barbtrd
asked on
Pop Up Problem possibly trojan or spyware
I have had an ever increasing popup ad problem for a few weeks and have installed Ad Aware 6.0 and Spybot S&D and neither gets rid of it. I am at the point where something is launching each time I start Internet Explorer. I have managed to get rid of most of the rest of the ads that just pop up in a small box. This web page that remains used to have advertising, but now comes up as "page not found" and there is no close or exit box.
I did check to see what programs start at startup by using Autostart Explorer and found that the most suspicious and unknown to me are webassist.exe and belt.exe The problem is so bad that I can barely type anything and had to switch to my son's PC to ask this question. Every 10 seconds I get a popup window and I have to control-alt-delete to close it up. This morning after some Internet research I downloaded and ran Trojan Hunter. That gave me one possible file to delete and I have done so but the problem still exists.
I think that the original culprit was dw.exe which I tried to remove with Add-Install in Control Panel and was unsuccessful so I tried to delete it to no avail and so I re-named it. I did try to delete webassist.exe and it won't let me - says it's in use or else a critical file.
Any help would be greatly appreciated. I assume my last resort is to reformat my hard drive and I'd obviously prefer not to do that.
I did check to see what programs start at startup by using Autostart Explorer and found that the most suspicious and unknown to me are webassist.exe and belt.exe The problem is so bad that I can barely type anything and had to switch to my son's PC to ask this question. Every 10 seconds I get a popup window and I have to control-alt-delete to close it up. This morning after some Internet research I downloaded and ran Trojan Hunter. That gave me one possible file to delete and I have done so but the problem still exists.
I think that the original culprit was dw.exe which I tried to remove with Add-Install in Control Panel and was unsuccessful so I tried to delete it to no avail and so I re-named it. I did try to delete webassist.exe and it won't let me - says it's in use or else a critical file.
Any help would be greatly appreciated. I assume my last resort is to reformat my hard drive and I'd obviously prefer not to do that.
Sunray already gave you this link:
HijackThis : http://www.webattack.com/download/dlhijackthis.shtml
can you try and run it and post the log here, we should be able to find out what's wrong.
also, You should have some kind of firewall to stop at least some of those pop-ups and trace the source. Try Zonealarm => www.zonealarm.com it's a free firewall.
LucF
HijackThis : http://www.webattack.com/download/dlhijackthis.shtml
can you try and run it and post the log here, we should be able to find out what's wrong.
also, You should have some kind of firewall to stop at least some of those pop-ups and trace the source. Try Zonealarm => www.zonealarm.com it's a free firewall.
LucF
ASKER
Here's the log from the webattack hijack program. Thanks
Logfile of HijackThis v1.97.3
Scan saved at 6:40:36 PM, on 10/25/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\devldr 32.exe
C:\PROGRA~1\NORTON~1\navap w32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\b in\DAMon.e xe
C:\Program Files\Intuit\QAgent\QAGENT .EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\WINDOWS\System32\mrtMng r.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\webassist.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\System32\alg.ex e
C:\WINDOWS\System32\CTsvcC DA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3 2.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\MsPMSP Sv.exe
C:\Documents and Settings\Barbara Toth\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis. exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page_bak = http://www.ebay.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {6CDDAD19-4DE5-4F84-9FA3-2 E6139DC083 7} - C:\WINDOWS\System32\blackd box.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2 09B6AD74AC C} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A 4325206468 4} - C:\Program Files\Common Files\OE\toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Prog ram\AHQIni t.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap w32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\b in\DAMon.e xe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT .EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [SpyCop ScanCheck] C:\Program Files\Common Files\Microsoft Shared\Perl.exe /LASTSCAN
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.7\THGuard.exe"
O4 - HKLM\..\Run: [webassist] C:\WINDOWS\webassist.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa ger.exe -quiet
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-0 0A024541EE 3} (WficaCtl Object) - http://www.genisar.com/files/genplug60910.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-7 18958B6E4D 2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {26E8361F-BCE7-4F75-A347-9 8C88B41832 2} - http://dst.trafficsyndicate.com/Dnl/T_50039/QDow.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-F A1D4F56A2A B} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B 518BB6A408 C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-0 0400512739 B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC187740-46A9-11D5-A815-0 0B0D0428C0 C} - http://www.pcpowerscan.com/download/advertisingdotcom/pcpowerscan.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-0 0C04F6843F E} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F 9F15586FA6 2} (SBFullInst Control) - http://www.spyblast.com/download/SBFull.cab
O16 - DPF: {F1A51F21-59DF-4486-BA31-5 B816DA481E B} (FastSeekerToolbar Control) - http://www.fastseeker.com/toolbar/download/FastSeekerSetup.cab
Logfile of HijackThis v1.97.3
Scan saved at 6:40:36 PM, on 10/25/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spools
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\devldr
C:\PROGRA~1\NORTON~1\navap
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\Support\Alert\b
C:\Program Files\Intuit\QAgent\QAGENT
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\reals
C:\WINDOWS\System32\mrtMng
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\webassist.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\System32\CTsvcC
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\MsPMSP
C:\Documents and Settings\Barbara Toth\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\In
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {6CDDAD19-4DE5-4F84-9FA3-2
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Prog
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\b
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [SpyCop ScanCheck] C:\Program Files\Common Files\Microsoft Shared\Perl.exe /LASTSCAN
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.7\THGuard.exe"
O4 - HKLM\..\Run: [webassist] C:\WINDOWS\webassist.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra 'Tools' menuitem: Turbo Download (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {238F6F83-B8B4-11CF-8771-0
O16 - DPF: {26CBF141-7D0F-46E1-AA06-7
O16 - DPF: {26E8361F-BCE7-4F75-A347-9
O16 - DPF: {30528230-99F7-4BB4-88D8-F
O16 - DPF: {41F17733-B041-4099-A042-B
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {DC187740-46A9-11D5-A815-0
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-0
O16 - DPF: {E6D5237D-A6C7-4C83-A67F-F
O16 - DPF: {F1A51F21-59DF-4486-BA31-5
Have you tried to delete these apps in safe mode?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
missed at least one
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe <= Abetterinternet adware related
LucF
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe <= Abetterinternet adware related
LucF
> I think that the original culprit was dw.exe
http://www.pacs-portal.co.uk/startup_pages/startup_d.php
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ------
DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here ). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks , Medialoads and PAgent
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ------
You said you had renamed the file, can you delete it now?
LucF
http://www.pacs-portal.co.uk/startup_pages/startup_d.php
--------------------------
DownloadWare - executes arbitrary code from advertisers and not considered to be adware but is a security risk (see here ). If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. Installed along with programs such as MovieNetworks , Medialoads and PAgent
--------------------------
You said you had renamed the file, can you delete it now?
LucF
ASKER
I think I have already deleted the renamed dw.exe file since I now can't find it. One more dumb question - how do I delete these files - when you say this line "has to go"- do I use regedit or msconfig command from run? or use the hijack log file and delete the lines there? Thanks very much for your help, its a lifesaver.
You can let HijackThis delete them safely. It gives you the option to select them and delete them.
LucF
LucF
FYI there's a checkbox in front of every thing, just check the box and choose "Fix checked" It'll remove it from the startup list or from the registry. After you've done this, you'll have to reboot your computer and run HijachThis again to see if they're really gone. If they come back, you should try running HijackThis from safe-mode.
LucF
LucF
> One more dumb question
The only dumb questions are the ones never being asked! ;-)
The only dumb questions are the ones never being asked! ;-)
Barbara,
Have you checked your e-mail yet?
Have you tried any of my suggestions?
LucF
Have you checked your e-mail yet?
Have you tried any of my suggestions?
LucF
ASKER
Yes - I just did the removal with hijack. Yeah! You're the best! Thanks a million. You made my day, my week, my month. It's been a long battle. Sigh.
So now everything is working fine?
Barbara Toth,
If it now works fine, please take a look at: https://www.experts-exchange.com/help/closing.jsp#2
Sinds you're new here, please take a look at the help pages, Experts here are always here to help you solve your questions, but they like to be awarded for their work using the points system. The points system makes this site as valuable as it is at the moment.
You should really read:
> http:help
> http:memberAgreement.jsp
LucF
p.s. welcome to Experts-Exchange, you'll learn a lot more if you stay!!
If it now works fine, please take a look at: https://www.experts-exchange.com/help/closing.jsp#2
Sinds you're new here, please take a look at the help pages, Experts here are always here to help you solve your questions, but they like to be awarded for their work using the points system. The points system makes this site as valuable as it is at the moment.
You should really read:
> http:help
> http:memberAgreement.jsp
LucF
p.s. welcome to Experts-Exchange, you'll learn a lot more if you stay!!
hmmz, I also make mistakes
http:help should be https://www.experts-exchange.com/help/
still welcome aboard!!
http:help should be https://www.experts-exchange.com/help/
still welcome aboard!!
Anyway, I'm glad you found my comments helpfull.
thanQ
Hi barbtrd
You know if you don't have a probem i can to send you a application to blocked your popup
verry good if you wand just write and i send the application 143 kb
Lominy
<edited by CS>
You know if you don't have a probem i can to send you a application to blocked your popup
verry good if you wand just write and i send the application 143 kb
Lominy
<edited by CS>
lominy, please take a look here: http:/help.jsp#hi99 Posting your e-mailaddress is a violation of the Member Agreement.
also, there is a list of popupblockers allready in this tread.
also, there is a list of popupblockers allready in this tread.
*** advertising removed by Netminder, Site Admin ***
Spyware/Adware removal tools:
--------------------------
SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml
Ad-aware : http://www.webattack.com/download/dladaware.shtml
Trojan Remover :http://www.simplysup.com/
HijackThis : http://www.webattack.com/download/dlhijackthis.shtml
KL-Detector :http://www.webattack.com/download/dlkldetector.shtml
X-Cleaner Free :http://www.webattack.com/download/dlxcleaner.shtml
SpywareBlaster :http://www.webattack.com/download/dlspywareblaster.shtml
SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml
SpySites :http://www.webattack.com/download/dlspysites.shtml
Keylogger Hunter :http://www.webattack.com/download/dlklhunter.shtml
Spycop: http://www.spycop.com/
Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.htm
Pop-up blocker:
---------------
http://home.rochester.rr.com/artcfox/Pop-Down/
http://www.panicware.com/product_psfree.html
http://zdnet.search.com/search?channel=56&cat=279tag=st.zd.sr.srch.zdnet&q=popup+killer
http://12ghosts.com/ghosts/popup.htm
http://www.webwasher.com/client/home/index.html?lang=de_EN
http://www.adsgone.com/download.asp
Google toolbar: toolbar.google.com
Sunray