Author Topic: maindwxp (Read 21635 times)

varun · « **on:** March 15, 2008, 12:24:20 AM »

i found maindwxp malware. i think it comes frm orkut...

i saw it in process list in window taskwar... also its present in startup option in msconfig...

i removed it frm processes and also check frm startup....

but nortan antivirus 2007 is not able to detect this. also i tried window defender which is also unable to detect it...

so what can i do to get rid of it;;;;

is it very harmful for system

Deerpark · « **Reply #1 on:** March 15, 2008, 04:55:39 AM »

Start here
Please read this before requesting help.

varun · « **Reply #2 on:** March 16, 2008, 01:37:23 AM »

during installation of sp1a i got setup error msg...

" setup has detected that the srvice pack version of the system installed is newer than the update you are appling to it.

you can only install the update on service pack1."

rest all i have done

here are the log files

[recovering space - attachment deleted by admin]

Broni · « **Reply #3 on:** March 16, 2008, 09:44:05 AM »

What SP1a are you talking about? Why did you try to install it, since you have SP2 installed?

Is Windows firewall ON?

Go to Add\Remove, and uninstall Rediff Toolbar, if present.

Post new HJT log.

macdad- · « **Reply #4 on:** March 16, 2008, 09:50:57 AM »

varun, Norton is not capable of detecting malware, but download a program called Ad-Aware from download.com it IS capable of detecting and deleting malware.

varun · « **Reply #5 on:** March 16, 2008, 09:55:26 AM »

Quote from: Deerpark on March 15, 2008, 04:55:39 AM

Start here
Please read this before requesting help.

under instruction it is given to download sp1a...

i deleted rediff toolbar as per ur instruction

here is the new hjt log

[recovering space - attachment deleted by admin]

patio · « **Reply #6 on:** March 16, 2008, 10:08:16 AM »

Quote from: macdad- on March 16, 2008, 09:50:57 AM

varun, Norton is not capable of detecting malware, but download a program called Ad-Aware from download.com it IS capable of detecting and deleting malware.

macdad:

Quote

If you receive advice from someone other than the approved Malware Removal Specialists, you do so at your own risk. We are not responsible if you take potentially inaccurate/harmful advice from someone who is not a designated helper. Anyone interested in joining the crew must have a good amount of experience and submit references to CBMatt (Chris) in a PM. References will be checked. Others posting advice without approval are subject to have their posts removed immediately as the wrong advice is too risky. We welcome new helpers so if you are interested, follow the above guidelines.

varun · « **Reply #7 on:** March 16, 2008, 10:17:57 AM »

from today i also found a problem in my internet explorer 7.0
i posted this problem as a seprate post in internet browser forum

http://www.computerhope.com/forum/index.php/topic,53306.0.html

plz look at it also....

macdad- · « **Reply #8 on:** March 16, 2008, 10:47:41 AM »

srry patio, i just wuz trying to help, since Ad-Aware is actually a certifictied anti-malware prog and that it helped me deleted all the malware on my comp so i wanted to lend a hand.

patio · « **Reply #9 on:** March 16, 2008, 11:12:57 AM »

I understand...however his infection is identified as a Trojan which AdAware is not designed to deal with....

macdad- · « **Reply #10 on:** March 16, 2008, 11:23:36 AM »

o srry.

Broni · « **Reply #11 on:** March 16, 2008, 12:41:57 PM »

Quote

under instruction it is given to download sp1a...

Oh, that's in case, you don't have any SP installed. You're fine here.

Does your Norton include firewall, or you have Windows firewall on?

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
- R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar

4. Click on "Fix checked" button.

5. Turn off System Restore:

- Windows XP:
   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.
   6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.
- Windows Vista:
   1. Click Start.
   2. Right-click the Computer icon, and then click Properties.
   3. Click on System Protection under the Tasks column on the left side
   4. Click on Continue on the "User Account Control" window that pops up
   5. Under the System Protection tab, find Available Disks
   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
   8. Click OK

6. Restart computer.

7. Turn System Restore on.

8. Post new HijackThis log.

varun · « **Reply #12 on:** March 17, 2008, 03:28:04 AM »

i am also facing problem with my internet explorer 7.0

which i posted in internet browser forum

plz see
http://www.computerhope.com/forum/index.php/topic,53306.0.html

and here is the is the new log

[recovering space - attachment deleted by admin]

Broni · « **Reply #13 on:** March 17, 2008, 09:52:01 AM »

The log is clean.

Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html, and run CCleaner

Let me know afterwards how your computer is doing.

varun · « **Reply #14 on:** March 17, 2008, 11:47:24 AM »

hiii

after analyzing when i click on runcleaner tab i got the msg

"rundll

error in intetcpl.cpl

missing entry:clearmytracksbyprocess"

and also internet explorer give error still not working.....

these are log files for runcleaner and registry

[recovering space - attachment deleted by admin]

Broni · « **Reply #15 on:** March 17, 2008, 11:58:03 AM »

It looks from your logs, that CCleaner actually worked.

As for IE7 problem, open it, go Tools>Internet Options>Advanced tab, and click on Reset button.
Restart computer.

Does Firefox work? Where are you posting from?

varun · « **Reply #16 on:** March 17, 2008, 12:01:37 PM »

yes firefox working .. i am posting frm firefox

varun · « **Reply #17 on:** March 17, 2008, 12:05:19 PM »

i cant do what u say bcoz as i click on the explorer the window showing error come and it hang unless i click dontsend . tools etc icons are not coming....

varun · « **Reply #18 on:** March 17, 2008, 12:18:10 PM »

i do search for maindwxp now and i again find it in the location given below
maindwxp.execommonstartup c:\windows\pass

and also when i run msconfig

it is present in startup it is not tick(right mark) in startup but it is present 2 times.

Broni · « **Reply #19 on:** March 17, 2008, 12:30:10 PM »

Quote

it is present in startup it is not tick(right mark) in startup but it is present 2 times.

If it's not ticked, it doesn't start. Nothing to worry about.

Quote

c:\windows\pass

pass, or pss folder?

Quote

maindwxp.execommonstartup

Please, post exact file name, and location.

Quote

i cant do what u say bcoz as i click on the explorer the window showing error come and it hang unless i click dontsend

Instead of opening IE, go Start>Control Panel>Internet Options>Advanced tab

varun · « **Reply #20 on:** March 17, 2008, 12:38:03 PM »

ya it is pss

and i found maindwxp.execommanstartup C:\windows\pss

exactly same writtern in search window

can i click restore default in advance tab

Broni · « **Reply #21 on:** March 17, 2008, 02:30:50 PM »

No. You click "Reset" button, not "Restore Defaults".

varun · « **Reply #22 on:** March 18, 2008, 02:39:20 AM »

i see only restore default button in advance tab and no restore button in tat tab.....

varun · « **Reply #23 on:** March 18, 2008, 02:40:18 AM »

no reset button

Broni · « **Reply #24 on:** March 18, 2008, 04:56:28 PM »

So, you don't see this:

varun · « **Reply #25 on:** March 19, 2008, 01:34:26 AM »

no

infact in accesability i saw only two option..

first two and both are uncheak

instead advanced setting .... in my tab writtern as restore default

and after tat nothing

i hve windows xp pro

details from winver
version5.1(build 2600.xpsp_sp2gdr.070227-2254:service pack 2)
physical memory abailable to windows 1,038,452kb

Broni · « **Reply #26 on:** March 19, 2008, 02:23:28 PM »

I'm not sure what's going on here....Your HJT log shows, that you have Internet Explorer 7, but from your description, it looks like IE6.
Open IE, go Help, and click on "About Internet Explorer". What does it say about version?

varun · « **Reply #27 on:** March 20, 2008, 02:57:17 AM »

ya it is ie7 and i cant able to open it .
as i click it error window come.

can i reinstall it.

Quote from: varun on March 17, 2008, 12:18:10 PM

i do search for maindwxp now and i again find it in the location given below
maindwxp.execommonstartup c:\windows\pss

and what will i do for maindwxp.

Broni · « **Reply #28 on:** March 20, 2008, 04:57:26 PM »

IE7 should be listed in Add\Remove. When you uninstall it, it'll go back to IE6. See, if IE6 will give you errors as well.

Please, post fresh HJT log.

varun · « **Reply #29 on:** March 21, 2008, 01:59:54 AM »

ie7 is not present in add\remove . i can see firefox in add/remove

this is fresh hjt log

[recovering space - attachment deleted by admin]

evilfantasy · « **Reply #30 on:** March 21, 2008, 02:18:20 AM »

Download Internet Explorer 6

If you are unable to see IE7 in Add or Remove Programs follow these steps:

Click Start
Click Run
Type or copy and paste, into the text box:

%windir%\ie7\spuninst\spuninst.exe
Then Press Enter
Restart your computer.

.
Now try to open internet explorer. If it doesn't work the run the installer for IE6 you just downloaded. If IE6 does work then delete the installer from the desktop.

varun · « **Reply #31 on:** March 21, 2008, 08:55:32 AM »

thanks evilfantasy and broni...

now ie7 problem is solved.

i downloded it again frm microsoft. and it remove previous explorer automatically at the time of downloding.

now the problem left is maindwxp. plz see my hijack log and tell me what to do know.

and also i want to know uptil know what the problem with my system. actually i am
computer science student so want to know details for knowledge.

Broni · « **Reply #32 on:** March 21, 2008, 07:24:36 PM »

Thanks, evil

varun

1. Turn off System Restore:

   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.
   6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.

2. Restart in Safe Mode.

3. Go Start>Run, type in:
regedit
Click OK.
Registry Editor will open.
Click File>Export, and save your registry to safe location.Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
One of the services listed there will be Partizan, and its value: "Group" = "Boot But Extender"
Right click on Partizan entry, and click Delete.

4. Close Registry Editor, and open Windows Explorer.
Navigate to:
C:\windows\pss
and delete maindwxp.exe file

5. Restart in Normal Mode. Turn System Restore on. Create fresh Restore Point.

varun · « **Reply #33 on:** March 26, 2008, 02:42:51 PM »

hi broni

sorry for late reply

i deleted maindwxp from the location but dint see any file named as partizen in location given by you.

i also attached the recent highjack log, i saw again rediff toolbar in the log, but this time it is not present in the add/remove.

is my system safe now,

also plz decribe me actually what was the problem with my system.

in add/remove yahoo toolbar is present can i delete it also. is toolbar harmful for system. why??

varun · « **Reply #34 on:** March 26, 2008, 02:46:59 PM »

here is the log

[recovering space - attachment deleted by admin]

Broni · « **Reply #35 on:** March 26, 2008, 06:39:24 PM »

Open HJT, and checkmark following lines:
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
- R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
Click "Fix checked".
Restart computer, and post new HJT log.

P. S. You were infected with The Orkut Worm (maindwxp.exe). More info: http://www.symantec.com/enterprise/security_response/weblog/2008/02/the_orkut_worm_digging_deeper.html

varun · « **Reply #36 on:** March 29, 2008, 04:54:46 AM »

NEW LOG

[recovering space - attachment deleted by admin]

Broni · « **Reply #37 on:** March 29, 2008, 09:05:42 AM »

Looks good...

HJT log is clean.

1. Turn off System Restore:

- Windows XP:
   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.
   6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.
- Windows Vista:
   1. Click Start.
   2. Right-click the Computer icon, and then click Properties.
   3. Click on System Protection under the Tasks column on the left side
   4. Click on Continue on the "User Account Control" window that pops up
   5. Under the System Protection tab, find Available Disks
   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
   8. Click OK

2. Restart computer.

3. Turn System Restore on. Create new Restore Point.

4. Run CCleaner one more time.

6. Download, and install free ThreatFire: http://www.threatfire.com/, which will give you real-time protection against malwares.
It won't interfere with your antivirus, nor firewall.

7. Let me know, how your computer is doing.

varun · « **Reply #38 on:** March 31, 2008, 10:41:49 AM »

rest is normal but sometimes on system tray i saw mcafee icon..
my antivirus is nortan
previosly it was mcafee

and when i tried to click that icon it disappeared surprisngly

can i delete registry backup files that was save during ccleaner

Broni · « **Reply #39 on:** March 31, 2008, 06:32:40 PM »

Quote

but sometimes on system tray i saw mcafee icon..

Thank you for sharp eye. Apparently, I missed something.

Disable Windows Defender, as it'll interfere with cleaning process:
* Open Windows Defender
* Click Tools
* Click General Settings
* Scroll down to Real Time Protection Options
* Uncheck Turn on Real Time Protection
* After you uncheck this, click on the Save button
* Close Windows Defender

Open HijackThis, and checkmark following lines:
- O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
- O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
Click "Fix checked".

Restart computer, and post new HJT log.

As for CCleaner backup, I'd leave it for a week, or so. If everything works fine, you may delete it.

varun · « **Reply #40 on:** April 02, 2008, 06:07:07 AM »

Quote from: varun on March 31, 2008, 10:41:49 AM

sometimes on system tray i saw mcafee icon..
and when i tried to click that icon it disappeared surprisngly

why this happened.... why this disappeared.....

i post a new log....

now can i on windows defender or remain it off.....

[recovering space - attachment deleted by admin]

varun · « **Reply #41 on:** April 02, 2008, 02:09:09 PM »

also in msconfig under services i can see mcafee framework service which is marked (right). and in c drive under program files this folder mcafee in which frame work services is present....

so can i delete this folder or uncheak service in msconfig......

Broni · « **Reply #42 on:** April 02, 2008, 05:39:55 PM »

You can keep Windows Defender on, no problem.

We'll delete McAfee folder in a moment. We must stop its service, first.
Go Start>Run, type in:
services.msc
Click OK.
Services window will open.
Find McAfee Framework Service in the list, right click on it, click Stop.
Right click again, click Properties, and under Startup type select Disabled from drop-down menu.
Restart computer.
Post new HJT log.

varun · « **Reply #43 on:** April 02, 2008, 10:01:52 PM »

i got the message

cant stop mcaffe framework service

error 5 : accesss is denied

Broni · « **Reply #44 on:** April 02, 2008, 10:10:41 PM »

Restart in Safe Mode, and follow very same procedure.

varun · « **Reply #45 on:** April 06, 2008, 12:07:38 PM »

it shows already stop

Quote from: Broni on April 02, 2008, 05:39:55 PM

services.msc
Click OK.
Services window will open.
Find McAfee Framework Service in the list, right click on it, click Stop.
Right click again, click Properties, and under Startup type select Disabled from drop-down menu.
Restart computer.
Post new HJT log.

when i tried to disabled even in safemode got the same msg
cant stop mcaffe framework service from local network
erro5: access is denied
Restart computer.

[recovering space - attachment deleted by admin]

Broni · « **Reply #46 on:** April 06, 2008, 12:44:44 PM »

Download, and install Unlocker: http://ccollomb.free.fr/unlocker/
It'll install under right click menu.
Navigate to:
C:\Program Files\McAfee\Common Framework folder.
Right click on FrameworkService.exe file, click Unlocker.
Select Delete from drop-down menu. Click Ok.
Most likely, it won't let you delete, but it'll give you an option to delete on reboot.
Select that option. Click OK.
Restart computer.
Disregard any possible errors.
Post new HJT log.

varun · « **Reply #47 on:** April 07, 2008, 01:26:12 PM »

hiiiiiiii broni..
new log

[recovering space - attachment deleted by admin]

Broni · « **Reply #48 on:** April 07, 2008, 03:30:49 PM »

Looks better...
Using Unlocker, now you should be able to get rid of a whole McAfee folder from C:\Program Files
Give me a new log, after restarting computer.

varun · « **Reply #49 on:** April 08, 2008, 07:20:40 AM »

this is new log......

[recovering space - attachment deleted by admin]

Broni · « **Reply #50 on:** April 08, 2008, 04:48:36 PM »

Good.
Open HJT, checkmark this line:
- O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
Click "Fix checked".
Restart computer. Give me new HJT log.

fred333 · « **Reply #51 on:** April 10, 2008, 09:10:37 AM »

Great thread. Thanks for the help.

Broni · « **Reply #52 on:** April 10, 2008, 05:48:47 PM »

Oh, did you feed on it?...LOL

varun · « **Reply #53 on:** April 11, 2008, 07:34:43 AM »

new log but still i see mcaffe framework service in it......

[recovering space - attachment deleted by admin]

Broni · « **Reply #54 on:** April 11, 2008, 05:26:17 PM »

Let's try one more time...
Go Start>Run, type in:
services.msc
Click OK.
Services window will open.
Find McAfee Framework Service in the list, right click on it, click Stop.
Right click again, click Properties, and under Startup type select Disabled from drop-down menu.
Restart computer.

varun · « **Reply #55 on:** April 11, 2008, 11:04:11 PM »

broni, again same error when i tried to disable it...
acutually it is already stop... but when i go through properties and tried to disable..got the same error...
under its discription writtern "shared componenet framework for mcaffe product" status is blank and starttype is automatic.....

Broni · « **Reply #56 on:** April 11, 2008, 11:11:13 PM »

Open HJT.
Click Config... button.
Click Misc Tools button.
Click Delete an NT Service button.
Pop-up windows will open.
Copy this:
McAfee Framework Service
and paste it into pop-up window.
Click OK.
If any trouble with deleting the above service, try Safe Mode.
Let me know.

varun · « **Reply #57 on:** April 12, 2008, 07:23:03 AM »

got msg service McAfee Framework Service is not found in the registry.........

but i can see it in log file..... in msconfig service option it is unchecked.......

Broni · « **Reply #58 on:** April 12, 2008, 10:23:54 AM »

Try very same steps, as in my last post, this time using McAfeeFramework, instead of McAfee Framework Service

varun · « **Reply #59 on:** April 12, 2008, 01:15:12 PM »

got msg " mcaffee framework service is enable/or running . disable it first using hijackthis scan result or services.msc "

Broni · « **Reply #60 on:** April 12, 2008, 03:37:27 PM »

OK, then...
Go Start>Run, type in:
services.msc
Click OK.
Services window will open.
Find McAfee Framework Service in the list, right click on it, click Stop.

Then, go back to HJT, and try deleting NT service again.

varun · « **Reply #61 on:** April 12, 2008, 10:03:06 PM »

it is already stop broni.. on right clicking i can see start tab active not stop tab... its status is stop...

Broni · « **Reply #62 on:** April 13, 2008, 12:07:55 AM »

Go Start>Run, type in:
cmd
Click OK.
Command Prompt window will open.
Type in:
sc delete McAfeeFramework
Hit Enter.
If any error with the above command, do the same from Safe Mode.

varun · « **Reply #63 on:** April 18, 2008, 09:22:56 AM »

hello broni,
first of all sorry for late reply,

i did what u said but still even in cmd request denied is coming....

Broni · « **Reply #64 on:** April 18, 2008, 07:01:32 PM »

Try same thing in Safe Mode.

varun · « **Reply #65 on:** April 29, 2008, 08:32:56 AM »

broni, even in safe mode i got same msg access is denied.... what to do know......

Broni · « **Reply #66 on:** April 29, 2008, 07:25:13 PM »

Download, and install RegSeeker: http://www.snapfiles.com/get/regseeker.html
Search registry for McAfeeFramework
Delete all found instances.

varun · « **Reply #67 on:** April 30, 2008, 04:31:20 AM »

this is new hijack log.....

is it clean know.....

what can i do to make my system my system more fast....

[recovering space - attachment deleted by admin]

Broni · « **Reply #68 on:** April 30, 2008, 06:01:24 PM »

Finally, it's gone...good job

As for your system being faster....
What are your computer specs? Processor speed, amount of RAM, hard drive size/free space?

varun · « **Reply #69 on:** May 01, 2008, 06:26:08 AM »

thanks broni...

following are the details..

core2duo processor 1.40ghz

1gb ram
160 gb harddisk divided in to 1drive of 20 gb and other 4 of 30 gb.. 10 gb for fedora os

two os fedora and xp prof....

10 gb total free space from 5 drive...
following are specification for free space
c 2.92
d 1.60
e .98
f 2.81
g 2.25

xp is in c drive...
os is running on booter grub....

approx 3,4 min system take for startup.....

Broni · « **Reply #70 on:** May 01, 2008, 06:18:09 PM »

Just thinking aloud...
...3GB free on 20GB Windows partition is just on the edge of 15%, Windows needs to operate properly
...Symantec may be another issue (hog)

How long does it take to start in Safe Mode?

varun · « **Reply #71 on:** May 03, 2008, 04:34:52 AM »

now in c drive free space is 4.48gb.... in safe mode booting process take time but when dekstop screen
( wall paper) come then it take only few seconds. while in normal mode even after wallpaper came it will take time in launching systray icons..... ( under msconfig only 7 items are cheak in startup ).... in hibernate mode it is fine....

Broni · « **Reply #72 on:** May 03, 2008, 11:35:41 AM »

Quote

it will take time in launching systray icons

Pay close attention, which icon takes longer time to pop-up.
Do you have a lot of desktop icons?

Computer Hope Forum

News:

Author Topic: maindwxp (Read 21635 times)

varun

Deerpark

varun

Broni

macdad-

varun

patio

varun

macdad-

patio

macdad-

Broni

varun

Broni

varun

Broni

varun

varun

varun

Broni

varun

Broni

varun

varun

Broni

varun

Broni

varun

Broni

varun

evilfantasy

varun

Broni

varun

varun

Broni

varun

Broni

varun

Broni

varun

varun

Broni

varun

Broni

varun

Broni

varun

Broni

varun

Broni

fred333

Broni

varun

Broni

varun

Broni

varun

Broni

varun

Broni

varun

Broni

varun

Broni

varun

Broni

varun

Broni

varun

Broni

varun

Broni