Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So Now I Have Spyware On My Pc.....


  • Please log in to reply
28 replies to this topic

#1 SunnySedella

SunnySedella

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:57 PM

Posted 17 April 2008 - 02:04 PM

Hi, after searching through Google etc on my surviving laptop, I have discovered my desktop has been infected with spyware. It tells me I am infected by Worm.Win32.Netbooster and I have tried a couple of suggestions to remove it. However, they did not work and so I purchased a software called MAX which is supposed to rid machines of everything. Well, I ran the software and found I had over 300 threats, mainly Trojans, to which it quarantined them and I presumed would rid them once the PC was rebooted. However, the spyware still remains! I still have a hijacked Internet Explorer, my screensaver is taken over by a blue screen informing me I am infected with spyware and tells me to download 'their' anti-spyware software. I am a complete novice, so can someone please help?

Edited by SunnySedella, 18 April 2008 - 06:20 AM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:57 PM

Posted 17 April 2008 - 03:28 PM

Hi and welocome SunnySedella.
Please run these tools and is this an XP Pc?

Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post log and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 SunnySedella

SunnySedella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:57 PM

Posted 18 April 2008 - 04:36 AM

Hi and thanks for the advice Boopme. Yes the PC is XP and I have done as you suggested and downloaded both the cleaner and Antispyware. Super is in fact running now on the PC. It is doing a complete scan and so will take a while. I will let you know the outcome, fingers crossed!l

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:57 PM

Posted 18 April 2008 - 07:00 AM

After performing the above scan, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix".
-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"
-- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan.

When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 SunnySedella

SunnySedella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:57 PM

Posted 18 April 2008 - 08:20 AM

Hi, well the scan is finished and it has rid the PC of some of the spyware but unfortunately not all. The home page of internet explorer keeps on getting changed and the blue screen still remains as my desktop. I am still getting fake messages, so presumably spyware still exists on the desktop. I have copied and pasted the results of the scan below.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/18/2008 at 12:33 PM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 02:03:07

Memory items scanned : 170
Memory threats detected : 0
Registry items scanned : 6930
Registry threats detected : 7
File items scanned : 83088
File threats detected : 11

Unclassified.Unknown Origin
HKU\S-1-5-21-3841430265-3850150309-3588342887-1012\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
HKCR\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKCR\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732}
HKCR\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732}\LocalServer32

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger
C:\Documents and Settings\Malthouse Majors\Desktop\Error Cleaner.url
C:\Documents and Settings\Malthouse Majors\Desktop\Privacy Protector.url
C:\Documents and Settings\Malthouse Majors\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Malthouse Majors\Favorites\Error Cleaner.url
C:\Documents and Settings\Malthouse Majors\Favorites\Privacy Protector.url
C:\Documents and Settings\Malthouse Majors\Favorites\Spyware&Malware Protection.url

Trojan.Net-MU/Gen
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1518\A0281266.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1519\A0282504.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1518\A0282382.DLL

Rogue.LocusSoftware-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1520\A0282568.EXE

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:57 PM

Posted 18 April 2008 - 08:27 AM

the blue screen still remains as my desktop. I am still getting fake messages

I knew that would be the case. That's why I asked you to continue with my instructions. There are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different tools to do the job. Even then, with some types of malware infections, the task can be arduous.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 SunnySedella

SunnySedella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:57 PM

Posted 18 April 2008 - 09:13 AM

Hi and thanks for the advice quietman7. Sorry missed your posting earlier, I am a novice with computers and also a novice with forums! I will try what you suggest and post my results. It is all very frustrating!

#8 SunnySedella

SunnySedella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:57 PM

Posted 18 April 2008 - 03:15 PM

Hello again and thanks to you both for your help advice and this time it seems to have rid my PC of all the malware. However, I am still getting one message which comes up every so often. It is not from the anti-spyware I am using and I do not recognise the soource, it tells me it is Abebot and it is in C:\WINDOWS\wml.exe. Should I be worrying about this?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:57 PM

Posted 18 April 2008 - 08:04 PM

Hi did you also run the SDFix application? you still have malware,Abebot.
In the SDFix folder a scan report was saved as Report.txt.
Copy and paste the contents of the results file Report.txt

Thank you

Edited by boopme, 18 April 2008 - 08:04 PM.
Forgot me manners

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:57 PM

Posted 18 April 2008 - 10:09 PM

Backdoor.Abebot

Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. Read the Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the backdoor Trojan has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read "When should I re-format? How should I reinstall?".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 SunnySedella

SunnySedella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:57 PM

Posted 19 April 2008 - 12:17 PM

Here are the results of the SDFix Report.txt...


SDFix: Version 1.172
Run by Malthouse Majors on 18/04/2008 at 19:37

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\Resources\SetupUnknown.dll - Deleted
C:\WINDOWS\Resources\DrvWin.dll - Deleted
C:\WINDOWS\npqtsrak.exe - Deleted
C:\WINDOWS\omlbpkaw.dll - Deleted
C:\WINDOWS\pmsoarbf.dll - Deleted
C:\WINDOWS\rtqmekwg.exe - Deleted
C:\WINDOWS\Web\def.htm - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 19:44:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027203a127]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00027203a127]

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"="C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Documents and Settings\\Malthouse Majors\\Alex stuff\\WinMX\\WinMX\\WinMX.exe"="C:\\Documents and Settings\\Malthouse Majors\\Alex stuff\\WinMX\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Documents and Settings\\Alex\\My Documents\\WinMX\\WinMX\\WinMX.exe"="C:\\Documents and Settings\\Alex\\My Documents\\WinMX\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Documents and Settings\\Alex\\Alex stuff\\WinMX\\WinMX\\WinMX.exe"="C:\\Documents and Settings\\Alex\\Alex stuff\\WinMX\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Documents and Settings\\Alex\\Alex stuff\\WinMX\\WinMX.exe"="C:\\Documents and Settings\\Alex\\Alex stuff\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Bob\\My Documents\\My Music\\Limewire\\LimeWire.exe"="C:\\Documents and Settings\\Bob\\My Documents\\My Music\\Limewire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"G:\\My Music\\iTunes.exe"="G:\\My Music\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TrustedAntivirus\\av2008.exe"="C:\\Program Files\\TrustedAntivirus\\av2008.exe:*:Enabled:Antivirus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 1 May 2005 496,674 A.SH. --- "C:\WINDOWS\Registration\rbanur.tmp"
Wed 18 May 2005 662,212 A.SH. --- "C:\WINDOWS\Registration\rbanur.bak1"
Thu 19 May 2005 622,104 A.SH. --- "C:\WINDOWS\Registration\rbanur.bak2"
Sun 19 Dec 2004 56 ..SHR --- "C:\WINDOWS\SYSTEM32\C088C652EF.sys"
Thu 1 Jul 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 1 Jul 2004 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
Sun 17 Jul 2005 94,208 A..H. --- "C:\Program Files\Messenger Plus! 3\Plugins\ColorNick.dll"
Tue 7 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 27 Nov 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Thu 27 Nov 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT37.tmp"
Thu 8 Jan 2004 0 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!

#12 SunnySedella

SunnySedella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:57 PM

Posted 19 April 2008 - 12:35 PM

Hi again,

I am currently running SuperAntispyware and it is showing threats detected named Trojan.Unclassified/Multi-dropper and Trojan.Unclassified/Multi-dropper (packed). Are these anything to worry about? I don't understand how I get these after running two antispyware. I also have MAX running all the time. Very confusing!

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:57 PM

Posted 19 April 2008 - 03:45 PM

I am currently running SuperAntispyware and it is showing threats detected named Trojan.Unclassified/Multi-dropper and Trojan.Unclassified/Multi-dropper (packed).

Did the scan provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system? If the scan saved a log file, it should show exactly what and where the malware was found so post that instead.

Are you still getting alerts for Abebot in C:\WINDOWS\wml.exe? Have you done a search of your computer for that file? If not, please do so.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 SunnySedella

SunnySedella
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:57 PM

Posted 19 April 2008 - 04:06 PM

Have not seen the alert for Abebot in C:\WIN\wml.exe since I last posted sighting. However, have run anti-spyware several times and still getting rid of threats, but none of them Abebot. Can I specifically search for it?

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,563 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:57 PM

Posted 19 April 2008 - 04:22 PM

You can use Windows Explorer to navigate to or use Windows Search feature > More advanced options to see if the file(s) are still present. To do this, go to Start -> Search and click For Files or Folders... or just press the Windows key + F key on the keyboard.
  • Click All files and folders.
  • Type in the name of the file under "Search by...criteria."
  • Click More advanced options and check these options:
    • "Search system folders"
    • "Search hidden files and folders"
    • "Search subfolders"
  • Then click "Search" to look for the file(s).

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users