest

    User: LocalService

    User: NetworkService

    User: User

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 0.00 mb


    OTM by OldTimer - Version 3.1.21.0 log created on 12272012_222542
     
  32. flywelder

    flywelder Private E-2

    I did it! this last post below has the latest log! comp. is rebooting now!
     
  33. flywelder

    flywelder Private E-2

    Well, I have more time than I thought. but in order to highlight and copy the log I had to first choose yes, to reboot.
    and 5 minutes have passed and still no reboot. I had completely closed and gotten off the web anticipating a reboot. I was able to sign back on and navigate to this forum.! surprising to me.
    So I thought I would post this info so your aware. This is a much longer time to reboot than when I first ran this program.
    My hard drive is clicking away. hope that is good.
    the bar at the bottom of the OTM program is solid blue and still on my screen. I'll let this run all night and check it in the morning. it is 10:39 PM Thursday.
    I'll look for a reply from you then. Shoot, I may be able to check back here tonight yet, for your response. and I will if I can. :)

    I have a strong gut feeling there will be no reboot, if there is not, what has stopped it? and what shall I do next?

    20 mins. now, and Still no boot, and I was just wondering , do I start the reboot manually myself? I hope to hear from you yet tonight. thanks!
     
    Last edited: Dec 27, 2012
  34. flywelder

    flywelder Private E-2

    So, I'm back now and it has been nearly 2 hrs. since I said yes to and expected a automatic reboot. The reboot never came.

    I manually re-booted the computer.
    I attempted to get on line, and Comodo informed me again of TNT2user!

    Takes forever now to get on line. like 15 mins. with 4 tries.
    my screen still has all the issues. it is not gone, Nothing has changed, sorry to report.

    I have attached some new screen shots so again you can see what i see on my screen after the reboot. these again are zipped as they would not upload otherwise. for a crazy reason,I'm thinking, maybe they can provide clues?
    note in the image showing Task Manager, I see many new processes! especially, RTHDCPL.exe
     

    Attached Files:

  35. flywelder

    flywelder Private E-2

    As I wait. I'm using the time to educate myself on what is a root directory and a root folder. SO that I can be of more use in this investigation.
    yet what I read on line about these, doesn't look exactly the same with the windows XP I'm using and see on my monitor,?? so it is a bit scary and confusing.
     
  36. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Your processes are fine.

    C:\Documents and Settings\User\Local Settings\Application Data\TNT2 <--- Does this folder still exist when you navigate to it??? Just answer yes or no. :) I assume you know how to navigate to find the folder?
     
  37. flywelder

    flywelder Private E-2

    Before I answer yes , that I know how to find the folder please look at the attachment, it shows what I found using 'search'.
    Does it display the files your asking me to find?

    and, Is using 'search' the correct procedure to use to find files and folders? and will this work with your next instructions for me? .. if not I welcome your instructions and step by step guidance. :)

    and if these are not the files you want me to find, please tell me how to go about finding them. .. and I will find them. its all good! :)
     

    Attached Files:

  38. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Then yes it still exists. Do this: (Don't do anything else except for what I have asked)

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.

    Code:
    :Files
    C:\Documents and Settings\User\Local Settings\Application Data\TNT2
    
    :Commands
    [emptytemp]
    [Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

    Now again, like you did in the last screenshot, navigate back to where it was (or hopefully isn't STILL residing) No need to take another screenshot, just let me know if the TNT2 folder is still there or not please. Thanks.
     
  39. flywelder

    flywelder Private E-2

    I'm having great difficulties now getting OTM to work like it has in the past. The computer is locking up and not responding for 30 mins. and the last time was locked up for an hr. I am sure the problem is on my end, and with me, but exactly where with me. is baffling me! ... yes, go ahead and laugh...i am.

    also I have enlisted to assistance of a young teenager to help me correctly interpret these instructions. We are confused with this line:
    Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

    does this mean to post the same instructions twice under the yellow line?

    for I don't see any other area that says files and folders.
    So sorry to report this.
    while I wait for your reply, we will continue to try on our end also....keep your fingers crossed. ! :)
    thanks
     
  40. flywelder

    flywelder Private E-2

    OK we tried again. running as administrator is not working and perhaps contributes to the computer locking up, my young assistant thinks.
    So This time I ran OTM as user and we pasted the instructions twice under the yellow bar, and pressed move it. The program ran quickly and ended. i pasted the results here. I have not rebooted yet, but will after this posting.
    At that time I will check to see if it is gone or not and report back.
    Stand by.
    PS: OTM is still not rebooting on its own and I have to start the reboot process.

    All processes killed
    ========== FILES ==========
    File/Folder C:\Documents and Settings\User\Local Settings\Application Data\TNT2 not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Eknies account

    User: Guest

    User: LocalService

    User: NetworkService

    User: User

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 0.00 mb

    ========== FILES ==========
    File/Folder C:\Documents and Settings\User\Local Settings\Application Data\TNT2 not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Eknies account

    User: Guest

    User: LocalService

    User: NetworkService

    User: User

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 0.00 mb


    OTM by OldTimer - Version 3.1.21.0 log created on 12292012_150753
     
    Last edited: Dec 29, 2012
  41. flywelder

    flywelder Private E-2

    OK, I manually rebooted. I then checked for the tnt2user. and yes it is still there.

    The young assistant with me asked me " why not right click on the folder and choose delete" ? can I do that Kestrel13 ?
    and Should I do so in normal boot up mode or in safe mode or some other mode?
     
  42. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    If my script didn't move it I don't know, but what the hell. :) Try it yes...... (I did it the other way with a script because you were having trouble just right clicking and deleting in the first place) ;)
     
  43. flywelder

    flywelder Private E-2

    OH... do I feel dumb! :-o oops! ..b/c if that was what you have been wanting me to do, I'm terribly sorry...please forgive my ignorance ...I'm embarrassed that I didn't understand!:-o

    So here is a update. I choose to delete the file, but, unfortunately it failed, because a window popped up and said this:
    Error Deleting file or folder access is denied. cannot delete npTNT2.dll:


    SO bummer, but Kestrel13 ...what about i using Malwarebytes's "file assassin". I read some about it . and I think it was informing me that it can open or delete stubborn files. I could be wrong, you know more than i about malwarebytes and their tools.
    I'm looking forward to being able to re downloading malwarebytes and get the full version, and thus be protected from so much that is out there.
     
  44. flywelder

    flywelder Private E-2

    Kestrel13,
    I went ahead and downloaded file assassin. and yes , I installed it, and I ran it.

    it cannot find the TNT2 for some reason. maybe you will know why if you see the page I see. so i attached a screen print of such page. Something really weird about these programs not finding a folder, and yet the folder appears in my searches? :confused

    What are your next instructions?
     

    Attached Files:

  45. flywelder

    flywelder Private E-2

    Kestrel13, I just had a thought that may be of help and maybe not. But I'm still getting reports from Comodo firewall that "Search.us.com is wanting to connect to another computer"

    and I certain that TNT2user is closely associated with search.us.com
    Could it be that I should search for search.us.com and not TNT2user? and that we must get rid of it, in order to get rid of TNT2?:confused

    Your thoughts please.
     
  46. flywelder

    flywelder Private E-2

    Kestrel13 attached is a screen print of the results of my searching for Search.us.com
    I don't know for certain if it could be a clue or not, but I'm trying to be of assistance. ;)
     

    Attached Files:

  47. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Download The Avenger by Swandog469, and save it to your Desktop.

    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Has it gone now after reboot, or still there?
     
  48. flywelder

    flywelder Private E-2

    Yes it is gone from my screen! The program ran quickly and rebooted my computer on it's own ! Excellent Kestrel 13 ! :)

    However, there is another issue on my screen now, that appeared after the avenger ran. I attached screen prints of this for you to see. There are 2 on this topic, and are titled:
    "Home page appearance" and "major geeks page"
    In these you will see in the top left corner, there is a section / area that is empty except for a dotted line shaped object resembling a Lego block?
    What do we do about this?


    Also during the scan a window popped up, that you did not talk about and of which I made a screen print of and attached also.
    what shall I do with it Kestrel13 ( how should I answer it) and is it a major concern? It is titled:
    "No Disk warning"


    I await your next instructions.
    PS: your instructions all along have all been very good, and your last instructions were excellent!...I could follow along very well... Thank you! :)


    The Log file, results of the scan are below:

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    Folder "C:\Documents and Settings\User\Local Settings\Application Data\TNT2" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
     

    Attached Files:

  49. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You're most welcome.


    We are going to be uninstalling your old version of FireFox and installing the new version. So do the below to save bookmarks:

    • Run FireFox and click Bookmarks.
    • Then select Organize Bootmarks.
    • Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.

    Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla FireFox

    You will need to exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

    Start by uninstalling FireFox and then reboot. Do not skip the reboot.
    After reboot, delete the below folders:
    • C:\Program Files\Mozilla Firefox
    • C:\documents and settings\UserAccount\Application Data\Mozilla

    where UserAccount is the actual user account name being used.

    Now reinstall FireFox from the file previously downloaded.
    Import your bookmarks file. (similar process to exporting).

    Any better now?

    No. Nothing to worry about with avenger.
     
  50. flywelder

    flywelder Private E-2

    Ok while your reading this and the attachment, Ill read again your instructions.
    The attachment is a screen shot of a comodo warning of a malicious item and I titled it "scanner alert" having been detected... and it has something to do with MGTools. exe
    I'm not sure what to do . Shall i go ahead and have comodo remove this or is is safe to leave? .. what do u recommend? I think I need to do something with it before I can reinstall fire fox.... am I correct kestrel13?
    I await your reply Kestrel13.
     

    Attached Files:

Thread Status:
Not open for further replies.

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds