Only the Best, Homepage change

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Chappo, Jun 25, 2004.

  1. Chappo

    Chappo Private E-2

    I've read most of what other's have written, and sadly my knowledge doesn't extend into some of the areas you have suggested.

    I've run spy sweeper and am using a pop up inspector to try to get rid of the problem. I've now downloaded Hijackthis and tried removing the offending things but the problem remains.
    Any ideas for the amateur???

    P.S. I'm suspicious of the file about 20 lines down... C:\WINDOWS\crba.exe

    Here's my Hijackthis log;

    Logfile of HijackThis v1.97.7
    Scan saved at 12:45:10 a.m., on 26/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\sdkhl32.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\System32\TPWRTRAY.EXE
    C:\WINDOWS\System32\TFNF5.exe
    C:\WINDOWS\crba.exe
    C:\Documents and Settings\Eden\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sfpmf.dll/sp.html#96676
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://sfpmf.dll/index.html#96676
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://sfpmf.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sfpmf.dll/sp.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://sfpmf.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\sfpmf.dll/sp.html#96676
    N1 - Netscape 4: user_pref("browser.startup.homepage", "www.nzherald.co.nz"); (C:\Program Files\Netscape\Users\eden_and_jenny\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {6B315769-33A2-0406-A039-366CA0B26BB1} - C:\WINDOWS\ntsb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\Pop Up Inspector\PopUpInspector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\pcbooster.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKLM\..\RunOnce: [javabp.exe] C:\WINDOWS\system32\javabp.exe
    O4 - HKLM\..\RunOnce: [winqz32.exe] C:\WINDOWS\system32\winqz32.exe
    O4 - HKLM\..\RunOnce: [wintm32.exe] C:\WINDOWS\wintm32.exe
    O4 - HKLM\..\RunOnce: [ntju.exe] C:\WINDOWS\system32\ntju.exe
    O4 - HKLM\..\RunOnce: [iezr.exe] C:\WINDOWS\system32\iezr.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Allow popups from this web page - C:\Program Files\Pop Up Inspector\allowsite.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Stop popups from this web page - C:\Program Files\Pop Up Inspector\denysite.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: PopUp Inspector (HKCU)
    O9 - Extra 'Tools' menuitem: PopUp Inspector (HKCU)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
     
    Chappo, Jun 25, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First steps, download Ad-aware and SpyBot S&D and install and update them but do not run scans yet. You can find them here:

    http://www.majorgeeks.com/download506.html
    http://www.majorgeeks.com/download2471.html

    Now disable system restore: http://www.majorgeeks.com/vb/showthread.php?t=31668
    Now reboot

    Whe you come back up click Start, Run, and enter this in the Open box: services.msc
    Then click OK.
    Now in the Services window that pops up look for Network Security Service. If you find that service you must stop it by right clicking on it then select stop. Now disable it by right clicking on it and selecting Properties. Then in the General tab see the area that says "Startup type: " click on the pull down arrow and change it to Disabled. Also very important, I need you to get the Path to the executable from the Network Services properties window and post that back here.
     
    chaslang, Jun 25, 2004
    #2
  3. Chappo

    Chappo Private E-2

    Thanks for the reply,

    I need to go to bed now. I get the feeling your instructions are going to be similar to some others I've read. I'll try to follow them tomorrow and get in contact again tomorrow night. It's 2:00 here in Japan and the wife wants company and I'd rather it was me.
     
    Chappo, Jun 25, 2004
    #3
  4. Chappo

    Chappo Private E-2

    Network security services path

    C:\WINDOWS\sdkhl32.exe /s
     
    Chappo, Jun 26, 2004
    #4
  5. Chappo

    Chappo Private E-2

    New Logfile

    Logfile of HijackThis v1.97.7
    Scan saved at 6:51:22 p.m., on 26/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\winfq32.exe
    C:\WINDOWS\System32\TPWRTRAY.EXE
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\sdkhl32.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Documents and Settings\Eden\Desktop\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qwgvx.dll/sp.html#96676
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://qwgvx.dll/index.html#96676
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://qwgvx.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qwgvx.dll/sp.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://qwgvx.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qwgvx.dll/sp.html#96676
    N1 - Netscape 4: user_pref("browser.startup.homepage", "www.nzherald.co.nz"); (C:\Program Files\Netscape\Users\eden_and_jenny\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {345995C4-DBF9-600A-289D-A987369B5A49} - C:\WINDOWS\system32\sdkyw32.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [winfq32.exe] C:\WINDOWS\system32\winfq32.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PopUpInspector.exe] "C:\Program Files\Pop Up Inspector\PopUpInspector.exe"
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\pcbooster.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [KDA] C:\Program Files\KaZaA Download Accelerator\KDA.exe
    O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [Detect] C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\Pop Up Inspector\PopUpInspector.exe
    O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKLM\..\RunOnce: [sdkhl32.exe] C:\WINDOWS\sdkhl32.exe
    O4 - HKLM\..\RunOnce: [ntdc32.exe] C:\WINDOWS\system32\ntdc32.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Allow popups from this web page - C:\Program Files\Pop Up Inspector\allowsite.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Stop popups from this web page - C:\Program Files\Pop Up Inspector\denysite.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: PopUp Inspector (HKCU)
    O9 - Extra 'Tools' menuitem: PopUp Inspector (HKCU)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
     
    Chappo, Jun 26, 2004
    #5
  6. Chappo

    Chappo Private E-2

    I followed what you advised svengali to do and it seems to be all fixed!!

    Something no one has mentioned was that under the IE tools menu there was a new option that said something like Reset Explorer or reset settings. This has now disappeared. The process I went thru was;

    Run MSCONFIG and clean boot

    Run Hijack and print

    Use the search function to find the offending files and shift delete (including c:\windows\prefetch)

    hijack and fix R1 and R0 lines

    Open explorer and change the homepage, delete files and cookies

    Run Adaware and Spyware

    Regedit;
    delete HSA, SA, SE and SW (actually I didn't have SA)

    Full Reboot

    Boomshanka it's all good. Thanks to your instructions to SVENGALI

    here is a copy of my new logfile. I'll repost in a few days to let you know if I'm still in the clear. I'd love to know where it came from!

    Logfile of HijackThis v1.97.7
    Scan saved at 7:57:47 p.m., on 26/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Pop Up Inspector\PopUpInspector.exe
    C:\Program Files\PC Booster\pcbooster.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Documents and Settings\Eden\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nzherald.co.nz/
    N1 - Netscape 4: user_pref("browser.startup.homepage", "www.nzherald.co.nz"); (C:\Program Files\Netscape\Users\eden_and_jenny\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\PC Booster\pcbooster.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [PopUpInspector] C:\Program Files\Pop Up Inspector\PopUpInspector.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Allow popups from this web page - C:\Program Files\Pop Up Inspector\allowsite.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Stop popups from this web page - C:\Program Files\Pop Up Inspector\denysite.htm
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O9 - Extra button: PopUp Inspector (HKCU)
    O9 - Extra 'Tools' menuitem: PopUp Inspector (HKCU)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
     
    Chappo, Jun 26, 2004
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Looking good Chappo! Good job!
     
    chaslang, Jun 26, 2004
    #7
  8. Chappo

    Chappo Private E-2

    Shucks!!!

    Cheers very much mate. You saved me a bunch of time and I've recommended your thread with svengali to a few others with the same problem.
     
    Chappo, Jun 26, 2004
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Cool! Maybe within the next week or so the heat on this one will start to die. Perhaps soon there will be a fix built into one of the spyware scanner applications making this an easier task.
     
    chaslang, Jun 26, 2004
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds