Jump to content

Unknown, persistent malware (Laptop 1)


pallino
 Share

Recommended Posts

Hello Kevin,

 

happy new year!!!

Thank you for the update! 

You are the expert and it seems the problems on the old desktop are hw related (even thoug it's strange that all started after Avast found a gen virus and froze..than EMet disappeared but te pc was still working as the HD/moterboard).

I trust you and will refomat the HD and add it to a new MB/desktop.

 

I'm stil concerned since other strange things are happening....

 

Before yesterday I turned on a new laptop (3 months old), just used few times and only for safe staff.

I updated the AV and did some online banking.

After restarting widows I saw that it took forever to start (4/5 minutes, before it was around 45 sec). This happened for 2/3 restarts.

Hitmanpro.alert now tells me that firefox's  files are corrupted, but no AV can find anythig....

I tried to upload some files to virustotal but couldn't....

I attach Emsi and Fbar's log for this laptop.

 

Can you pls have a look at these too?

 

thank you!!!!!!!

a2scan_150102-114855.txt

FRST.txt

Addition.txt

Link to comment
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

AppInit_DLLs-x32: PGPmapih.dll => "PGPmapih.dll" File Not Found
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
S3 GENERICDRV; \??\C:\swsetup\sp69846\amifldrv64.sys [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
C:\Users\andrea\AppData\Local\Temp\dllnt_dump.dll
AlternateDataStreams: C:\Users\andrea\Downloads\7z935.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\aswmbr.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\br14_free_ea_x64(1).exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\EmsisoftEmergencyKit.exe:AGC
AlternateDataStreams: C:\Users\andrea\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\hmpalert_x64.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\MBRMastr.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\NPE.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\RogueKiller.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\RogueKillerX64.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\sp68201.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\tdsskiller.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\vtuploader2.2.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\zh2wtkm9.exe:BDU
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to comment
Share on other sites

Hello Kevin,

 

I can upload files now to virustotal (couldn t some days ago) but Hitmanpro.alert still finds Firefox files corrupted (in sandboxie)....

Since this laptop is on the same network as the old desktop that had the strange (probable) motherboard  failure and the other laptop that had something too, do you want me to scan with AVZ or what do you want me to do?

thank you!

Link to comment
Share on other sites

Download avz4.zip from here

  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: AVZupdate.jpg
  • Click Start to begin the update

    Note: If you receive an error message, chose a different source, then click Start again

  • After the update, from the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Analysis
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm, virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach the Compressed file, virusinfo_syscheck.zip, to your next reply.
Link to comment
Share on other sites

AVZ did not show anything of interest.

Download AdwCleaner and save it on your desktop.

  • Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
  • Double click on adwcleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Confirm each time with OK.
  • You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  • Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
  • If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.
Download Junkware Removal Tool and save it on your desktop.
  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
Link to comment
Share on other sites

Hi Kevin,

 

I attached the 2 new logs and Fbar's too.

I still get the Hitmanpro.alert warning...can this happen without an infection or is this still a bad sign?

Since already on my system I also scanned with roguekiller (hope it helps, sorry if not)....apparently it found something....hopefully it's a false alarm.... :(

thank you!

AdwCleanerS0.txt

JRT.txt

Addition.txt

FRST.txt

RKreport_SCN_01122015_122045.log

Link to comment
Share on other sites

Unfortunately not and I don't know how to find/generate one report....

After seeing the alert page as described before, I can choose to download hitmanpro  but cannot start the scan by pressing the "scan with Hitmanpro button in the alert page....

How do we proceed now?

 

Thank you!

Link to comment
Share on other sites

Read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.

    tdss1.png

  • Click Change parameters

    settings20121003115955.png

  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK

    tdss3.png

  • Click on the Start Scan button to begin the scan and wait for it to finish.

    NOTE: Do not use the computer during the scan!

  • During the scan it will look similar to the image below:

    tdss4.jpg

  • When it finishes, you will either see a report that no threats were found like below:

    tdss5.jpg

    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.

  • If any infection or suspected items are found, you will see a window similar to below:

    tdss7.jpg

    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:

    tdss6.jpg

    Reboot immediately if TDSSKiller states that one is needed.

  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Attach this log to your next reply.
Link to comment
Share on other sites

Hello Kevin,

 

until now, do you think this laptop was infected? Can I use this new laptop for online banking? I bought it three months ago just for this and used it only for safe things.....

Could this have been infected by the other laptop on the same network (uknown persistent malware 3rd system) or by the desktop that had the "supicious dying motherboard"?

What can we do now?

 

thank you

 

 

TDSSKiller.3.0.0.42_13.01.2015_17.21.00_log.txt

Link to comment
Share on other sites

Hello Kevin,

yesterday I tried to start Emsi but I couldn't...I restarted the laptop ad run an updae.

It took 8 minutes (3-4 days old database), then I run a scan.

Now Emsi finds

Value: HKEY_USERS\S-1-5-21-899035793-1407862790-891569072-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-899035793-1407862790-891569072-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

 

AVZ report is also attached....saw a lot of red marked items....
 

What do we do now?

In the lst days I only updated Emsi's and Bitdefender's database, Firefox and Windows...

Is this all normal or still something to be checked?

I'm still waiting to use this laptop again for online banking till all is quite and safe...

thank you

 

 

a2scan_150115-115229.txt

Addition.txt

FRST.txt

virusinfo_syscheck.zip

Link to comment
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKU\S-1-5-21-899035793-1407862790-891569072-1002\...\Run: [Power2GoExpress8] => NA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Reg: reg delete "HKEY_USERS\S-1-5-21-899035793-1407862790-891569072-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-899035793-1407862790-891569072-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f
AlternateDataStreams: C:\Users\andrea\Downloads\JRT(1).exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\RogueKillerX64(1).exe:BDU
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Close all windows then double click on AVZ.exe

  • Click File > Custom scripts
  • Copy & paste the below code in to the text box in the program

    Note: When you run the script, your PC will be restarted

    begin
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
     BC_DeleteFile('.dll');
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.
  • Click Run
  • Restart your PC if it doesn't do it automatically.
Attach a fresh AVZ log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Close all windows then double click on AVZ.exe

  • Click File > Custom scripts
  • Copy & paste the below code in to the text box in the program

    Note: When you run the script, your PC will be restarted

    begin
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
     DeleteService('GDKBBlocker');
     DeleteFile('C:\Windows\system32\drivers\GDKBBlocker64.sys','32');
     DeleteFile('.dll','32');
    ExecuteSysClean;
    RebootWindows(true);
    end.
  • Click Run
  • Restart your PC if it doesn't do it automatically.
Attach a fresh AVZ log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

How did the last AVZ log look like?

I saw a lof of "red" items...is all right now?

 

Did you see sign of infection or something unusual for a system that is 3 months old and was only used few times and only for safe things? 

 

Can I use it now for online banking/payments?

 

thank you!

Link to comment
Share on other sites

Hello Kevin,

 

since this laptop was and will be used for online banking and and safe stuff I also scanned with rogue killer.

 

I atach all reports available as of today...how do tey look like?

 

To be on the even safer side (since I still get the warning from Hitmanpro.aert), can I scan with another tool / do something else?

 

thank you as usual for your time and support!!!

 

Addition.txt

FRST.txt

RKreport_SCN_01212015_104156.log

virusinfo_syscheck.zip

Link to comment
Share on other sites

Close all programs and disconnect any USB or external drives before running the tool.

  • Double-click RogueKiller.exe to run the tool again (Vista or 7 users: Right-click and select Run As Administrator).
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished".
    • Click the Registry Tab and select the following items:
      [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

      [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

      [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

      [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

    • Click the Delete button.
  • Attach the RogueKiller report to your next reply.
    • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex)
    • The highest number of [X], is the most recent Delete
I have no way of knowing what HMP is alerting on, unless there is some way to get a log from it.
Link to comment
Share on other sites

Were these registry entries malware related ?

They are Potentially Unwanted Modifications (PUMs), and all sorts of software can be responsible for making those modifications.

 

I rerun roguekiller and now I have many more lines under rootkit....is this normal?

It is showing system hooks. Which, in this case do not appear to be malicious.

Your logs look fine. This system does not appear to be infected.

Link to comment
Share on other sites

Great news, ...but why do I run roguekiller, delete the 4 registry keys, then rerun roguekiller and find way more entries under rootkits than few minutes before?

I'm in paranoia mode, so have patience with me pls :) , but it looks strange to me..

 

Thank you

 

P.S. today I saw that WOT (web of trst for firefox) is missing in firefox (I thought I had installed it before..was pretty sure I had it before) and reinstalled it ...now Htmanpro alert alerts me also in normal system (not in sandboxie) that firefox files were compromised.....also strange at least....

Link to comment
Share on other sites

bad news...I started doubting about my memory since I thought I installed WOT as soon as I installed firefox and today I couldn't see it anymore...I was right..I had it (FBAR report of 7 januay 2015)..then it disappeared (and I never disinstalled it)........I'm getting crazy now....I like Coppefield/magic  but not on my laptops!

 

What do you say, can we have done it or was it some malware?

thank you!

 

 

FRST_07-01-2015_12-16-04.txt

Addition_12-01-2015_12-08-54.txt

Link to comment
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
C:\Users\andrea\AppData\Local\Temp\dllnt_dump.dll
AlternateDataStreams: C:\Users\andrea\Downloads\7z935.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\aswmbr.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\br14_free_ea_x64(1).exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\EmsisoftEmergencyKit.exe:AGC
AlternateDataStreams: C:\Users\andrea\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\hmpalert_x64.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\MBRMastr.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\NPE.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\RogueKiller.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\RogueKillerX64.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\sp68201.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\tdsskiller.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\vtuploader2.2.exe:BDU
AlternateDataStreams: C:\Users\andrea\Downloads\zh2wtkm9.exe:BDU
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to comment
Share on other sites

Hi Kevin,

 

in my last post I uploaded 2 old Fbar logs to show that I had WOT before and that then it "disappeared".

I run the script and attached the new logs.

I still don't know how WOT dissappeared before (now I reinstalled it)..... :(

How oes it look like now and what can we do?

 

thank you

Addition.txt

FRST.txt

Fixlog.txt

virusinfo_syscheck.zip

Link to comment
Share on other sites

There appears to be an issue with the LSA chain. Let's see if we can repair it.

Download Windows Repair by Tweaking.com to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com

  • Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
  • Now open this folder and double-click Repair_Windows.exe.
  • Click the Repairs tab on the far right.
  • Click the Start button (bottom right)

    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.

  • Click Unselect All
  • Put a checkmark in the following items:
    • Remove Policies Set By Infections
    • Repair Winsock & DNS Cache
    Note: Leave everything else unchecked
  • Put a checkmark in Restart System When Finished
  • Now click the Start button (bottom right)
Link to comment
Share on other sites

Is this normal in a laptop only 3 months old, used few times for safe stuff only?
Is this malware related or related to PGP (all my important files are cryptografied with pgp )? If malware, the probability the malware got on the laptop by surfing the WWW is very low since AV was installed immediately, at max protection settings and no usb device was ever attached (only a new printer)...windows as all programs were always updated.

 

What do you think? What do we do now?  Please let me know your thougts! thank you!

 

I really need to use this laptop for some payments please let me know if you still think this laptop was and is safe or if it's safer to recover the system from backup disks created the day I used the laptop the first time, and to reistall and to update all programs (AVs, PGP, Firefox, HMPalert).

Thank you!!!

Addition.txt

FRST.txt

virusinfo_syscheck.zip

_Windows_Repair_Log.txt

Repair_Winsock_and_DNS_Cache.txt

Link to comment
Share on other sites

I'm not sure if it is malware or related to PGP.

You have policy restrictions present that should not be under normal conditions, and the Winsock/DNS repair did not fix the LSA issue.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-899035793-1407862790-891569072-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
2015-01-27 10:59 - 2015-01-27 10:59 - 04800512 _____ () C:\gzCalibrate.tmp
AlternateDataStreams: C:\Users\andrea\Downloads\adwcleaner_4.108.exe:BDU
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to comment
Share on other sites

Hi Kevin,

 

attached the new reports.

I just checked and the policy restrictions appeared on the 27th scan report, were not there on the 26th....can the window.srepair tool have created them? If not, how did they appear?????

 

What do we do now and what do you think about the security of this laptop?

 

Was it infected?

 

thank you

Addition.txt

FRST.txt

Fixlog.txt

Link to comment
Share on other sites

just another thought...I googled IE policy restrictions and many results were referring to malware/MBR/VBR rootkits...to say the truth, knowing I didn't install nor update anything on the 26 (I think the logs shows this) and  out of the blue I got these restrictions doesn't reassure me, it actually concerns me a lot.

I read about a similar ase where the logs were fine but the system was still infected (some AV tol didn't run)....In my case I can run all I want but it could be tha  really don't have anything or that te maware is smarter than the tools (this is more probale on my other laptop you aked me to restore to novemebr 2014).

I just checked and saw that the policy restrictions appeared on the other laptop too but on the 15th of January.....is this oincidence or a sign of a spread infection?

 

 

I  hope you understand and there is else we can do to check this strange and very suspicious event.

 

thank you

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...