Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-up search engines


  • This topic is locked This topic is locked
9 replies to this topic

#1 EscalatorKid

EscalatorKid

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:07:57 PM

Posted 28 November 2008 - 03:18 PM

Hi.

I managed to get some sort of Spyware/malware infection last night. I'm not sure what is causing it, either.

Every time I use either Firefox or IE, I get pop-up searches for the following websites: original-search.com and search-deal.com. I think it was preventing me from downloading Adaware or Spybot S&D.

I have no idea where to find what is causing this. I have run Spybot S&D, Adaware 2008, and my Avast Antivirus, but they didn't seem to find anything. Avast did alert me to a Trojan Horse, but that is all.

I would appreciate your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:15 PM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {6eaf894d-d100-4176-a082-723203da28cf} - C:\WINDOWS\system32\wayumabe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [yebegayeyi] Rundll32.exe "C:\WINDOWS\system32\kilatape.dll",s
O4 - HKLM\..\Run: [bc699b21] rundll32.exe "C:\WINDOWS\system32\puwaduvu.dll",b
O4 - HKLM\..\Run: [CPMbf5aa8bd] Rundll32.exe "C:\WINDOWS\system32\zusudupe.dll",a
O4 - HKLM\..\RunOnce: [SpybotDeletingA4182] command /c del "C:\WINDOWS\system32\yosimanu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4156] cmd /c del "C:\WINDOWS\system32\yosimanu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4247] command /c del "C:\WINDOWS\system32\juvoguru.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2483] cmd /c del "C:\WINDOWS\system32\juvoguru.dll_old"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB1993] command /c del "C:\WINDOWS\system32\yosimanu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1993] cmd /c del "C:\WINDOWS\system32\yosimanu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7273] command /c del "C:\WINDOWS\system32\juvoguru.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4138] cmd /c del "C:\WINDOWS\system32\juvoguru.dll_old"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL C:\WINDOWS\system32\jobavito.dll c:\windows\system32\zusudupe.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zusudupe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zusudupe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7471 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 29 November 2008 - 06:39 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall



Post these logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 EscalatorKid

EscalatorKid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:07:57 PM

Posted 30 November 2008 - 11:41 AM

Okay, I ran SDFix overnight, and it did not respond... It didn't give me a prompt other than the beginning where I had to type "Y".

I will try it again, but it didn't do anything the first time.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 30 November 2008 - 01:21 PM

Proceed with ComboFix step please.. If ComboFix failed to run, just rename it to Combo-Fix and then run it again. Post the log here then :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 EscalatorKid

EscalatorKid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:07:57 PM

Posted 30 November 2008 - 06:43 PM

ComboFix 08-11-30.01 - Stephanie 2008-11-30 18:33:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.602 [GMT -5:00]
Running from: c:\documents and settings\Stephanie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\agabekih.ini
c:\windows\system32\akunohiv.ini
c:\windows\system32\elasofah.ini
c:\windows\system32\gikuseju.dll
c:\windows\system32\hafosale.dll
c:\windows\system32\hikebaga.dll
c:\windows\system32\jobavito.dll
c:\windows\system32\kimupabe.dll
c:\windows\system32\labefuji.dll
c:\windows\system32\puwaduvu.dll
c:\windows\system32\tizabedi.dll
c:\windows\system32\ujesukig.ini
c:\windows\system32\uvudawup.ini
c:\windows\system32\vihonuka.dll
c:\windows\system32\wayumabe.dll
c:\windows\system32\yobaruzi.dll
c:\windows\system32\zusudupe.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-29 23:36 . 2008-11-29 23:36 <DIR> d-------- c:\windows\ERUNT
2008-11-29 23:30 . 2008-11-30 00:28 <DIR> d-------- C:\SDFix
2008-11-28 10:57 . 2008-11-28 10:57 <DIR> d-------- c:\program files\Lavasoft
2008-11-28 10:57 . 2008-11-28 10:57 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-28 10:57 . 2008-11-28 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-27 23:53 . 2008-11-27 23:54 151 --a------ c:\windows\wininit.ini
2008-11-27 22:55 . 2008-11-27 22:59 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-27 22:55 . 2008-11-27 23:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-27 22:44 . 2008-11-27 22:44 <DIR> d-------- c:\program files\Trend Micro
2008-11-26 08:16 . 2008-11-26 08:17 <DIR> d-------- c:\temp\google
2008-11-26 08:16 . 2008-11-26 08:16 <DIR> d-------- C:\temp
2008-11-13 19:51 . 2008-11-13 20:16 <DIR> d-------- c:\program files\Soulseek
2008-11-12 01:49 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 01:49 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 17:54 . 2008-11-10 17:54 <DIR> dr-h----- c:\documents and settings\Stephanie\Application Data\SecuROM
2008-11-10 17:42 . 2008-11-10 17:42 0 --a------ c:\windows\ativpsrm.bin
2008-11-10 16:55 . 2008-11-10 16:55 <DIR> d-------- C:\ATI
2008-11-06 21:05 . 2008-11-06 21:05 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-06 20:48 . 2008-11-10 19:03 <DIR> d-------- c:\program files\EA GAMES
2008-11-06 20:48 . 2008-03-12 18:38 445,504 -ra------ c:\windows\system32\vp6vfw.dll
2008-10-24 12:38 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 21:43 . 2008-10-21 21:43 <DIR> d-------- c:\documents and settings\Stephanie\Application Data\StarOffice8
2008-10-21 19:06 . 2008-10-21 19:07 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-10-21 19:06 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-21 19:06 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-21 19:06 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-21 19:06 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-21 19:06 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-21 19:06 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-21 19:06 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-10-21 19:05 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-10-21 19:04 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-10-21 19:04 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-10-21 18:47 . 2008-10-21 18:47 <DIR> d-------- c:\windows\system32\scripting
2008-10-21 18:47 . 2008-10-21 18:47 <DIR> d-------- c:\windows\system32\en
2008-10-21 18:47 . 2008-10-21 18:47 <DIR> d-------- c:\windows\system32\bits
2008-10-21 18:47 . 2008-10-21 18:47 <DIR> d-------- c:\windows\l2schemas
2008-10-21 18:45 . 2008-10-21 18:47 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-21 18:36 . 2004-08-03 21:29 25,471 --------- c:\windows\system32\drivers\watv10nt.sys
2008-10-21 18:36 . 2004-08-03 21:29 22,271 --------- c:\windows\system32\drivers\watv06nt.sys
2008-10-21 18:34 . 2004-08-03 21:29 327,040 --------- c:\windows\system32\drivers\ati2mtaa.sys
2008-10-21 18:20 . 2008-11-15 03:00 <DIR> d--h----- c:\windows\$hf_mig$
2008-10-21 16:19 . 2008-10-21 16:19 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-20 21:15 . 2006-11-08 13:45 240,384 --a------ c:\windows\system32\drivers\rt2500usb.sys
2008-10-20 20:35 . 2008-10-20 20:35 <DIR> d-------- c:\documents and settings\Stephanie\Application Data\Talkback
2008-10-20 20:35 . 2008-10-20 20:35 0 --a------ c:\windows\nsreg.dat
2008-10-20 20:16 . 2003-06-18 16:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-10-20 20:16 . 2008-10-20 20:16 376 --a------ c:\windows\ODBC.INI
2008-10-20 20:15 . 2008-10-20 20:15 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-10-20 20:15 . 2008-10-20 20:15 <DIR> d-------- c:\program files\Common Files\L&H
2008-10-20 20:14 . 2008-10-20 20:15 <DIR> d-------- c:\windows\SHELLNEW
2008-10-20 20:14 . 2008-10-20 20:14 <DIR> d-------- c:\program files\Microsoft Works
2008-10-20 20:13 . 2008-10-20 20:13 <DIR> d-------- c:\program files\Microsoft.NET
2008-10-20 20:12 . 2008-10-20 20:12 <DIR> dr-h----- C:\MSOCache
2008-10-20 20:09 . 2008-10-20 20:09 <DIR> d-------- c:\program files\Sun
2008-10-20 20:09 . 2008-10-20 20:09 <DIR> d-------- c:\program files\Java
2008-10-20 20:09 . 2008-10-20 20:09 <DIR> d-------- c:\program files\Common Files\Java
2008-10-20 20:09 . 2007-12-14 00:59 69,632 --a------ c:\windows\system32\javacpl.cpl
2008-10-20 20:06 . 2008-11-28 04:33 <DIR> d-------- c:\program files\Spyware Doctor
2008-10-20 20:06 . 2008-10-20 20:06 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-20 20:06 . 2008-10-20 20:06 <DIR> d-------- c:\documents and settings\Stephanie\Application Data\PC Tools
2008-10-20 20:06 . 2008-11-30 18:29 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-10-20 20:06 . 2008-11-02 21:37 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-10-20 20:06 . 2008-11-02 21:37 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-10-20 20:06 . 2008-11-02 21:37 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-10-20 20:06 . 2008-06-02 14:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-10-20 20:05 . 2008-10-20 20:05 <DIR> d-------- c:\program files\Real
2008-10-20 20:05 . 2008-10-20 20:05 <DIR> d-------- c:\program files\Picasa2
2008-10-20 20:05 . 2008-10-20 20:05 <DIR> d-------- c:\program files\Common Files\xing shared
2008-10-20 20:05 . 2008-10-20 20:05 <DIR> d-------- c:\program files\Common Files\Real
2008-10-20 20:04 . 2008-10-20 20:05 <DIR> d-------- c:\program files\Google
2008-10-20 20:04 . 2008-11-30 12:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-10-20 20:01 . 2008-10-20 20:01 <DIR> d-------- c:\program files\Alwil Software
2008-10-20 20:01 . 2003-03-18 15:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-10-20 20:01 . 2008-10-20 20:05 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-10-20 20:01 . 2008-10-20 20:05 348,160 --a------ c:\windows\system32\msvcr71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 00:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-21 00:51 --------- d-----w c:\program files\Intel
2008-10-21 00:47 --------- d-----w c:\program files\SigmaTel
2008-10-21 00:47 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-21 00:40 --------- d-----w c:\program files\ATI Technologies
2008-10-21 00:36 --------- d-----w c:\program files\Dell
2008-10-21 00:28 --------- d-----w c:\program files\RGB
2008-10-21 00:27 --------- d-----w c:\program files\GemMaster
2008-10-21 00:27 --------- d-----w c:\program files\ESPNMotion
2008-10-21 00:27 --------- d-----w c:\program files\EnglishOtto
2008-10-21 00:27 --------- d-----w c:\program files\DIGStream
2008-10-21 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\DIGStream
2008-10-21 00:19 --------- d-----w c:\program files\microsoft frontpage
2008-10-21 00:15 --------- d-----w c:\program files\Windows Plus
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-20 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-06 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-20 29744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-20 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-20 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-20 20560]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-20 29744]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6eaf894d-d100-4176-a082-723203da28cf} - c:\windows\system32\wayumabe.dll
HKLM-Run-yebegayeyi - c:\windows\system32\kilatape.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\jnosu93z.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 18:36:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-11-30 18:40:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-30 23:40:48

Pre-Run: 221,152,063,488 bytes free
Post-Run: 221,385,588,736 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

212 --- E O F --- 2008-11-15 08:01:37

.
..
...
....
...
..
.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:02 PM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6146 bytes

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 30 November 2008 - 09:24 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Then tell me, how is your computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 EscalatorKid

EscalatorKid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:07:57 PM

Posted 30 November 2008 - 10:08 PM

Malwarebytes' Anti-Malware 1.30
Database version: 1439
Windows 5.1.2600 Service Pack 3

11/30/2008 10:06:17 PM
mbam-log-2008-11-30 (22-06-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 104537
Time elapsed: 31 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\jobavito.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kimupabe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\labefuji.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tizabedi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wayumabe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yobaruzi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zusudupe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{69591EE7-5D44-4480-8C93-2FC6E0E3C14C}\RP71\A0010595.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{69591EE7-5D44-4480-8C93-2FC6E0E3C14C}\RP71\A0010596.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{69591EE7-5D44-4480-8C93-2FC6E0E3C14C}\RP71\A0010597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{69591EE7-5D44-4480-8C93-2FC6E0E3C14C}\RP71\A0010599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{69591EE7-5D44-4480-8C93-2FC6E0E3C14C}\RP71\A0010603.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{69591EE7-5D44-4480-8C93-2FC6E0E3C14C}\RP71\A0010604.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{69591EE7-5D44-4480-8C93-2FC6E0E3C14C}\RP71\A0010605.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


---

The computer runs great now! No more of those pop-ups and annoying search engines.

Thank you so much!

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 30 November 2008 - 10:24 PM

Great!!


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between combofix and /u is needed

    Posted Image


Lastly, to keep your operating system up to date please visit the link below monthlyPlease read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 EscalatorKid

EscalatorKid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:07:57 PM

Posted 01 December 2008 - 08:52 PM

The computer is behaving normally. It runs quickly, there is no lagging, there are no pop-ups. There are no Warning/Error messages. It is as it was when I reset the system a month ago.

Thank you very much!
EscalatorKid

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 01 December 2008 - 10:46 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users