Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Google Redirect Virus removal help

  • This topic is locked This topic is locked
3 replies to this topic

#1 aineoin


  • Members
  • 9 posts
  • Local time:02:50 AM

Posted 24 January 2012 - 01:29 AM

I've been hit with the Google redirect virus. Actually, all search engines are affected, not just Google. In both Firefox and IE. I've run AdAware, CCleaner, SpyBot Search and Destroy, Hitman Pro 3.5, TDSSkiller, and Avira Anti Virus programs. Additionally, I've been following the instructions of Boopme from another thread, so I've also used the MiniToolBox, reset the Hosts file, run GooredFix, and aswMBR. I've now run through the steps in the Preparation Guide (though I didn't know how to disable script-blocking programs, and the otherwise very thorough guide lacked instructions on this ... I ran the DDS program anyway but I'll run it again if needed after learning how to turn the script-blocking programs off) and am posting the logs and reports from the various scans.

The log from the aswMBR scan:

aswMBR version Copyright© 2011 AVAST Software
Run date: 2012-01-23 14:39:57
14:39:57.984 OS Version: Windows 6.0.6002 Service Pack 2
14:39:57.984 Number of processors: 2 586 0x6801
14:39:57.984 ComputerName: MCDONALD UserName: Nonie
14:40:04.848 Initialize success
14:40:35.892 AVAST engine defs: 12012301
14:41:02.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
14:41:02.194 Disk 0 Vendor: Hitachi_ SB2O Size: 76319MB BusType: 6
14:41:02.209 Disk 0 MBR read successfully
14:41:02.225 Disk 0 MBR scan
14:41:02.318 Disk 0 unknown MBR code
14:41:02.318 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 68009 MB offset 63
14:41:02.474 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8307 MB offset 139283550
14:41:02.537 Disk 0 scanning sectors +156296385
14:41:02.630 Disk 0 scanning C:\Windows\system32\drivers
14:41:41.459 Service scanning
14:41:44.048 Modules scanning
14:41:56.856 Disk 0 trace - called modules:
14:41:56.887 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys dxgkrnl.sys nvlddmkm.sys
14:41:57.418 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85637918]
14:41:57.433 3 CLASSPNP.SYS[87da78b3] -> nt!IofCallDriver -> [0x84fed020]
14:41:57.449 5 acpi.sys[8060c6bc] -> nt!IofCallDriver -> \Device\00000066[0x84b92468]
14:41:58.556 AVAST engine scan C:\Windows
14:42:04.188 AVAST engine scan C:\Windows\system32
14:49:13.890 File: C:\Windows\system32\dplaysvr.exe **HIDDEN**
14:49:14.124 File: C:\Windows\system32\dplayx.dll **HIDDEN**
14:49:16.792 AVAST engine scan C:\Windows\system32\drivers
14:49:48.272 AVAST engine scan C:\Users\Nonie
14:56:57.319 File: C:\Users\Nonie\AppData\Local\dplaysvr.exe **INFECTED** Win32:Downloader-MLR [Trj]
14:56:57.335 File: C:\Users\Nonie\AppData\Local\dplaysvr.exe **HIDDEN**
14:56:57.522 File: C:\Users\Nonie\AppData\Local\dplayx.dll **INFECTED** Win32:Downloader-MLR [Trj]
14:56:57.553 File: C:\Users\Nonie\AppData\Local\dplayx.dll **HIDDEN**
14:57:00.065 AVAST engine scan C:\ProgramData
15:01:19.493 Scan finished successfully
15:01:30.444 Disk 0 MBR has been saved successfully to "C:\Users\Nonie\Desktop\MBR.dat"
15:01:30.460 The log file has been saved successfully to "C:\Users\Nonie\Desktop\aswMBR.txt"

The log from the DDS scan:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Nonie at 22:07:48 on 2012-01-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.691 [GMT -8:00]
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Vongo\VongoService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [<NO NAME>]
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer =
TCP: Interfaces\{D79F6F39-2A60-4D6C-8CE3-2C1A91BEA4EF} : DhcpNameServer =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: www.bing.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\nonie\appdata\roaming\mozilla\firefox\profiles\xiu03mlm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\apisphere\geomate.jr software kit\xpcom\navitfound\components\NavitFoundXPCOM.dll
FF - component: c:\program files\apisphere\geomate.jr software kit\xpcom\navitloader\components\NavitLoaderXPCOM.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\users\nonie\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
============= SERVICES / DRIVERS ===============
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-23 36000]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-10 74640]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2010-5-3 33792]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-2-1 138112]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2010-7-28 47176]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2010-7-28 58112]
=============== Created Last 30 ================
2012-01-23 20:07:21 -------- d-----w- c:\users\nonie\appdata\roaming\Avira
2012-01-23 19:00:54 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-23 19:00:35 -------- d-----w- c:\programdata\Avira
2012-01-23 19:00:35 -------- d-----w- c:\program files\Avira
2012-01-23 17:41:36 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-01-23 17:41:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-01-23 17:41:03 -------- d-----w- c:\programdata\Hitman Pro
2012-01-23 00:20:13 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-20 17:01:54 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{14b8b413-2bc5-42bb-a742-89a587a09574}\mpengine.dll
2012-01-12 15:10:23 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-12 15:10:23 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-12 15:10:23 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-12 15:10:23 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-11 12:53:22 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 12:53:22 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-11 12:53:21 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 12:53:21 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 12:53:21 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-11 12:53:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-11 05:38:25 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 05:38:25 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 05:38:22 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 05:38:20 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 05:38:18 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 05:38:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 05:38:12 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 05:38:12 1314816 ----a-w- c:\windows\system32\quartz.dll
==================== Find3M ====================
2011-12-15 23:00:35 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 22:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
============= FINISH: 22:12:25.18 ===============


Attached Files

BC AdBot (Login to Remove)


#2 gringo_pr


    Bleepin Gringo

  • Malware Response Team
  • 136,772 posts
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 AM

Posted 26 January 2012 - 07:46 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr


    Bleepin Gringo

  • Malware Response Team
  • 136,772 posts
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 AM

Posted 29 January 2012 - 11:44 PM


48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr


    Bleepin Gringo

  • Malware Response Team
  • 136,772 posts
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:50 AM

Posted 02 February 2012 - 09:22 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users