Trojan's !

Discussion in 'Malware Help (A Specialist Will Reply)' started by Mike Maddeford, Mar 22, 2009.

  1. Mike Maddeford

    Mike Maddeford Private E-2

    Well what can I say. I have been lucky in the past as far as not getting infected. But a few days ago my lucky streek came t an end.

    I followed the guide. I think I did it right. I would seem that the viruses are reinstalling themselves.

    I just installed the AVG 8.5 and I couldn't get it truned off to do the combobox scan. The Resident Shield is warning of someting ever few seconds ! LOL

    Here are the logs.
     

    Attached Files:

    Mike Maddeford, Mar 22, 2009
    #1
  2. Mike Maddeford

    Mike Maddeford Private E-2

    And the fourth log file:


    Thanks for the help!

    Mike Maddeford
     

    Attached Files:

    Mike Maddeford, Mar 22, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are almost a year out of date with your version of MGtools. You must always download current versions. We will start a fix but you will need to update at the end of these instructions where I ask you to do so. Also note that your copy of AVG8.5 is broken. DO NOT reinstall yet.


    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall the below old versions of software:
    Java(TM) 6 Update 3

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - d:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - d:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
    O23 - Service: AxInst Service (AxIntSvc) - Unknown owner - C:\WINDOWS\System32\Dism\smss.exe
    O23 - Service: DCOM Server Process Launchers (DcomLaunchs) - Unknown owner - C:\WINDOWS\ravcopy.exe (file missing)
    O23 - Service: dsfg45fj pressure experimentation (dsfg45fj) - icepoint - C:\WINDOWS\hf34h.exe
    O23 - Service: jwam - Unknown owner - C:\WINDOWS\system32\jwam.exe (file missing)
    O23 - Service: KingDuBa Driver (KingDuuBa) - Unknown owner - C:\WINDOWS\system32\DuBa.exe
    O23 - Service: Klerter - Unknown owner - C:\WINDOWS\system32\thTdg\I001.exe
    O23 - Service: Remote Storm Service - Unknown owner - C:\WINDOWS\system32\thTdg\J002.exe (file missing)
    O23 - Service: Traffic Control (TrafficCtrl) - Unknown owner - C:\WINDOWS\System32\Traffic\smss.exe (file missing)
    O23 - Service: win - Unknown owner - C:\WINDOWS\system32\****.exe (file missing)
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Now run Ccleaner to remove temp files!

    Now goto this link Using MGtools and download the new version of MGtools.exe from the black bold print link in the first sentence. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

    Now attach the below log:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 26, 2009
    #3
  4. Mike Maddeford

    Mike Maddeford Private E-2

    Well I have a new problem. The pc seemed to be running not bad. I was doing some work for an hour or so. When I finished up I ran the AVG. It found 238 viruses and or trojans. So it got rid of them but the next day when I booted back up I noticed it was very slow booting and none of the usual things where loading includeing AVG. BTW This is without doing any of your instructions. The task manager won't open, there are no restore points, it won't connect to the internet........and so on. I think I may be better off reinstalling windows at this point. But I am willing to listen to your opinion on the topic. I have the main drive partitioned c and d and one other F drive with data backed up. Is it safe to format c and keep d and f ???

    Thanks Again

    Mike
     
    Mike Maddeford, Mar 27, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes but my instructions are the only thing you should be doing. ;) Did you notice how many things there were to fix? Even AVG was broken as I stated. It's up to you what you want to do. You can try running my fix and attaching new logs (I sure more will be found since the infection may have spread already) or you can format and reinstalled.
     
    chaslang, Mar 30, 2009
    #5
  6. Mike Maddeford

    Mike Maddeford Private E-2

    OK I followed your instructions. Things are going slow due to too much work and not enough time, plus I have to use some one elses pc and internet to post!

    Here are the logs. Thanks for your help so far.


    Mike
     

    Attached Files:

    Mike Maddeford, Apr 8, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You waited to long to run the fix. Your version of ComboFix was therefore many days out of date. This caused it to run in Reduced Functionality Mode which is not as effective. We will use both Avenger and ComboFix this time to see if we can help work around this. But it would be best if you download the current version of ComboFix when you start this next fix. Since you will need to download Avenger too, it just one more file to download.

    Also as I expected, your infection spread tremendously creating many more malware files.

    I will give you another fix, try to run it as soon as possible. Also, from now on, do not power down or reboot your PC after attaching logs. The infection is spreading/changing at reboots. And if you power down or reboot, that would make my next fix incorrect because your PC would no longer have the same problems as what my fix would be based upon.


    SHUTDOWN AVG before trying to do the below!!! If you cannot shut it down, uninstall it as it is of no use to you anyway since your PC is the worse infected PC that I have seen in years.


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O23 - Service: 37LH08U - ??????? - C:\WINDOWS\KGXESJCX5.exe
    O23 - Service: 89R6H2CE8 - ??????? - C:\WINDOWS\SJB8L0RGXDU.exe
    O23 - Service: 9W10H2AIRCGR - ??????? - C:\WINDOWS\RHIUEH.exe
    O23 - Service: AxInst Service (AxIntSvc) - Unknown owner - C:\WINDOWS\System32\Dism\smss.exe (file missing)
    O23 - Service: CLHZ7GUD2BW - ??????? - C:\WINDOWS\TQDE7.exe
    O23 - Service: DCOM Server Process Launchers (DcomLaunchs) - Unknown owner - C:\WINDOWS\ravcopy.exe (file missing)
    O23 - Service: dsfg45fj pressure experimentation (dsfg45fj) - Unknown owner - C:\WINDOWS\hf34h.exe (file missing)
    O23 - Service: HUO4DD - ??????? - C:\WINDOWS\77JQZPYN.exe
    O23 - Service: jqka - Unknown owner - C:\WINDOWS\system32\jqka.exe (file missing)
    O23 - Service: jtoq - Unknown owner - C:\WINDOWS\system32\jtoq.exe (file missing)
    O23 - Service: jwam - Unknown owner - C:\WINDOWS\system32\jwam.exe (file missing)
    O23 - Service: jwoq - Beijing Rising Information Technology Co., Ltd. - C:\WINDOWS\system32\jwoq.exe
    O23 - Service: jwqg - Unknown owner - C:\WINDOWS\system32\jwqg.exe
    O23 - Service: KingDuBa Driver (KingDuuBa) - Unknown owner - C:\WINDOWS\system32\DuBa.exe (file missing)
    O23 - Service: Klerter - Unknown owner - C:\WINDOWS\system32\thTdg\I001.exe (file missing)
    O23 - Service: KV3BC - ??????? - C:\WINDOWS\8M7XCV7.exe
    O23 - Service: L9IJ2Z80P5 - ??????? - C:\WINDOWS\9H8DH0K4UYNZ.exe
    O23 - Service: mian sha a (miansha) - Unknown owner - C:\WINDOWS\system32\ZhyFD\I001.exe
    O23 - Service: Q8K2OTUQO6 - ??????? - C:\WINDOWS\HY943WQ0Q624.exe
    O23 - Service: QKDP797ZG2X - ??????? - C:\WINDOWS\Z38RP.exe
    O23 - Service: Remote Storm Service - Unknown owner - C:\WINDOWS\system32\thTdg\J002.exe (file missing)
    O23 - Service: srivec - Unknown owner - C:\WINDOWS\system32\srivec.exe (file missing)
    O23 - Service: sruae - Unknown owner - C:\WINDOWS\system32\sruae.exe
    O23 - Service: srume - Unknown owner - C:\WINDOWS\system32\srume.exe (file missing)
    O23 - Service: Traffic Control (TrafficCtrl) - Unknown owner - C:\WINDOWS\System32\Traffic\smss.exe (file missing)
    O23 - Service: VFBU9C8MJ6 - ??????? - C:\WINDOWS\CW3QOFMXH6SO.exe
    O23 - Service: VL59BFG1 - ??????? - C:\WINDOWS\D1O8ODRSFA.exe
    O23 - Service: win - Unknown owner - C:\WINDOWS\system32\****.exe (file missing)

    After clicking Fix, exit HJT.



    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    After reboot, you now need to perform the below fix with ComboFix. We are doing this for redundancy and to pickup anything new they may have arrived.



    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner to clean out only temp files and nothing else!

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )



    Then attach the below logs:
    • C:\avenger.txt
    • C:\combofix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
    REMEMBER!! Do not power down or reboot your PC now. Wait for the next fix.
     
    chaslang, Apr 12, 2009
    #7
  8. Mike Maddeford

    Mike Maddeford Private E-2

    Wow ! The worst huh. That's what I like hear. :(

    OK so no reboots. BTW This pc hasn't been on the internet for some time now.

    I would have reloaded XP but I just found out that the XP disc that the retailer "installed" on the machine when it was new is only an upgrade! So I would have to hunt up an old copy of windows 2000 or something I guess. Or get a new Full copy of XP.

    I have not been using the infected machine at all. It was on before for a couple of hours because I had to finish the books. It's tax time here in Canada.

    Well I hope this all goes well.

    Thanks again.

    Mike
     
    Mike Maddeford, Apr 12, 2009
    #8
  9. Mike Maddeford

    Mike Maddeford Private E-2

    OK I screwed up the order in which I was suposed to do the scans. I mistakenly clicked on MGtools first. But I started over and ran everything in order as per your instructions. I hope this doesn't make things worse on your end.

    BTW I can't un-install AVG. And the Task Manager will not stay open. It just opens and closes right away.

    Here are the logs

    Hope this works out.

    Mike
     

    Attached Files:

    Mike Maddeford, Apr 13, 2009
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Hopefully you have not rebooted or powered down!

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O23 - Service: 33AY7LH4C - ??????? - C:\WINDOWS\KA0SM3PKU77.exe
    O23 - Service: 7NS3J - ??????? - C:\WINDOWS\VJRI42V.exe
    O23 - Service: MC1Q5VYJT5 - ??????? - C:\WINDOWS\SNKKA.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Q78NM0 - ??????? - C:\WINDOWS\GS79NNP7.exe
    O23 - Service: QSBC5WM3N3 - ??????? - C:\WINDOWS\MBY6A7DNUNLH.exe
    O23 - Service: Remote Storm Service - Unknown owner - C:\WINDOWS\system32\thTdg\J002.exe (file missing)
    O23 - Service: SBE9U2UAFV5Q - ??????? - C:\WINDOWS\Q554MJ.exe
    O23 - Service: UQEL4C8HOH8 - ??????? - C:\WINDOWS\D5Y7E2.exe
    O23 - Service: VGV9H - ??????? - C:\WINDOWS\R6ROI8Q.exe
    O23 - Service: ZFSR9NL4AG - ??????? - C:\WINDOWS\V5NMCXT1PCBN.exe

    After clicking Fix, exit HJT.

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner to clean out only temp files and nothing else!

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

    Now attach the below log:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 13, 2009
    #10
  11. Mike Maddeford

    Mike Maddeford Private E-2

    Well the instructions are getting shorter! I hope that's a sign :) I didn't reboot or power down. I will get to this tonight and post back in the morning. Still no internet connection :(

    Mike
     
    Mike Maddeford, Apr 14, 2009
    #11
  12. Mike Maddeford

    Mike Maddeford Private E-2

    OK here we go. The task manager works now. Here are the logs. I left it powered up too.

    Thanks

    Mike
     

    Attached Files:

    Mike Maddeford, Apr 15, 2009
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay the fix is even shorter this time. I also just noticed that the Remote Storm Service driver is not getting fixed. This is due to the malware being sneaky and embedding two spaces after the word Storm. vBulletin (used by the forum) is stupid and eliminates extra spaces thus screwing up the fix. Hopefully the below will work since I will use a code box instead of a quote box. Make sure when you copy and paste into the CFScript.txt file that there are two space after the word Storm.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -

    After clicking Fix, exit HJT.



    Now we need to use ComboFix again.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • Open Notepad and copy/paste the text in the below quote box into it:
    Code:
    KILLALL::
 
Driver::
Remote Storm  Service
ZFSR9NL4AG
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 19, 2009
    #13
  14. Mike Maddeford

    Mike Maddeford Private E-2

    Well so far so good. One thing I should tell you is that I rebooted the other day. After 24 hours of running (idleling) I turned on the monitor and seen the blue screen! First time ever with that old system. I hope this didn't screw things up.

    Be back with the logs.

    Mike
     
    Mike Maddeford, Apr 19, 2009
    #14
  15. Mike Maddeford

    Mike Maddeford Private E-2

    OK here are the log files!

    I tried to get my Internet connection working. Called IP provider and they walked me through it. In the end they said I need to reinstall XP ! I wonder if I can run the XP fix?

    Mike
     

    Attached Files:

    Mike Maddeford, Apr 20, 2009
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay we got rid of the last visible signs of malware.

    What exactly did they have you try?

    • Do you get an IP address from your router or modem?
    • Do you have your Internet Protocol (TCP/IP) Properties set to Obtain an IP address automatically?
    • Do you also have Obtain DNS server address automatically?
    • Does your connection work in safe boot mode?
    • Which browser are you using?
    SUPERAntiSpyware as a Repair option (see Preferences, Repairs) to Repair broken Network Connection (Winsock LSP Chain) have you tried it.
     
    chaslang, Apr 23, 2009
    #16
  17. Mike Maddeford

    Mike Maddeford Private E-2

    Well if your anything like me, I hate to get beat by these things. IP provider ask me to do a system reset, some sort of mem dump. It still didn't want to work. In the mean time I found out that Outlook wouldn't run. Along with a lot of other apps. My problem with reloading XP was that I didn't get the "full install" disk when I got my pc. Just an XP upgrade disk. So now I have installed XP from a "hot" full install disk.

    BTW the pc did run fine for a while right up untill I plugged in a thumb drive to install AVG. Is it possible that a virus was on that drive? and excapped back into my system.

    Mike
     
    Mike Maddeford, Apr 28, 2009
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you sayng you have now reinstalled this PC?

    Yes there are many infections that use removable devices to spread their infections. That is one reason I have posted the below:

    Disabling AutoRuns
     
    chaslang, May 2, 2009
    #18
  19. Mike Maddeford

    Mike Maddeford Private E-2

    Ya I finally gave up and did the reinstall. That wasn't easy either. My problem was that many components of windows had been corupted I think. Now I still see the odd thing that looks suspicious although I am running the AVG and XP firewall.

    I have to change my credit card information with paypal before I can square up with you.

    Thanks again.

    Mike
     
    Mike Maddeford, May 13, 2009
    #19
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, May 15, 2009
    #20

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds