1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I have Search.us.com and TNT2user.exe !!

Discussion in 'Malware Removal' started by flywelder, Dec 16, 2012.

Thread Status:
Not open for further replies.
  1. flywelder

    flywelder Private E-2

    How do I remove something called search.us.com and TNT2user.exe ? and what are these any how?
    and they are currently attempting to start but i repeatedly respond no. Just in case, I went to add and remove programs and I found search.us.com and choose to remove it, but, I think that has caused more issues! and now my screen has an area the size and dimensions of a toll bar that will not fill in but always displays my desk top image? so frustrating!

    i am using XP professional ver. 2002 with service pack 3 on a E machine.

    My Thanks to all who reply, and help me correct what ever is wrong!
    I am a novice with computers but can find my way if given detailed, step by step instructions.
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Welcome to the Malware Removal Forum.

    Please read ALL of this message including the notes before doing anything.

    Pleases follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide

    and attach the requested logs when you finish these instructions.
    • **** If something does not run, write down the info to explain to us later but keep on going. ****
    • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
  3. flywelder

    flywelder Private E-2

    OK, so you know, rougue killer would not start. and there was no icon for it on the desk top just a image with a blue bar and three dots inside that bar?

    and MG tools did not create a icon on my desk top or in my list of programs. So I utilized search and found it, and I double clicked it from there and started it. it ran for a while and the window with the prompts appeared with all the wording that you said it would and then some! the suddenly it disappeared and so did MG Tools!.. and I never saw anything more from MGTools..? I thought there would be a log that I was to post here? was I incorrect?

    Malware bytes found no infections.

    Just so you know, before I came to your site for help I downloaded and ran super anti spyware. it found 210 issues... mostly cookies, and one something else that it marked as urgent I quarantine and then remove, So i did. I don't recall what that was.. sorry.. hopefully it is in the log which I am also attaching. and I followed the instructions and deleted the cookies. But I still had the tool bar issue. so frustrating!
    I am also including screen shots of my monitor so that you can have a visual of what I am referring to. on these you'll see just above the Major Geeks emblem the trouble area.... you'll see parts of the paint program I had just used and closed and part of my email web site at Live.com.

    Also, just so you know, the hitman instructions you provide are great but the screen shot images need updated as the program has evolved and they added additional questions and steps for the user to choose..it was a bit confusing for me. ..and maybe only for me? :)?:confused

    Attached Files:

  4. flywelder

    flywelder Private E-2

    My first Mbs.exe scan log is attached

    Here attached is the malwarebytes logs and also what I can find as Scan Logs for Comodo. and I am getting rid of Comodo and going with malwarebytes after this is cleared up! I am afraid of uninstalling comodo right now as i may release some nasty ones or cause other issues... but when the issues are corrected, I am dumping comcodo!

    Also, my version of malwarebytes says the trial version is not available for my version? :confused ..... I just installed it tonight what could be wrong...was it something that I am not doing correctly?
    Also if you see anything in these logs that I should get rid of besides viruses, please point those out to me.,, and inform me of why I should get rid of them. as I am a real novice !

    Also I have not run the scans in safe mood as yet. for it is late and I am having difficulty holding my head up right now.

    Attached Files:

  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Rerun Hitman and have it delete Malware remnants, and Potential Unwanted Programs.

    From running MGTools.exe, do you not have a MGlogs.zip? Should be right on C:\ if that's where you boot from.

    Download OTL to your desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Attach both of these logs into your next reply.


    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.


    Run this and attach the results.

    Using ESET's Online Scanner
  6. flywelder

    flywelder Private E-2

    Re: I have Search.us.com and TNT2user.exe ! Update report

    Hi, thanks so much for these instructions and working with me to correct this issue! I really appreciate this!
    SO I was able to find MG Tools.exe and to get it to work. However it has stopped at the same point now for 6 and 1/2 hrs.... is this normal amount of time? I have just a 132GB hard drive.

    The attached screen print shows what i see on my monitor right now. and that has not changed like I said, for over 6 - 1/2 hrs.

    I want to get the logs from the other programs you said to use, to you as soon as possible, so Can i run the other scans that you want now?

    I have attached a zipped files that I found in the MGTool folder, I hope it contains the info your seeking...let me know. :)

    Attached Files:

  7. flywelder

    flywelder Private E-2

    Would you send me a link to Hitman so I can run it again as you asked, .. as I am not locating it on my computer or at Major geeks. I'm sure it is there, .. I just am not great at locating programs like that. and I wish i could find some web site to learn how to fully utilize a search engine. So I could get results faster and better. :(

    I greatly appreciate this. ! :)

    Thank you
  8. flywelder

    flywelder Private E-2

    Re: I have an update and logs to report

    Don't need a link to Hitman, for after 2 hrs. I found it and ran it again. Hooray!
    Also, I ran it and all these scans in safe mode.

    The hitman report I included as a screen print because i was not certain where it would be saved to but I wanted something to post here. I'll keep searching for the hitman log.

    Attached Files:

  9. flywelder

    flywelder Private E-2

    Also thought It important to tell you that Malwarebytes ran on a scheduled scan, Before I ran Hitman ,Junk box, or any of these others you had me run, and interestingly enough, it found no infections? :confused

    How do I up load to you, a log from Malwarebytes?

    Also, can you advise me if in the general settings tab of Malwarebytes, if I should place a check mark in the box next to terminate internet explorer during threat removal ?

    Again, Thank you!
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: I have Search.us.com and TNT2user.exe ! Update report

    There is a bug in Windows XP that cause the WMIC process to hang sometimes. See if the below new version of MGtools works better for you. It attempts to bypass this bug. Also this new version will also place a copy of MGlogs.zip on your Desktop for easy access. ;) Attach the new log.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

    Now attach the below log:
    • C:\MGlogs.zip
  11. flywelder

    flywelder Private E-2

    Thank you Chaslang!
    While I down load and run that new program, may i leave with you new Qs. I seek your answers to?
    These concern virus removal also, and came up while I have been reading so many of these wonderful tips on malware prevention that you have posted!.. again thanks for them!
    OK So after reading, I decided it best to down load and burn to a cd, Kasersky rescue disc and Avira Rescue CD so I would have them in my arsenal for future use with a malware infected/possessed comp that will not boot.

    So I downloaded them. I attempted to burn them to a CD using BurnAware Free. But there are issues, and the program will not make the CDs for some reason?:confused
    First , I don't really know which type of CD to make? I tried with ata; Boot disc; make iso; make iso boot, but no program would finish making a disc :confused

    2)Each time, the programs stop and ask me to 'specify a boot image file in options' :confused... I have no clue what that is :confused

    I don't know what the program is wanting nor do I have any idea where to find the answer for it. :( :confused

    Help!.... and Might I ask you for these answers and instructions on how to go about making these CD please?
    Thank you so much!
  12. flywelder

    flywelder Private E-2

    Chaslang, that MGTOOL program worked! and it only took about 4 mins to start and complete! WOW! and like you said, created the zipped file on my desk top!,,, now that is a nice program , it downloads, opens, runs, and does what it should with no hassles! NICE! Thanks! I should mention that I ran the MG tools in safe mode on this computer, for it is the only way I can use this computer. ...hope that was correct and ok?
    And have I posted everything you need correctly so far? .. let me know yes or no . thanks.
    Also, I have noticed these postings saying, "this person has been thanked _____, times in ____ posts" What is this all about and how does one go about thanking some one other than writing it? as I see no button to click on.
    Attached is the log.

    Attached Files:

    Last edited: Dec 20, 2012
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    What happens when you try to boot normally instead of safe mode?

    Delete these folders:
    • C:\Documents and Settings\All Users\Application Data\Tencent
    • C:\Documents and Settings\All Users\Application Data\Viewpoint
    You can rerun Hitman and have it fix the adware Starware.
  14. flywelder

    flywelder Private E-2

    I have been very afraid to boot into normal mode until I had confirmation from you to attempt to do so. Are you giving that instruction now?

    At the time of writing this I have not deleted the folders you listed for me to do, but I will do so right after posting this and then follow the instructions for running hit man again. and then will update you.
    PS: I m so very glad your here with me guiding me through this! thank YOU!
  15. flywelder

    flywelder Private E-2

    OOPS I forgot to ask you:
    Do I need to boot into normal windows mode in order to remove those folders?:confused

    Also I'm not sure where those folders are so i am going to copy and paste them into 'search'...does this get your approval?

    I'm waiting for your reply.
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Normal mode would be preferable yes. :)

    I already gave you the file path to those folders. ;)
  17. flywelder

    flywelder Private E-2

    Oh Kestrel13..... I can't remember how to find the hitman scan log to post it !?... this is so awful of me! Forgive me! please advise.

    I ran hit man, and had it remove the you said., yet I still have the same issues.

    I have attached screen shots of what I am seeing.

    I am still getting the firewall warnings from comodo about 'Svchost' and


    5) I cannot find and the computer can not find:
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    Nor the other one.
    When i enter these into the search engine, nothing comes back resembling the request?
    Check the attachments
    6) is this svchost safe and trust worthy and I can allow it? What shall i do with eat?
    tell me how and where to find these, please thanks.
  18. flywelder

    flywelder Private E-2

    The attachments did not load the first time . this did now and are attached.

    Also since Malwarebytes is a light weight program, what do you recommend I was download and install to work with or that covers / protects what malwarebytes does not?

    Also, when this is all done, please advise on how to find all the scans and logs and such that has been placed on this computer, thanks
    Thank you very much!

    Attached Files:

  19. flywelder

    flywelder Private E-2

    When I boot up in normal mode it takes 4-5 minutes.
    Every time i go on the web, Comodo firewall warns me of TNT2user.exe and Svchost.exe are trying to connect to another computer and do I want to allow this?
    Shall I continue to block or not?
    Is Svchost a safe program or not? what is Svchost any how?:confused

    Seeing how I can not activate the free full trail version of malwarebytes, Should I uninstall malwarebytes now and reinstall it now? or wait?

    Windows search feature cannot find these below, that you asked me to find and delete. Where do I find ?

    C:\Documents and Settings\All Users\Application Data\Tencent
    C:\Documents and Settings\All Users\Application Data\Viewpoint
  20. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You actually attached that executable! Just delete it please.
    Just leave it alone at the moment please.
    I wanted you to navigate to the folders following the file path but here we go, we will do it an easier way which perhaps I should have done in the first place.

    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.

    • Right-click OTM.exe And select " Run as administrator " to run it.
    • Paste the following code under the [​IMG] area. Do not include the word Code.

    C:\Documents and Settings\All Users\Application Data\Tencent
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.

    Now that you have delete the TNT executable, how are things running?
Thread Status:
Not open for further replies.

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds