Possible WinFixer?? Need help.

Computing.Net > Forums > Security and Virus > Possible WinFixer?? Need help.

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Possible WinFixer?? Need help.

Name: Taryn2715
Date: December 19, 2005 at 08:19:47 Pacific
OS: Windows XP Professional S
CPU/Ram: 512mb

Comment:

Hey there.
Well, it looks as if I have a winfixer problem along with a few others. I've run asquared, ewido, spyware doctor, and none of them seem to be removing the problem. Geeby.dll is what Ewido keeps alerting me of. I've had the winfixer problem on another computer and am famililar with doing the fixes, but I just need to know if this is what I need to do in this case. Anyway, any help would be greatly appreciated.
I've tried ending the process with HJT, but it's just not removing it from my system.
If you need the HJT log, I can post it ASAP.

Sponsored Link

Ads by Google

Response Number 1

Name: XpUser4Real
Date: December 19, 2005 at 08:42:45 Pacific

Reply:

Just try this free
On-line Spyware Scan
first and remove all it finds. That should do the trick for you....it finds stuff the other progs miss and let's you remove it real easy.
Post back if that doesn't do it for you.
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 2

Name: Taryn2715
Date: December 19, 2005 at 09:00:45 Pacific

Reply:

I just ran the scan...It found and few things, I rebooted and Ewido is still alerting me every 10 minutes or so of "C:\WINDOWS\system32\geeby.dll"
? I googled geeby.dll and found this thread on another site...
http://forums.spywareinfo.com/lofiversion/index.php/t62465.html
I'm just not sure if i should do the Vundofix. Should I just follow the instructions in that thread? The problem decribed there sounds exactly like mine.

Response Number 3

Name: jabuck
Date: December 19, 2005 at 09:03:37 Pacific

Reply:

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Response Number 4

Name: Taryn2715
Date: December 19, 2005 at 09:08:33 Pacific

Reply:

I've tried fixing it in HJT, fyi.
Here's my log.
Logfile of HijackThis v1.99.1
Scan saved at 12:07:25 PM, on 12/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
G:\My Documents\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=172.16.100.2:8080;https=172.16.100.2:8080;ftp=172.16.100.2:8080;gopher=172.16.100.2:8080;socks=172.16.100.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\geeby.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: GoogleCatch.clsIESpy - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - C:\Program Files\2search\2search.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Java] C:\DOCUME~1\tsharp\LOCALS~1\Temp\NSCK0.exe
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKLM\..\RunServices: [NSCK0] C:\DOCUME~1\tsharp\LOCALS~1\Temp\NSCK0.exe
O4 - HKLM\..\RunServices: [DDFK2] C:\DOCUME~1\tsharp\LOCALS~1\Temp\DDFK2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://www.bardownload.com/prompt/cabs/movie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AMSAFE.AMSAFE.COM
O17 - HKLM\Software\..\Telephony: DomainName = AMSAFE.AMSAFE.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AMSAFE.AMSAFE.COM
O20 - Winlogon Notify: geeby - C:\WINDOWS\SYSTEM32\geeby.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

Response Number 5

Name: jabuck
Date: December 19, 2005 at 09:37:11 Pacific

Reply:

First download ccleaner to clean out all your temp files. Make sure there is not anything in the recycle bin that you need as ccleaner will delete recycle bin items unless checked not to do so. Run it in safe mode after vundofix runs
Please download http://www.atribune.org/downloads/VundoFix.exe to your desktop.
Double-click VundoFix.exe to extract the files This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning.
It should look like this:
VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....
At this point press enter one time.
Next you will see:
Please Type in the filepath as instructed by the forum staff
and then press enter:
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\System32\geeby.dll

Press Enter to continue with the fix.

Next you will see:
At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\System32\ybeeg.*
Press Enter to continue with the fix. The fix will run then HijackThis will open, if it does not open automatically please open it manually. In HiJackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\geeby.dll
O4 - HKLM\..\Run: [Java] C:\DOCUME~1\tsharp\LOCALS~1\Temp\NSCK0.exe
O4 - HKLM\..\RunServices: [NSCK0] C:\DOCUME~1\tsharp\LOCALS~1\Temp\NSCK0.exe
O4 - HKLM\..\RunServices: [DDFK2] C:\DOCUME~1\tsharp\LOCALS~1\Temp\DDFK2.exe
O20 - Winlogon Notify: geeby - C:\WINDOWS\SYSTEM32\geeby.dll
Run ccleaner and post a new HT log

http 172.16 5139 lnk/act read harddisk information	mobsync.exe hkcr\clsid csc.exe
See More

Response Number 6

Name: Taryn2715
Date: December 19, 2005 at 10:08:58 Pacific

Reply:

Looks much better....no alerts from Ewido so far, and Vundofix seemed to work fine.
New log:
Logfile of HijackThis v1.99.1
Scan saved at 1:04:18 PM, on 12/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido\security suite\securitysuite.exe
Z:\tsharp\My Documents\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=172.16.100.2:8080;https=172.16.100.2:8080;ftp=172.16.100.2:8080;gopher=172.16.100.2:8080;socks=172.16.100.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: GoogleCatch.clsIESpy - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - C:\Program Files\2search\2search.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://www.bardownload.com/prompt/cabs/movie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AMSAFE.AMSAFE.COM
O17 - HKLM\Software\..\Telephony: DomainName = AMSAFE.AMSAFE.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AMSAFE.AMSAFE.COM
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

Anything else I need to do?

Response Number 7

Name: jabuck
Date: December 19, 2005 at 10:23:02 Pacific

Reply:

Go to start>control panel>display>desktop>customize desktop>web>remove everything except"my current home page".
Purge System Restore by shutting it down and restarting it.
To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.
The HT log looks good.

Response Number 8

Name: Taryn2715
Date: December 19, 2005 at 12:14:48 Pacific

Reply:

Thanks so much for all of your help.
One more question...
I've run the scans again, and rebooted a couple times, but it still seems to be running a lot slower than before. Nothing is showing up on any scans I'm doing...
Any suggestions?

Response Number 9

Name: jabuck
Date: December 19, 2005 at 13:24:53 Pacific

Reply:

Probably 2search.
But first do you have a proxy server set up, these indicate it, if not remove them with HT.:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=172.16.100.2:8080;https=172.16.100.2:8080;ftp=172.16.100.2:8080;gopher=172.16.100.2:8080;socks=172.16.100.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
If you are not running SpyCop DO this Run Ht again,close all windows and browsers except HT, place a check to the right of these items and press "fix checked".
O2 - BHO: GoogleCatch.clsIESpy - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - C:\Program Files\2search\2search.dll
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
Go to control panel?add/remove programs and uninstall these if found:
2search
Uninstall 2search
Reboot into safe mode and set up the computer to view hidden files. Go to control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file type" and "hide protected system opoerating files".
Then navigate to and delete this folder:
C:\Program Files\2search
Do you know what these are:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AMSAFE.AMSAFE.COM
O17 - HKLM\Software\..\Telephony: DomainName = AMSAFE.AMSAFE.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AMSAFE.AMSAFE.COM

Response Number 10

Name: jabuck
Date: December 19, 2005 at 13:27:04 Pacific

Reply:

Also, Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into Safe Mode and run Ewido
When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop in case you need it later.
Please reboot into normal mode and post the ewido log.

Response Number 11

Name: GeebyHater
Date: December 24, 2005 at 02:16:50 Pacific

Reply:

Re: WINFIXER - VIRTUMUNDO - VUNDO - GEEBY.DLL
Succesfull Trojan Removal Program
I have spent MANY hours trying to get rid of this devil. Have tried many methods found on web to remove it. Was getting ready to reformat my harddisk and start over when I found a small (94.7KB), privately written program on the McAfee Help forum that did the job in a quick, simple snap:
Removal Tool (VirtumundoBeGone.exe) at: http://forums.mcafeehelp.com/viewtopic.php?t=57049
Read the information - 45 seconds;
Downloaded VirtumundoBeGone.exe - 10 seconds;
Ran VirtumundoBeGone.exe - 2 minutes;
Computer rebooted - 2 minutes;
Read VGB.TXT report on my desktop - 30 seconds;
Deleated all remaining remnants of this freak - 60 seconds.
Now plan to party ALL NIGHT.
It worked, it was simple.
THANK YOU!!!!!
Additional information:
EWIDO <http://www.ewido.net/en> has been good at spoting GEEBY.DLL. EWIDO removed it from 14 locations on my computer plus fixxing a number of other problems that my other more well known, expensive programs did not remove. However, it could not get GEEBY.DLL in window/system32 that was called by winlogon.exe. It recognizes it there, and attempts to remove it, but with no luck. EWIDO is free to try, and free to use permanently except that the real time protection is disabled after two weeks. Still, not a bad manual scanner and remover to have as a backup if you don't want to pay for it.
If this does not work for you, I have posted at the bottom the thread that lead me to this program. Some of the other information in it may be helpfull.
_______________________
For those of you interested, I ran the program twice. The first time it found Virtumundo and removed it. The removal process involved rebooting the computer. The second time it did not find Virtumundo and there was no computer reboot.
Here are the removal reports that Virtumundobegone.exe put on my desktop:
[12/23/2005, 23:12:46] - VirtumundoBeGone v1.5 ( "c:\My Downloads\0-LoadFromHere\VirtumundoBeGone.exe" )
[12/23/2005, 23:13:08] - Detected System Information:
[12/23/2005, 23:13:08] - Windows Version: 5.1.2600, Service Pack 2
[12/23/2005, 23:13:08] - Current Username: XXXXX XXXXXXX (Admin)
[12/23/2005, 23:13:08] - Windows is in NORMAL mode.
[12/23/2005, 23:13:08] - Searching for Browser Helper Objects:
[12/23/2005, 23:13:08] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[12/23/2005, 23:13:08] - BHO 2: {06647158-359E-4D10-A8DE-E6145DA90BE9} (Trend Micro Antifraud Toolbar)
[12/23/2005, 23:13:08] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/23/2005, 23:13:08] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/23/2005, 23:13:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/23/2005, 23:13:08] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/23/2005, 23:13:08] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/23/2005, 23:13:08] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard)
[12/23/2005, 23:13:08] - BHO 6: {7c1ce531-09e9-4fc5-9803-1c2956615786} (IeCaptureBho Object)
[12/23/2005, 23:13:09] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/23/2005, 23:13:09] - BHO 8: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
[12/23/2005, 23:13:09] - BHO 9: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} (MSEvents Object)
[12/23/2005, 23:13:09] - ALERT: Found MSEvents Object!
[12/23/2005, 23:13:09] - Finished Searching Browser Helper Objects
[12/23/2005, 23:13:09] - *** Detected MSEvents Object
[12/23/2005, 23:13:09] - Trying to remove MSEvents Object...
[12/23/2005, 23:13:10] - Terminating Process: IEXPLORE.exe
[12/23/2005, 23:13:10] - Terminating Process: RUNDLL32.exe
[12/23/2005, 23:13:10] - Disabling Automatic Shell Restart
[12/23/2005, 23:13:10] - Terminating Process: EXPLORER.exe
[12/23/2005, 23:13:10] - Suspending the NT Session Manager System Service
[12/23/2005, 23:13:11] - Terminating Windows NT Logon/Logoff Manager
[12/23/2005, 23:13:12] - Re-enabling Automatic Shell Restart
[12/23/2005, 23:13:12] - File to disable: C:\WINDOWS\system32\geeby.dll
[12/23/2005, 23:13:12] - Renaming C:\WINDOWS\system32\geeby.dll -> C:\WINDOWS\system32\geeby.dll.vir
[12/23/2005, 23:13:12] - File successfully renamed!
[12/23/2005, 23:13:12] - Removing HKLM\...\Browser Helper Objects\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[12/23/2005, 23:13:12] - Removing HKCR\CLSID\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[12/23/2005, 23:13:12] - Adding Kill Bit for ActiveX for GUID: {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[12/23/2005, 23:13:12] - Deleting ATLEvents/MSEvents Registry entries
[12/23/2005, 23:13:12] - Removing HKLM\...\Winlogon\Notify\geeby
[12/23/2005, 23:13:12] - Searching for Browser Helper Objects:
[12/23/2005, 23:13:12] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[12/23/2005, 23:13:12] - BHO 2: {06647158-359E-4D10-A8DE-E6145DA90BE9} (Trend Micro Antifraud Toolbar)
[12/23/2005, 23:13:12] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/23/2005, 23:13:12] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/23/2005, 23:13:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/23/2005, 23:13:12] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/23/2005, 23:13:12] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/23/2005, 23:13:12] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard)
[12/23/2005, 23:13:12] - BHO 6: {7c1ce531-09e9-4fc5-9803-1c2956615786} (IeCaptureBho Object)
[12/23/2005, 23:13:13] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/23/2005, 23:13:13] - BHO 8: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
[12/23/2005, 23:13:13] - Finished Searching Browser Helper Objects
[12/23/2005, 23:13:13] - Finishing up...
[12/23/2005, 23:13:13] - A restart is needed.
[12/23/2005, 23:13:25] - Attempting to Restart via STOP error (Blue Screen!)
--------------------------
Here is the second report when Virtumundo had already been removed. (No reboot because it had been cleaned):

[12/23/2005, 23:27:16] - VirtumundoBeGone v1.5 ( "c:\My Downloads\0-LoadFromHere\VirtumundoBeGone.exe" )
[12/23/2005, 23:27:20] - Detected System Information:
[12/23/2005, 23:27:20] - Windows Version: 5.1.2600, Service Pack 2
[12/23/2005, 23:27:20] - Current Username: XXXXXX XXXXXXXX (Admin)
[12/23/2005, 23:27:20] - Windows is in NORMAL mode.
[12/23/2005, 23:27:20] - Searching for Browser Helper Objects:
[12/23/2005, 23:27:20] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[12/23/2005, 23:27:20] - BHO 2: {06647158-359E-4D10-A8DE-E6145DA90BE9} (Trend Micro Antifraud Toolbar)
[12/23/2005, 23:27:20] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/23/2005, 23:27:20] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/23/2005, 23:27:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/23/2005, 23:27:21] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/23/2005, 23:27:21] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/23/2005, 23:27:21] - BHO 5: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard)
[12/23/2005, 23:27:21] - BHO 6: {7c1ce531-09e9-4fc5-9803-1c2956615786} (IeCaptureBho Object)
[12/23/2005, 23:27:21] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/23/2005, 23:27:21] - BHO 8: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
[12/23/2005, 23:27:21] - Finished Searching Browser Helper Objects
[12/23/2005, 23:27:21] - Finishing up...
[12/23/2005, 23:27:21] - Nothing found! Exiting...

--------------------------
Thread that led me to this program:
FROM: http://www.howtofixcomputers.com/bb/sutra731052.html
Hi Barryco - Five approaches to removing Winfixer (Vundo). Not all will
work on all variants. It's suggested that you try them in this order.
1 - Symantec has a new Vundo remover:
http://securityresponse.symantec.com/avcenter/FixVundo.exe
http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.removal.tool.html
http://securityresponse.symantec.com/avcenter/venc/data/adware.virtumonde.html#removalinstructions
2 - McAfee has a combined automated/manual removal procedure here:
http://vil.nai.com/vil/content/v_127690.htm

3 - It's been reported that the Removal Tool here is worthwhile:
http://forums.mcafeehelp.com/viewtopic.php?t=57049

4 - Then, courtesy of MVP Suzi Turner and Mosaic1:
"Atribune, a guy in the forums, has a Vundo fix tool as well:
Instructions for use by user as posted in the SpywareWarrior forum:
'Please download VundoFix.exe to your desktop. Here's a link:
http://www.atribune.org/downloads/VundoFix.exe
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please restart your computer into Safe Mode.
Once in safe mode open the VundoFix folder and double-click on KillVundo.bat
A command window will open and it should look like this:
VundoFix V2.1 by Atri
By pressing enter you agree that you are using this at your own risk
At this point press enter one time.
Next you will see:
Type in the filepath as instructed by the forum staff
Then Press Enter, to continue with the fix.

At this point please type the following file path (make sure to enter it
exactly as below!):
C:\WINDOWS\system32\geeby.dll
Press Enter.
Next you will see:
Please type in the second filepath as instructed by the forum staff
At this point please type the following file path (make sure to enter it
exactly as below!):
C:\WINDOWS\system32\ybeeg.*
Press Enter to continue.
The fix will run then HijackThis will open.
In HijackThis, please place a check next to the following items and click
FIX CHECKED:

O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} -
C:\WINDOWS\system32\geeby.dll
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll
After you have fixed these items, close Hijackthis.
The fix will tell you to shutdown using the Power button. Hold in your power
button until the computer shuts down. Wait about 15 seconds and then restart
the computer into regular windows.
Chkdsk will run. This is normal. It will take a few minutes and is checking
your file system because of the Bad Shutdown we caused.
Go for free online Virus scans here:
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/
Allow them to clean
Panda will have the option to create a log after the scan has finished.
Click
the See Report button. Then click the save Report button. It will be saved
under the name activescan.txt Do that and post that log into your next reply
here.
Run hijackthis and post the new log and the vundofix.txt file from the
vundofix folder into as well.'
------------------
--
The forum helpers have reported this fix from Atribune works. I don't know
about the Symantec tool.
If you'd like to join Spyware Warrior, you could see the thread where the
helpers are discussing this.
Suzi"

Response Number 12

Name: Taryn2715
Date: January 3, 2006 at 05:57:39 Pacific

Reply:

Well I thought my problems were solved, but it looks like 2search came back. The same exact symptoms of the 2search I had last time are showing up, ex. extremely slow internet. I followed the instructions described above to try and remove 2 search again, but it's not showing up on HJT and it is not listed as a hidden program in my program files. I've run several scans with Ewido, Asquared, and Ad-Aware and they have all "successfully" removed the problems, but my computer is still acting the same. Any advice?

Here is my Ewido report:

ewido anti-malware - Scan report

+ Created on: 8:27:55 AM, 1/3/2006
+ Report-Checksum: A5C1DE57
+ Scan result:
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP2\A0000045.dll -> Adware.2Search : Cleaned with backup
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP2\A0000049.exe/main.exe -> Adware.2Search : Cleaned with backup
C:\windows\CSC\d1\800003F0 -> Adware.2Search : Cleaned with backup

::Report End
And here is a new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 8:52:46 AM, on 1/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\My Documents\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=172.16.100.2:8080;https=172.16.100.2:8080;ftp=172.16.100.2:8080;gopher=172.16.100.2:8080;socks=172.16.100.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} - http://www.bardownload.com/prompt/cabs/movie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AMSAFE.AMSAFE.COM
O17 - HKLM\Software\..\Telephony: DomainName = AMSAFE.AMSAFE.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AMSAFE.AMSAFE.COM
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
Any help would be greatly appreciated.
Thanks in advance :)

Sponsored Link

Ads by Google

Sometimes Loose TaskBar

New Ad-aware updates

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Possible WinFixer?? Need help.

Need help asap hacker problem

Summary

www.computing.net/answers/security/need-help-asap-hacker-problem/13511.html

I need help please!

Summary

www.computing.net/answers/security/i-need-help-please/18487.html

hacked by find4u.net, need help

Summary

www.computing.net/answers/security/hacked-by-find4unet-need-help/11676.html

From the Geek Dictionary
Bork - Incapacitating a computer system by installing software or rogue virus that...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
disappearing Spider rummy

Links won't open

cut question

Imaging with easy restore

Thin client question

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE