Skip to content
Which type of operating system are you running?



News

Mar 08 - FreeFixer 0.54 released.

Feb 08 - FreeFixer 0.53 released.

Jan 25 - FreeFixer 0.52 released.

Jan 11 - FreeFixer 0.51 released.

Dec 10 - FreeFixer 0.50 released.

Nov 11 - FreeFixer 0.49 released.

Oct 23 - FreeFixer 0.48 released.

Sep 28 - FreeFixer 0.47 released.

Sep 16 - FreeFixer 0.46 released.

Sep 09 - FreeFixer 0.45 released.

Aug 18 - FreeFixer 0.44 released.

Jul 15 - FreeFixer 0.43 released.

Jul 13 - FreeFixer 0.42 released.

Jun 29 - FreeFixer 0.41 released.

Twitter icon Follow me?

10 Mar FreeFixer v0.54 up and running.

10 Mar Microsoft plugs dangerous Excel security holes http://bit.ly/9gFw2F

09 Mar Don't Play Poker on an Infected Table - Part Three http://bit.ly/bYmTsP

09 Mar New Microsoft IE zero-day flaw under attack http://bit.ly/aSavzR

09 Mar Amazon Is Building a Better Browser for Kindle http://bit.ly/b6ws6T

09 Mar Vodafone HTC Magic shipped with Conficker, Mariposa malware http://bit.ly/cSy8IV

09 Mar There are currently a problems while clicking some of the "more info" links in the FreeFixer application. Looking into this right now.

09 Mar Meet the Winners of Webmonkey's Google I/O Giveaway http://bit.ly/a0fGv3

08 Mar Researchers build 8,000-strong smartphone botnet http://bit.ly/dn09OL

08 Mar Download Mosaic and Browse 1993's Web http://bit.ly/awxEVO

08 Mar Fetch as Googlebot Mobile and Claim your Sidewiki comment - added to Webmaster Tools Labs! http://bit.ly/aTPAN5

08 Mar Getting FreeFixer v0.54 ready for release.

08 Mar Energizer battery charger contains backdoor http://bit.ly/9Bm3mt

07 Mar Had to add the undocumented <var name="Setup64Bit" value="1"/> setting to the Ghost Installer script to get 64-bit mode.

05 Mar Police arrest Mariposa botnet masters, 12M+ hosts compromised http://bit.ly/94VpKE

Which upcoming feature do you think has the highest priority?







FreeFixer

FreeFixer is a general purpose removal tool which will help you to delete potentially unwanted software, such as adware, spyware, trojans, viruses and worms. FreeFixer works by scanning a large number of locations where unwanted software has a known record of appearing or leaving traces. The scan locations include the programs that run on your computer, the programs that starts when you reboot your computer, your browser's plug-ins, your home page setting, etc.

FreeFixer does not know what is unwanted, so it presents the scan result and it's up to you decide if some file should be removed and if some settings should restored to their default value. Please be careful! If you delete a legitimate file you may damage your computer. To assist you when determining if anything should be removed you can find more information at FreeFixer's web site for each item in the scan result. You can for example see what other users chose to do in the same situation. You can also save log file of your scan result and consult the volunteers in one of the FreeFixer helper forums.

For more detailed information about FreeFixer, please see the User's Manual.

Download

Download FreeFixer here. FreeFixer is freeware and Windows 2000/XP/2003/20008/Vista/7 RC1 compatible. 64-bit Windows is not supported yet.

Screenshots

A screenshot from FreeFixer's startup screen. FreeFixer startup screenshot.

A screenshot of FreeFixer's scan result. Screenshot showing some of FreeFixer's scan result. Files listed with green background are on FreeFixer's list of trusted files. The files with white/gray background are unknown to FreeFixer, so it cannot say anything about them. (In this case, they are all legitimate files).

A screenshot of FreeFixer's Native Deleter. When FreeFixer is unable to delete files in normal Windows mode they are registered for delayed removal with FreeFixer's Native Deleter, which removes the files upon the next reboot. The actual delete operation is done before the logon screen appear. The majority of malware can be deleted at this point.

Latest blog posts

23 October 2009

Malware Detection - The Simplest Thing That Could Possibly Work

I'm sure most of you already know how the FreeFixer application works: It scans many locations on your Windows machine, such as the browser plugins, processes and services that are installed on your system. In its current state, FreeFixer does not have much knowledge whether a file is good or bad: It greenlists files from trusted software vendors and hides critical system files completely from the scan result. The remaining files appears in the scan result, neither listed as good, nor as bad. It's the responsibility of the user to figure out, with the help of the other FreeFixer users and the FreeFixer file library, if a file should be considered safe or if it should be removed.

Screenshot of FreeFixer's scan result where the koobface file ld14.exe goes undetected.

This is how FreeFixer is designed to work, but admittedly, it's not easy for an inexperienced user to figure out which of the files in the scan result, if any, that should be selected for removal.

Many FreeFixer users have contacted me and suggested that FreeFixer should also detect and display malware files in red like most of the other anti-spyware and anti-virus tools do. And the suggestion makes perfect sense: It would be great to combine malware detection with the manual inspection and removal features. It would attract both beginners and experienced users.

However, I've always said no to this feature request, since it already requires lots of work to add new scan locations, supporting even more platforms than those supported today and working on the FreeFixer.com web site. Adding an additional task of analyzing lots of malware and creating malware definitions would probably result in crappy FreeFixer program with a crappy malware detection list.

Do you want to create malware definitions for FreeFixer?

I'm currently experimenting with a new set of features that allows anyone to create malware definitions for FreeFixer. I've started out with the simplest thing that could possibly work: Detection based on file locations. You simply define which files are malware by specifying the file locations in an .xml file. For example, the existence of ld14.exe in the Windows directory indicates that your machine is infected with the Koobface worm.

I'll link to your definition file from FreeFixer.com. FreeFixer users downloads your .xml file. Now the malware files get flagged in their scan results. The detection name that you gave the file appears and if users click on it they will be linked to your web site where you can explain more about the threat. You get credit for your work.

I've created a tiny example how to build the malware-definitions. I think you'll understand the concept by looking directly into the .xml file:

http://www.freefixer.com/static/freefixer-demo-defs.xml

Put this file in c:\Program Files\FreeFixer\definitions\ and FreeFixer will detect some variants of the Koobface worm. The Koobface files will appear in red in the scan result.

Screenshot of FreeFixer's scan result where the koobface file ld14.exe is detected.

If there's interest in building malware definitions for FreeFixer I'll keep on adding detection features. Some of the features that would be nice is SHA256 and MD5 detection, detection based on various parts of a file, detection of registry keys, values and data, memory scanning, signed xml-files, automatic updates, etc. You name it.

Anyone interested?

Permalink | Comments

26 June 2009

Summer of Drive-By Downloads

The summer has finally arrived here in Sweden. Now is the time to go swimming, bouldering and do all the other things that requires great weather.

As you may know, I've been documenting lots of drive-by downloads and intend to continue doing so during the summer. To make this as smooth as possible I've set up this blog post which I'll update when I find some new malware that use security holes to install.

--

As usual, I'm scanning the infected system with FreeFixer to find out what's been installed on the system. I'm also using FreeFixer to remove the unwanted files.

10 July

Today the rogue System Security application installed. Nothing new under the sun except this driver that can along:

c:\windows\system32\drivers\amd64si.sys

8 July

c:\windows\system32\drivers\netsik.sys
c:\windows\system32\msrr32.dll
c:\win32upd.exe

6 July

c:\windows\system32\appwinproc.dll
HOSTS file redirecting antispy.microsoft.com to 209.44.111.62
HOSTS file redirecting antiaware-pro.com 209.44.111.62
HOSTS file redirecting www.antiaware-pro.com to 209.44.111.62

4 July

c:\windows\system32\msxz.exe

2 July

Another nasty infection. The files msjv32.dll and msne.exe was hidden from detection by a rootkit:

c:\windows\system32\msjv32.dll
C:\Documents and Settings\Roger\Skrivbord\msdos.pif
c:\windows\system32\msne.exe

1 July

C:\WINDOWS\9129837.exe
c:\windows\system32\drivers\securentm.sys
C:\WINDOWS\System32\rr64_b.exe
HOSTS file redirecting safesystem.microsoft.com to 209.44.111.62
HOSTS file redirecting antiviraprof.com to 209.44.111.62
HOSTS file redirecting www.antiviraprof.com to 209.44.111.62

30 June

Nasty little bugger. None of the 40 anti-virus engines over at VirusTotal.com detects HB32.dll:

C:\WINDOWS\system32\wbem\HB32.dll

29 June

C:\WINDOWS\system32\EVA.exe
C:\DOCUME~1\Roger\LOKALA~1\Temp\init.exe
C:\DOCUME~1\Roger\LOKALA~1\Temp\3.EXE
c:\windows\system32\drivers\systemntmi.sys
C:\Documents and Settings\Roger\Application Data\twex.exe
C:\Documents and Settings\Roger\Start-meny\Program\Autostart\rncsys32.exe
C:\WINDOWS\ld09.exe
C:\WINDOWS\System32\net.net

26 June

This drive-by download installed the System Security Rogue, Koobface, and a malware device driver:

C:\windows\ld11.exe
C:\Documents and Settings\All Users\Application Data\15452184\15452184.exe
c:\program\sys\sys.sys

26 June

A device driver + additional malware:

C:\WINDOWS\System32\drivers\ethxhkrw.sys
C:\WINDOWS\System32\sdra64.exe
C:\WINDOWS\system32\logon.exe

Permalink | Comments

24 June 2009

Malware Doctor - Another rogue security application installing through security holes

About three weeks ago Avelino Rico Jr over at McAfee Labs blog reported about a new rogue security program called Malware Doctor.

This morning my honeypot caught Malware Doctor and some additional malware installing by exploiting a security. I've pasted the FreeFixer log and marked the malware item in red:

Screenshot of Malware Doctor
FreeFixer v0.41 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 1
Log dated 2009-06-23 23:14


System policies
HKCU\..\policies\system, DisableTaskMgr = 1
HKCU\..\policies\system, DisableRegistryTools = 1

Browser Helper Objects
{AFF01325-0FC2-4749-8914-FBF0565AD9CC}, Chrome copyright, jbnmck.dll(file is missing)

Registry Startups
HKLM\..\Run, Malware Doctor = C:\Documents and Settings\LocalService\Application Data\1361538659.exe
HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background
HKCU\..\Run, Malware Doctor = C:\Documents and Settings\LocalService\Application Data\1361538659.exe

Processes (17 whitelisted)
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Program\FreeFixer\freefixer.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\Documents and Settings\LocalService\Application Data\1361538659.exe

Services (34 whitelisted)
avast!Antivirus, , c:\windows\system32\avast!antivirus.exe

Recently modified files (1 whitelisted)
16 minutes, c:\Documents and Settings\LocalService\Application Data\1361538659.exe
16 minutes, c:\WINDOWS\system32\jbnmck.dll
16 minutes, c:\WINDOWS\system32\avast!Antivirus.exe
16 minutes, c:\WINDOWS\Temp\wpv521245837260.exe
7 days, c:\Program\FreeFixer\freefixer.exe
36 days, c:\Program\FreeFixer\Uninstall.exe

Permalink | Comments

15 June 2009

Security Holes, Antivirus System Pro, and testing of a new FreeFixer plugin

For the last three days I've been experimenting with a new FreeFixer plugin. The plugin simply lists the most recently modified/created files, which appear at the end of the scan result. Definitely no rocket science, but in a case of a malware infection, I think it can be quite efficient in pointing out the unwanted files.

I've tested the new plugin on some real world infection picked up by my malware honeypot. All the unwanted files listed in the scan results were installed through security holes. I've marked them with red. During the testing I also ran into Antivirus System Pro, which is another of those rogue anti-spyware programs. Antivirus System Pro uses sysguard.exe as its file name and is located in the c:\Windows folder. You can find more information and screenshots on this rogue over at Bharath's Security Blog.

Screenshot of AntiVirus System Pro

Malware Log 1

FreeFixer v0.41 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 1
Log dated 2009-06-09 20:16


Browser Helper Objects
{5B1D95A2-F547-4e5e-8902-622B08354622}, BHO, C:\WINDOWS\system32\iehelper.dll

Registry Startups
HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background
HKCU\..\Run, system tool = C:\WINDOWS\sysguard.exe

HOSTS file
209.44.111.57 alarm-security.microsoft.com
209.44.111.57 inetantivirus.com
209.44.111.57 www.inetantivirus.com

Processes (11 whitelisted)
C:\Program\Messenger\msmsgs.exe
C:\Program\FreeFixer\freefixer.exe

Recently modified files
2 minutes, c:\Program\FreeFixer\freefixer.exe
2 minutes, c:\Program\FreeFixer\Uninstall.exe
17 minutes, c:\WINDOWS\system32\iehelper.dll
27 minutes, c:\WINDOWS\sysguard.exe
26 minutes, c:\wxh21u.exe
27 minutes, c:\a113c2.exe

Malware Log 2

FreeFixer v0.41 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 1
Log dated 2009-06-08 22:57


UserInits (1 whitelisted)
C:\WINDOWS\System32\sdra64.exe

Registry Startups
HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background

Processes (15 whitelisted)
C:\Program\Messenger\msmsgs.exe
C:\DOCUME~1\Roger\LOKALA~1\Temp\winELyqWgX.exe
C:\Program\FreeFixer\freefixer.exe

Recently modified files 
5 minutes, c:\Program\FreeFixer\freefixer.exe
5 minutes, c:\Program\FreeFixer\Uninstall.exe
35 minutes, c:\Documents and Settings\Roger\Lokala inställningar\Temp\winELyqWgX.exe
21 days, c:\RECYCLER\S-1-5-21-1229272821-413027322-839522115-1003\Dc124.exe

Malware Log 3

FreeFixer v0.41 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 1
Log dated 2009-06-09 15:25


System policies
HKCU\..\policies\system, DisableRegistryTools = 1

Browser Helper Objects
{82633227-7884-4264-6517-5599ca323026}, , C:\Program\Common Files\System\s sig.dll

Registry Startups
HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background

Autostart shortcuts
Visio Util Firing.exe, , C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Visio Util Firing.exe
Yahoo Software Firing.exe, , C:\Documents and Settings\Roger\Start-meny\Program\Autostart\Yahoo Software Firing.exe

HOSTS file
67.212.80.125 pagead2.googlesyndication.com

Processes (12 whitelisted)
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\System32\wininet.exe
C:\Program\FreeFixer\freefixer.exe

Shell services (4 whitelisted)
SysRun, {D7FFD784-5276-42D1-887B-00267870A4C7}, C:\WINDOWS\System32\svshost.dll

Recently modified files 
4 minutes, c:\Program\FreeFixer\freefixer.exe
4 minutes, c:\Program\FreeFixer\Uninstall.exe
32 minutes, c:\WINDOWS\system32\svshost.dll
32 minutes, c:\WINDOWS\system32\wininet.exe
32 minutes, c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\YQ2T1TWE\1[1].exe
32 minutes, c:\Documents and Settings\Roger\Lokala inställningar\Temp\1\svchost.exe
32 minutes, c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\0H6N6RCD\1[1].exe
32 minutes, c:\Documents and Settings\Roger\Lokala inställningar\Temp\~tt1.tmp
32 minutes, c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\0H6N6RCD\load[1].exe
22 days, c:\Program\Common Files\System\Adobe_Office_Firing.exe
22 days, c:\Documents and Settings\All Users\Start-meny\Program\Autostart\Visio Util Firing.exe
22 days, c:\Documents and Settings\Roger\Start-meny\Program\Autostart\Yahoo Software Firing.exe
22 days, c:\Program\Common Files\System\s sig.dll
22 days, c:\Documents and Settings\Roger\Lokala inställningar\Temp\winxfH6q2KD.exe
22 days, c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\load[1].exe
22 days, c:\RECYCLER\S-1-5-21-1229272821-413027322-839522115-1003\Dc124.exe

Malware Log 4

FreeFixer v0.41 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 1
Log dated 2009-05-18 12:57


UserInits (1 whitelisted)
C:\WINDOWS\System32\win32avs.exe

Registry Startups
HKLM\..\Run, internat = C:\WINDOWS\internat.exe (file is missing)
HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background

Processes (14 whitelisted)
C:\Program\Messenger\msmsgs.exe
C:\Documents and Settings\Roger\Skrivbord\calc.exe
C:\Program\FreeFixer\freefixer.exe

Recently modified files 
3 minutes, c:\Program\FreeFixer\freefixer.exe
3 minutes, c:\Program\FreeFixer\Uninstall.exe
24 minutes, c:\Documents and Settings\Roger\Skrivbord\calc.exe
24 minutes, c:\Documents and Settings\Roger\Lokala inställningar\Temp\ntsystem.exe
24 minutes, c:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\calc[1].exe
46 minutes, c:\RECYCLER\S-1-5-21-1229272821-413027322-839522115-1003\Dc124.exe

Permalink | Comments

11 June 2009

June Searches 2009

I'm obsessed with looking at the traffic stats for FreeFixer.com. About halfway into June shows some new filenames among the top searches:

  1. kwinzy119.exe
  2. sysguard.exe
  3. groupmanager.exe
  4. fastsearch_a8904fb862bd9564.dll
  5. miragent.exe
  6. yahooauservice.exe
  7. sasnative32
  8. plfseti.exe

Permalink | Comments

09 June 2009

Presto Tuneup - Yet another rogue security product

A couple of weeks ago a new rogue security application appeared. Here's a FreeFixer log from the infected machine. I've marked the Presto Tuneup file with red:

FreeFixer v0.41 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 1
Log dated 2009-05-18 12:46


Registry Startups
HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background

Processes (17 whitelisted)
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\System32\notepad.exe
C:\Program\FreeFixer\freefixer.exe
C:\Documents and Settings\All Users\Application Data\8f0d\PrestoTuneUp.exe
Screenshot of Presto Tuneup

The Presto Tuneup domain, prestotuneup.com, resolves to 64.213.140.69. These are the other sites available on this IP address: antivirus09.net, malwarecatcher.net, scan-ultraantivirus2009.com, update1.virusalarmpro.com, update2.prestotuneup.com, updvms.cn, virussweeper-scan.net, www.malwarecatcher.net and promo.fastantivirus09.com.

On the prestotuneup.com web site I also found a file called Work.exe, which installs HOSTS file redirects of a large number of Google's web sites to 206.53.61.77.

FreeFixer v0.41 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 1
Log dated 2009-05-18 12:25


Registry Startups
HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background

HOSTS file
206.53.61.77 google.ae
206.53.61.77 google.as
206.53.61.77 google.at
206.53.61.77 google.az
206.53.61.77 google.ba
206.53.61.77 google.be
206.53.61.77 google.bg
206.53.61.77 google.bs
206.53.61.77 google.ca
206.53.61.77 google.cd
206.53.61.77 google.com.gh
206.53.61.77 google.com.gi
206.53.61.77 google.com.hk
206.53.61.77 google.com.jm
206.53.61.77 google.com.ly
206.53.61.77 google.com.mx
206.53.61.77 google.com.my
206.53.61.77 google.com.na
206.53.61.77 google.com.nf
206.53.61.77 google.com.ng
206.53.61.77 google.ch
206.53.61.77 google.com.np
206.53.61.77 google.com.om
206.53.61.77 google.com.pa
206.53.61.77 google.com.pr
206.53.61.77 google.com.qa
206.53.61.77 google.com.sg
206.53.61.77 google.com.tj
206.53.61.77 google.com.tr
206.53.61.77 google.com.tw
206.53.61.77 google.com.ua
206.53.61.77 google.dj
206.53.61.77 google.com.vc
206.53.61.77 google.it.ao
206.53.61.77 google.de
206.53.61.77 google.dk
206.53.61.77 google.dm
206.53.61.77 google.dz
206.53.61.77 google.ee
206.53.61.77 google.fi
206.53.61.77 google.fm
206.53.61.77 google.fr
206.53.61.77 google.ge
206.53.61.77 google.gg
206.53.61.77 google.gm
206.53.61.77 google.gr
206.53.61.77 google.gy
206.53.61.77 google.ht
206.53.61.77 google.ie
206.53.61.77 google.im
206.53.61.77 google.in
206.53.61.77 google.it
206.53.61.77 google.ki
206.53.61.77 google.kz
206.53.61.77 google.la
206.53.61.77 google.li
206.53.61.77 google.lk
206.53.61.77 google.lv
206.53.61.77 google.ma
206.53.61.77 google.md
206.53.61.77 google.ms
206.53.61.77 google.mu
206.53.61.77 google.mv
206.53.61.77 google.mw
206.53.61.77 google.nl
206.53.61.77 google.no
206.53.61.77 google.nr
206.53.61.77 google.nu
206.53.61.77 google.pl
206.53.61.77 google.pn
206.53.61.77 google.pt
206.53.61.77 google.ro
206.53.61.77 google.ru
206.53.61.77 google.rw
206.53.61.77 google.sc
206.53.61.77 google.se
206.53.61.77 google.sh
206.53.61.77 google.si
206.53.61.77 google.sm
206.53.61.77 google.sn
206.53.61.77 google.st
206.53.61.77 google.tl
206.53.61.77 google.tm
206.53.61.77 google.tt
206.53.61.77 google.us
206.53.61.77 google.vg
206.53.61.77 google.vu
206.53.61.77 google.ws
206.53.61.77 google.co.bw
206.53.61.77 google.co.ck
206.53.61.77 google.co.id
206.53.61.77 google.co.il
206.53.61.77 google.co.in
206.53.61.77 google.co.jp
206.53.61.77 google.co.ke
206.53.61.77 google.co.kr
206.53.61.77 google.co.ls
206.53.61.77 google.co.ma
206.53.61.77 google.co.mz
206.53.61.77 google.co.nz
206.53.61.77 google.co.th
206.53.61.77 google.co.tz
206.53.61.77 google.co.ug
206.53.61.77 google.co.uk
206.53.61.77 google.co.za
206.53.61.77 google.co.zm
206.53.61.77 google.co.zw
206.53.61.77 google.com
206.53.61.77 google.com.af
206.53.61.77 google.com.ag
206.53.61.77 google.com.ai
206.53.61.77 google.com.ar
206.53.61.77 google.com.au
206.53.61.77 google.com.bn
206.53.61.77 google.com.br
206.53.61.77 google.com.by
206.53.61.77 google.com.bz
206.53.61.77 google.com.co
206.53.61.77 google.com.cu
206.53.61.77 google.com.ec
206.53.61.77 google.com.et
206.53.61.77 google.com.fj
206.53.61.77 www.google.ae
206.53.61.77 www.google.as
206.53.61.77 www.google.at
206.53.61.77 www.google.az
206.53.61.77 www.google.ba
206.53.61.77 www.google.be
206.53.61.77 www.google.bg
206.53.61.77 www.google.bs
206.53.61.77 www.google.ca
206.53.61.77 www.google.cd
206.53.61.77 www.google.com.gh
206.53.61.77 www.google.com.gi
206.53.61.77 www.google.com.hk
206.53.61.77 www.google.com.jm
206.53.61.77 www.google.com.ly
206.53.61.77 www.google.com.mx
206.53.61.77 www.google.com.my
206.53.61.77 www.google.com.na
206.53.61.77 www.google.com.nf
206.53.61.77 www.google.com.ng
206.53.61.77 www.google.ch
206.53.61.77 www.google.com.np
206.53.61.77 www.google.com.om
206.53.61.77 www.google.com.pa
206.53.61.77 www.google.com.pr
206.53.61.77 www.google.com.qa
206.53.61.77 www.google.com.sg
206.53.61.77 www.google.com.tj
206.53.61.77 www.google.com.tr
206.53.61.77 www.google.com.tw
206.53.61.77 www.google.com.ua
206.53.61.77 www.google.dj
206.53.61.77 www.google.com.vc
206.53.61.77 www.google.it.ao
206.53.61.77 www.google.de
206.53.61.77 www.google.dk
206.53.61.77 www.google.dm
206.53.61.77 www.google.dz
206.53.61.77 www.google.ee
206.53.61.77 www.google.fi
206.53.61.77 www.google.fm
206.53.61.77 www.google.fr
206.53.61.77 www.google.ge
206.53.61.77 www.google.gg
206.53.61.77 www.google.gm
206.53.61.77 www.google.gr
206.53.61.77 www.google.gy
206.53.61.77 www.google.ht
206.53.61.77 www.google.ie
206.53.61.77 www.google.im
206.53.61.77 www.google.in
206.53.61.77 www.google.it
206.53.61.77 www.google.ki
206.53.61.77 www.google.kz
206.53.61.77 www.google.la
206.53.61.77 www.google.li
206.53.61.77 www.google.lk
206.53.61.77 www.google.lv
206.53.61.77 www.google.ma
206.53.61.77 www.google.md
206.53.61.77 www.google.ms
206.53.61.77 www.google.mu
206.53.61.77 www.google.mv
206.53.61.77 www.google.mw
206.53.61.77 www.google.nl
206.53.61.77 www.google.no
206.53.61.77 www.google.nr
206.53.61.77 www.google.nu
206.53.61.77 www.google.pl
206.53.61.77 www.google.pn
206.53.61.77 www.google.pt
206.53.61.77 www.google.ro
206.53.61.77 www.google.ru
206.53.61.77 www.google.rw
206.53.61.77 www.google.sc
206.53.61.77 www.google.se
206.53.61.77 www.google.sh
206.53.61.77 www.google.si
206.53.61.77 www.google.sm
206.53.61.77 www.google.sn
206.53.61.77 www.google.st
206.53.61.77 www.google.tl
206.53.61.77 www.google.tm
206.53.61.77 www.google.tt
206.53.61.77 www.google.us
206.53.61.77 www.google.vg
206.53.61.77 www.google.vu
206.53.61.77 www.google.ws
206.53.61.77 www.google.co.bw
206.53.61.77 www.google.co.ck
206.53.61.77 www.google.co.id
206.53.61.77 www.google.co.il
206.53.61.77 www.google.co.in
206.53.61.77 www.google.co.jp
206.53.61.77 www.google.co.ke
206.53.61.77 www.google.co.kr
206.53.61.77 www.google.co.ls
206.53.61.77 www.google.co.ma
206.53.61.77 www.google.co.mz
206.53.61.77 www.google.co.nz
206.53.61.77 www.google.co.th
206.53.61.77 www.google.co.tz
206.53.61.77 www.google.co.ug
206.53.61.77 www.google.co.uk
206.53.61.77 www.google.co.za
206.53.61.77 www.google.co.zm
206.53.61.77 www.google.co.zw
206.53.61.77 www.google.com
206.53.61.77 www.google.com.af
206.53.61.77 www.google.com.ag
206.53.61.77 www.google.com.ai
206.53.61.77 www.google.com.ar
206.53.61.77 www.google.com.au
206.53.61.77 www.google.com.bn
206.53.61.77 www.google.com.br
206.53.61.77 www.google.com.by
206.53.61.77 www.google.com.bz
206.53.61.77 www.google.com.co
206.53.61.77 www.google.com.cu
206.53.61.77 www.google.com.ec
206.53.61.77 www.google.com.et
206.53.61.77 www.google.com.fj
206.53.61.77 search.yahoo.com
206.53.61.77 www.search.yahoo.com
206.53.61.77 search.live.com
206.53.61.77 search.msn.com
206.53.61.77 googleads.g.doubleclick.net
206.53.61.77 www.googleads.g.doubleclick.net
206.53.61.77 pubads.g.doubleclick.net
206.53.61.77 www.pubads.g.doubleclick.net
206.53.61.77 partner.googleadservices.com
206.53.61.77 www.partner.googleadservices.com
206.53.61.77 www.partner.googleadservices.com

Processes (15 whitelisted)
C:\Program\Messenger\msmsgs.exe
C:\Program\FreeFixer\freefixer.exe

Permalink | Comments