shifty
04-06-2006, 03:55 PM
Mods - please sticky this thread. :)
To anyone reading: If you find any dead links in the thread, please let me know. I'll be happy to fix.
DO NOT REPRODUCE THE CONTENT OF THIS THREAD WITHOUT WRITTEN PERMISSION. Thanks -s.
DISCLAIMER: Before I get into this thread, I want to bring up a huge point you must understand: before you act on any information in this thread, you should read it in full. Don't just come in here, download the programs listed and install them, it will likely screw up your computer worse than it will help. Just read the info below, ask any questions you have (even if you think they're stupid) and I'll answer them to the best of my ability.
I am writing this thread because I have watched several members of this community have their eBay account hijacked, suffer from fraudulent credit card purchases, I've even heard one case of identity theft and most, if not all cases, were due to some kind of malicious software a person had on their machine without knowing it ... and it could have been prevented. The intent behind this thread is to help the members here clean up their machines and protect them from future infections. The last figure I read was reporting that 90% of all home computers in the US are known to be infected with some form of spyware - chances are, if you've never thought about spyware or scanned your machine, you are infected with something.
It's important to understand that it's not necessary to pay money for software to adequately protect your computer; in fact, installing expensive programs like Norton Internet Security on your computer will only offer moderate protection and, more often than not, will considerably slow down your boot times and kill any performance your average home computer might otherwise have. I *do not* recommend using Norton Internet Security or other similarly packaged all-in-one security products for the fact that they DO slow down your computer and, in my opinion, do not adequately protect you from attacks in real-time. In fact, I have had to uninstall Norton's all-in-one product from several computers recently because it would literally take the user's computer 3-4 minutes to finish booting.
Now, I get paid to work on computers at work and as a side job. I also do a lot of volunteer work in my community helping less fortunate people and organizations getting cleaned up and refurbing their systems. When working on the systems I do, I try to stress to everyone one simple concept: THERE IS NO SINGLE PROGRAM THAT WILL ADEQUATELY PROTECT YOU FROM SPYWARE, VIRUSES, TROJANS, POPUPS AND OTHER INTERNET THREATS. It is very important that you understand this before cleaning and securing your system from these threats.
As a little introduction, there are a few things you should understand before cleaning and securing your system:
You should ALWAYS clean your computer of all viruses and spyware before installing protection on it - I will explain how in a sec after I explain why. Nowadays, most viruses, spyware and other bad things will actually deactivate, uninstall or cripple your spyware scanners, firewalls or antivirus to keep themselves alive. Logically, if you're infected with something and you start installing protection, guess what is probably going to happen? It's going to get deactivated. To clean your computer, I highly recommend reading the thread at the top of this help forum (It's stuck to the top of the threads list permanently) explaining how to clean yourself up. Read and follow those steps to cleanup before anything else :).
You really need to keep your copy of Windows up-to-date ... at all costs. That means "automatic updates" should be turned on (set to "automatically download), you should install them when they arrive, and you should always have the most recent Service Pack (SP1/SP2/SP3/etc.) installed on your computer. NO EXCUSES, NO EXCEPTIONS. If you keep Windows patched up, spyware and viruses won't be able to be sneaky and use known flaws in Windows to infect you without you knowing about it.
As for protection, you have a couple of types out there: you have your standard scanners that look for stuff already installed on your system, you have things that will "actively" scan files as they're opened to look for bad stuff and then you have programs that will block your computer from ever downloading files that are a potential threat before you have a chance to open them.
Look at things from a major birdseye-overview, there are three main tools used to secure your computer from bad things: antivirus, a firewall (software- or hardware-based), and spyware/adware/popup scanners/blockers. I want to give you some notes about these three types of protection and a couple of other tools common to the market:
ANTIVIRUS:
Antivirus programs are like a condom in three ways: 1) When used properly, they keep bad stuff from infecting you. 2) "More is not better" - wear two condoms and they're gonna work against each other and break - same thing goes for antivirus software...you should NEVER have two copies of antivirus software running on your machine at the same time. 3) If your condom gets old, you better update it or it ain't gonna protect you worth a dang - you GOTTA keep it updated! I know people who don't bother updating their antivirus or Windows becase "downloads take too long" or "it bothers me to update every freakin day!!" - Those are the idiots that keep money in my pocket, scammers pockets and also keep the programmers trying to protect you fed. :D
Important tip that everyone should know: Any time you are removing antivirus software on your computer, you should *always* reboot the computer before you install another antivirus program. This gives the computer a chance to cleanup any old files left after the uninstall and kill any portions of the old antivirus program that may still be running.
FIREWALLS:
Most hackers will only bother trying to hack computers of broadband/high speed internet users. Phone modem connections are often so slow that hackers will move on to a more desireable broadband target to take over. Firewall software (or firewall hardware like a router) is an absolute necessity for anyone using high speed internet. Now, dialup users are NOT immune to attacks, but for dialup users, the emphasis of a using software firewall to protect yourself from outside users gettin *into* your computer is not as high. Just remember: anyone can be a target.
Windows XP has a built-in firewall, BUT there are some things you should know about it. It will prevent people from getting INTO your computer, but it does not prevent "bad" software on your computer from "calling out" to the outside world. Now, most aftermarket software firewalls monitor and block both ways, in and out, so you're adequately protected ... but the Windows XP Firewall does not.
Just for reference, a common example of "calling out": you install some free software on your computer and it is bundled with spyware *or* say that you are infected with something via email attachment, downloading porn, whatever. Well, this bundled software or infected program sets itself up on your machine so it will contact another computer somewhere else in the world and wait for commands. Your machine is essentially a "zombie" just waiting for some little hacker kid somewhere to tell it who and/or what to attack. Often times, your computer is used to either spam emails out or partake in concentrated attacks on major internet targets like popular websites. Basically, the process of that infection on your computer contacting some rogue server or computer out on the web is it "calling out" or "calling home". If you had a third-party software firewall, it should have notified you when that program was trying to get to the outside world and you could have stopped it...
Firewalls are not always user-friendly and they often take a few days of tinkering and answering popups asking "should i block this?" to get running smoothly. It's easy enough, though, and anyone can do it with minimal to no reading/understanding necessary.
SPYWARE SCANNERS:
There are a ton of them out there - so many it can be daunting to know which to pick. Just so you can be in-the-know, here are two lists of legitimate and bogus spyware scanners:
Legitimate scanners and a list of cloned scanners:
Legit/trusted scanners :: http://www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy
Legit clones of trusted scanners :: http://www.spywarewarrior.com/rogue_anti-spyware.htm#clones-legit
Totally bogus scanners that are basically spyware in disguise:
Full list :: http://www.spywarewarrior.com/rogue_anti-spyware.htm#products
Overall, they are simple devices: it scans through your computer, finds a spyware/malware/adware related item on your computer - whether it be a simple tracking cookie or a full blown infection - then it deletes or quarantines the item where appropriate.
No single scanner will really detect everything. In fact, I usually suggest my customers use at least two scanning tools together (typically Spybot and AdAware for a no-pay solution) to scan their computer once every couple of weeks. One will often pick up what the other one misses.
Now, these scanners are worthless unless you keep them updated regularly. Before you scan your computer, you should use the "update" feature of your spyware scanner to download new "detection routines" that define what is spyware and what is not, otherwise, you're never going to find the newest infections that have come out to infect you.
It is always recommended to do two things regularly when you find a non-cookie-based infection on your computer:
1) Dump the "quarantine" of detected infections regularly in your spyware scanner. Purging your quarantine prevents future detections of something you've already quarantined.
2) If you're using Windows ME or Windows XP, you should turn the System Restore feature OFF, then back ON again. This will flush the "restore points" and keep you from rolling your system configuration back to a previous date when you were infected!
Some spyware scanners such as SpySweeper (~$30) include "active scanning" features which will scan files and programs as you open them to try and prevent an infection before it has a chance to execute. These are very effective in preventing infections.
Some of the nastiest spyware loads itself into your computer before you even have a chance to login. Not many of scanners out there protect you from this kind of infection. SpySweeper (again) has protection mechanisms that will start up before you login to protect you from them - it only works well if you install SpySweeper before you get infected, though :)
POPUP BLOCKERS/MALICIOUS SITE BLOCKERS:
Simple tools: Popup blockers stop most popup windows from showing in most browsers - even legitimate ones sometimes! Malicious site blockers stop your computer from loading any webpage at a website that is known to infect people's computers (IE-Spyad is a good example - the list of banned sites is huge!). These are both very effective prevention tools! For the record, the Google Toolbar has a built-in popup blocker: (link (http://toolbar.google.com))
REGISTRY CLEANERS:
Well, 99% of them are worthless crap that will wreck your computer more than fix them. I do not, will not and have not ever recommended anyone to use a registry cleaner. The results are often as disastrous as if you were to let your 5yr old nephew or neice get on your computer and start pruning your Windows Registry.
Now that all of that information is out of the way, on to the goodies ... since I regularly see the question "what should I use to keep myself safe?", I wanted to post a list of free applications which I typically install on my client's machines so you can get an idea of what I think is a good solution. No solution is foolproof, but it's better to stay protected than infected, so ...
UPDATE PLEASE NOTE: I HAVE INCLUDED TWO LINKS AT THE END OF THIS THREAD CONTAINING LINKS TO ANOTHER SITE WITH LOTS OF FREE TOOLS LISTED.
Free antivirus (only install one per machine!):
AVG "free" from Grisoft :: http://free.grisoft.com/doc/2/lng/us/tpl/v5 - This is a very capable free antivirus software that I typically recommend to people. The update downloads are normally small, which makes it great for dialup users. It supports real-time scanning, email scanning and almost every other feature that other pay programs use. It even detects and cleans some spyware items.
Avast Home Edition :: http://www.avast.com/eng/avast_4_home.html - this has quickly become a new favorite of mine. It has real-time protection, built-in email scanning, Peer-to-Peer and IM protection, web filtering and, overall, is very easy to use for even the most basic of computer users.
BitDefender :: http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html - the best of the best for "basic" protection - offers basic protection against viruses, trojans, worms, and dialers. Supports scheduled scans, skinnable user interface for the customization geeks out there.
Kaspersky Personal :: http://www.kaspersky.com/productupdates?chapter=146244099&downlink=182644980 - Just another free client I've found from a name I know; I have not used this product and cannot report to its effectiveness, but I know others who have used it and been satisfied with it.
Spyware/malware scanners and repair tools:
SuperAntiSpyware :: http://www.superantispyware.com/superantispywarefreevspro.html - One of the absolute ESSENTIAL free spyware scanning and removal tools available today!
A-Squared :: http://www.emsisoft.com/en/software/free/ - Another great spyware scanning and removal tool, comes highly recommended by many professionals out there.
Spybot Search & Destroy :: http://www.safer-networking.org/en/spybotsd/index.html - Great scanning and repair tool. Should be used at least once ever couple weeks to check for and remove infected files. Update the product before each scan. Has good built-in browser "immunization" tools that will protect you from some common infection techniques and block malicious websites from displaying in your browser. Very effective when used in conjunction with AdAware SE personal edition.
AdAware SE Personal :: http://www.lavasoft.com/software/adaware/ - Another great, free scanning and repair tool. Will kill some of the more aggressive items out there that others can't touch. Overall, similar in quality to Spybot S&D, very effective scanner when paired up with Spybot S&D.
Free real-time protection from spyware installation (EDIT: Some tools may be a bit outdated at this point):
SpywareBlaster :: http://www.javacoolsoftware.com/spywareblaster.html - excellent "active" protection from spyware installation. Works incredibly well when bundled with SpywareGuard.
SpywareGuard (download the "full setup") :: http://www.javacoolsoftware.com/spywareguard.html - works like "active scan" for antivirus. Scans attachments and programs before you run them. Even goes so far as to block advertising/tracking cookies! Great software.
IE-SpyAd :: http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD - This tool is a must for Internet Explorer users. This program imports a list of malicious websites in Internet Explorer's configuration settings. When a site is listed in IE-Spyad's "Restricted zone", while you are on that site, it will not allow you to run ActiveX controls, any scripts, download programs, or perform other potentially dangerous acts. There is a very easy to use tutorial (w/pictures) on how to set this guy up here: link (http://www.bleepingcomputer.com/tutorials/tutorial53.html#intro).
Free Firewall software (only install one per machine! great info on firewalls and setup here: link (http://www.pcworld.com/howto/article/0,aid,112920,00.asp)):
ZoneAlarm :: http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=dbtopnav_zass - simple, no-frills, easy to use firewall. Great solution for the casual home user if one of the above products is either too complex or doesn't work for you.
Outpost Firewall Free :: http://www.agnitum.com/products/outpostfree/download.php - Agnitum's no-cost firewall includes ad and pop-up blockers, web content filters, mail attachment filter and there is a great "quick start" guide on the download page which gives step by step instructions for install.
Kerio Personal Firewall :: http://www.sunbelt-software.com/Kerio.cfm - I am not entirely certain, but this may be free-for-30-day trial. I'm posting this because it will seriously secure your computer (to the point that you might find it irritating), it IS simple enough for typical users, but powerful and robust enough for "power" users. Allows you to fine-tune application rules to restrict access to/from specific IP addresses and/or ports on your computer. I believe the free version even blocks advertisements and popups.
Wow, so ... that's a long list of software there, eh? Bet some people are going to be more confused than anything after reading this book of knowledge....
So, you ask, what would I recommend out of the list above? If I were going to install anything on anyone's machine to be the best, well-rounded solution, I would cleanup the computer - to make sure it's clean, post a Hijackthis log for verification in the Computer Help forum! In the process, ask me what I'm liking at the time (new software comes out all the time) and I'll let you know my thoughts.
Information on how to create a hijackthis logfile is here: http://67-72chevytrucks.com/vboard/showthread.php?t=235802
Download link for the HijackThis software: http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download
As a final note, I really have a lot of faith and respect for WebRoot's "SpySweeper" software. It's a pay-program ($30), and I believe it's worth every penny. It is not a one-shot solution (there isn't one out there), but if you used this as a replacement for AdAware SE and/or Spybot S&D, I believe you would be doing a more adequate job of protecting your computer, IMO. Just my 2¢.
UPDATE:
GeeksToGo does a better job of updating their threads than I do. I highly recommend checking out their free tools section: http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html
Also, they have a great guide to quick cleanups. I highly recommend using this process when posting here for help: http://www.geekstogo.com/forum/Must-Read-Before-Posting-Hijackthis-Log-t2852.html
To anyone reading: If you find any dead links in the thread, please let me know. I'll be happy to fix.
DO NOT REPRODUCE THE CONTENT OF THIS THREAD WITHOUT WRITTEN PERMISSION. Thanks -s.
DISCLAIMER: Before I get into this thread, I want to bring up a huge point you must understand: before you act on any information in this thread, you should read it in full. Don't just come in here, download the programs listed and install them, it will likely screw up your computer worse than it will help. Just read the info below, ask any questions you have (even if you think they're stupid) and I'll answer them to the best of my ability.
I am writing this thread because I have watched several members of this community have their eBay account hijacked, suffer from fraudulent credit card purchases, I've even heard one case of identity theft and most, if not all cases, were due to some kind of malicious software a person had on their machine without knowing it ... and it could have been prevented. The intent behind this thread is to help the members here clean up their machines and protect them from future infections. The last figure I read was reporting that 90% of all home computers in the US are known to be infected with some form of spyware - chances are, if you've never thought about spyware or scanned your machine, you are infected with something.
It's important to understand that it's not necessary to pay money for software to adequately protect your computer; in fact, installing expensive programs like Norton Internet Security on your computer will only offer moderate protection and, more often than not, will considerably slow down your boot times and kill any performance your average home computer might otherwise have. I *do not* recommend using Norton Internet Security or other similarly packaged all-in-one security products for the fact that they DO slow down your computer and, in my opinion, do not adequately protect you from attacks in real-time. In fact, I have had to uninstall Norton's all-in-one product from several computers recently because it would literally take the user's computer 3-4 minutes to finish booting.
Now, I get paid to work on computers at work and as a side job. I also do a lot of volunteer work in my community helping less fortunate people and organizations getting cleaned up and refurbing their systems. When working on the systems I do, I try to stress to everyone one simple concept: THERE IS NO SINGLE PROGRAM THAT WILL ADEQUATELY PROTECT YOU FROM SPYWARE, VIRUSES, TROJANS, POPUPS AND OTHER INTERNET THREATS. It is very important that you understand this before cleaning and securing your system from these threats.
As a little introduction, there are a few things you should understand before cleaning and securing your system:
You should ALWAYS clean your computer of all viruses and spyware before installing protection on it - I will explain how in a sec after I explain why. Nowadays, most viruses, spyware and other bad things will actually deactivate, uninstall or cripple your spyware scanners, firewalls or antivirus to keep themselves alive. Logically, if you're infected with something and you start installing protection, guess what is probably going to happen? It's going to get deactivated. To clean your computer, I highly recommend reading the thread at the top of this help forum (It's stuck to the top of the threads list permanently) explaining how to clean yourself up. Read and follow those steps to cleanup before anything else :).
You really need to keep your copy of Windows up-to-date ... at all costs. That means "automatic updates" should be turned on (set to "automatically download), you should install them when they arrive, and you should always have the most recent Service Pack (SP1/SP2/SP3/etc.) installed on your computer. NO EXCUSES, NO EXCEPTIONS. If you keep Windows patched up, spyware and viruses won't be able to be sneaky and use known flaws in Windows to infect you without you knowing about it.
As for protection, you have a couple of types out there: you have your standard scanners that look for stuff already installed on your system, you have things that will "actively" scan files as they're opened to look for bad stuff and then you have programs that will block your computer from ever downloading files that are a potential threat before you have a chance to open them.
Look at things from a major birdseye-overview, there are three main tools used to secure your computer from bad things: antivirus, a firewall (software- or hardware-based), and spyware/adware/popup scanners/blockers. I want to give you some notes about these three types of protection and a couple of other tools common to the market:
ANTIVIRUS:
Antivirus programs are like a condom in three ways: 1) When used properly, they keep bad stuff from infecting you. 2) "More is not better" - wear two condoms and they're gonna work against each other and break - same thing goes for antivirus software...you should NEVER have two copies of antivirus software running on your machine at the same time. 3) If your condom gets old, you better update it or it ain't gonna protect you worth a dang - you GOTTA keep it updated! I know people who don't bother updating their antivirus or Windows becase "downloads take too long" or "it bothers me to update every freakin day!!" - Those are the idiots that keep money in my pocket, scammers pockets and also keep the programmers trying to protect you fed. :D
Important tip that everyone should know: Any time you are removing antivirus software on your computer, you should *always* reboot the computer before you install another antivirus program. This gives the computer a chance to cleanup any old files left after the uninstall and kill any portions of the old antivirus program that may still be running.
FIREWALLS:
Most hackers will only bother trying to hack computers of broadband/high speed internet users. Phone modem connections are often so slow that hackers will move on to a more desireable broadband target to take over. Firewall software (or firewall hardware like a router) is an absolute necessity for anyone using high speed internet. Now, dialup users are NOT immune to attacks, but for dialup users, the emphasis of a using software firewall to protect yourself from outside users gettin *into* your computer is not as high. Just remember: anyone can be a target.
Windows XP has a built-in firewall, BUT there are some things you should know about it. It will prevent people from getting INTO your computer, but it does not prevent "bad" software on your computer from "calling out" to the outside world. Now, most aftermarket software firewalls monitor and block both ways, in and out, so you're adequately protected ... but the Windows XP Firewall does not.
Just for reference, a common example of "calling out": you install some free software on your computer and it is bundled with spyware *or* say that you are infected with something via email attachment, downloading porn, whatever. Well, this bundled software or infected program sets itself up on your machine so it will contact another computer somewhere else in the world and wait for commands. Your machine is essentially a "zombie" just waiting for some little hacker kid somewhere to tell it who and/or what to attack. Often times, your computer is used to either spam emails out or partake in concentrated attacks on major internet targets like popular websites. Basically, the process of that infection on your computer contacting some rogue server or computer out on the web is it "calling out" or "calling home". If you had a third-party software firewall, it should have notified you when that program was trying to get to the outside world and you could have stopped it...
Firewalls are not always user-friendly and they often take a few days of tinkering and answering popups asking "should i block this?" to get running smoothly. It's easy enough, though, and anyone can do it with minimal to no reading/understanding necessary.
SPYWARE SCANNERS:
There are a ton of them out there - so many it can be daunting to know which to pick. Just so you can be in-the-know, here are two lists of legitimate and bogus spyware scanners:
Legitimate scanners and a list of cloned scanners:
Legit/trusted scanners :: http://www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy
Legit clones of trusted scanners :: http://www.spywarewarrior.com/rogue_anti-spyware.htm#clones-legit
Totally bogus scanners that are basically spyware in disguise:
Full list :: http://www.spywarewarrior.com/rogue_anti-spyware.htm#products
Overall, they are simple devices: it scans through your computer, finds a spyware/malware/adware related item on your computer - whether it be a simple tracking cookie or a full blown infection - then it deletes or quarantines the item where appropriate.
No single scanner will really detect everything. In fact, I usually suggest my customers use at least two scanning tools together (typically Spybot and AdAware for a no-pay solution) to scan their computer once every couple of weeks. One will often pick up what the other one misses.
Now, these scanners are worthless unless you keep them updated regularly. Before you scan your computer, you should use the "update" feature of your spyware scanner to download new "detection routines" that define what is spyware and what is not, otherwise, you're never going to find the newest infections that have come out to infect you.
It is always recommended to do two things regularly when you find a non-cookie-based infection on your computer:
1) Dump the "quarantine" of detected infections regularly in your spyware scanner. Purging your quarantine prevents future detections of something you've already quarantined.
2) If you're using Windows ME or Windows XP, you should turn the System Restore feature OFF, then back ON again. This will flush the "restore points" and keep you from rolling your system configuration back to a previous date when you were infected!
Some spyware scanners such as SpySweeper (~$30) include "active scanning" features which will scan files and programs as you open them to try and prevent an infection before it has a chance to execute. These are very effective in preventing infections.
Some of the nastiest spyware loads itself into your computer before you even have a chance to login. Not many of scanners out there protect you from this kind of infection. SpySweeper (again) has protection mechanisms that will start up before you login to protect you from them - it only works well if you install SpySweeper before you get infected, though :)
POPUP BLOCKERS/MALICIOUS SITE BLOCKERS:
Simple tools: Popup blockers stop most popup windows from showing in most browsers - even legitimate ones sometimes! Malicious site blockers stop your computer from loading any webpage at a website that is known to infect people's computers (IE-Spyad is a good example - the list of banned sites is huge!). These are both very effective prevention tools! For the record, the Google Toolbar has a built-in popup blocker: (link (http://toolbar.google.com))
REGISTRY CLEANERS:
Well, 99% of them are worthless crap that will wreck your computer more than fix them. I do not, will not and have not ever recommended anyone to use a registry cleaner. The results are often as disastrous as if you were to let your 5yr old nephew or neice get on your computer and start pruning your Windows Registry.
Now that all of that information is out of the way, on to the goodies ... since I regularly see the question "what should I use to keep myself safe?", I wanted to post a list of free applications which I typically install on my client's machines so you can get an idea of what I think is a good solution. No solution is foolproof, but it's better to stay protected than infected, so ...
UPDATE PLEASE NOTE: I HAVE INCLUDED TWO LINKS AT THE END OF THIS THREAD CONTAINING LINKS TO ANOTHER SITE WITH LOTS OF FREE TOOLS LISTED.
Free antivirus (only install one per machine!):
AVG "free" from Grisoft :: http://free.grisoft.com/doc/2/lng/us/tpl/v5 - This is a very capable free antivirus software that I typically recommend to people. The update downloads are normally small, which makes it great for dialup users. It supports real-time scanning, email scanning and almost every other feature that other pay programs use. It even detects and cleans some spyware items.
Avast Home Edition :: http://www.avast.com/eng/avast_4_home.html - this has quickly become a new favorite of mine. It has real-time protection, built-in email scanning, Peer-to-Peer and IM protection, web filtering and, overall, is very easy to use for even the most basic of computer users.
BitDefender :: http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html - the best of the best for "basic" protection - offers basic protection against viruses, trojans, worms, and dialers. Supports scheduled scans, skinnable user interface for the customization geeks out there.
Kaspersky Personal :: http://www.kaspersky.com/productupdates?chapter=146244099&downlink=182644980 - Just another free client I've found from a name I know; I have not used this product and cannot report to its effectiveness, but I know others who have used it and been satisfied with it.
Spyware/malware scanners and repair tools:
SuperAntiSpyware :: http://www.superantispyware.com/superantispywarefreevspro.html - One of the absolute ESSENTIAL free spyware scanning and removal tools available today!
A-Squared :: http://www.emsisoft.com/en/software/free/ - Another great spyware scanning and removal tool, comes highly recommended by many professionals out there.
Spybot Search & Destroy :: http://www.safer-networking.org/en/spybotsd/index.html - Great scanning and repair tool. Should be used at least once ever couple weeks to check for and remove infected files. Update the product before each scan. Has good built-in browser "immunization" tools that will protect you from some common infection techniques and block malicious websites from displaying in your browser. Very effective when used in conjunction with AdAware SE personal edition.
AdAware SE Personal :: http://www.lavasoft.com/software/adaware/ - Another great, free scanning and repair tool. Will kill some of the more aggressive items out there that others can't touch. Overall, similar in quality to Spybot S&D, very effective scanner when paired up with Spybot S&D.
Free real-time protection from spyware installation (EDIT: Some tools may be a bit outdated at this point):
SpywareBlaster :: http://www.javacoolsoftware.com/spywareblaster.html - excellent "active" protection from spyware installation. Works incredibly well when bundled with SpywareGuard.
SpywareGuard (download the "full setup") :: http://www.javacoolsoftware.com/spywareguard.html - works like "active scan" for antivirus. Scans attachments and programs before you run them. Even goes so far as to block advertising/tracking cookies! Great software.
IE-SpyAd :: http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD - This tool is a must for Internet Explorer users. This program imports a list of malicious websites in Internet Explorer's configuration settings. When a site is listed in IE-Spyad's "Restricted zone", while you are on that site, it will not allow you to run ActiveX controls, any scripts, download programs, or perform other potentially dangerous acts. There is a very easy to use tutorial (w/pictures) on how to set this guy up here: link (http://www.bleepingcomputer.com/tutorials/tutorial53.html#intro).
Free Firewall software (only install one per machine! great info on firewalls and setup here: link (http://www.pcworld.com/howto/article/0,aid,112920,00.asp)):
ZoneAlarm :: http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=dbtopnav_zass - simple, no-frills, easy to use firewall. Great solution for the casual home user if one of the above products is either too complex or doesn't work for you.
Outpost Firewall Free :: http://www.agnitum.com/products/outpostfree/download.php - Agnitum's no-cost firewall includes ad and pop-up blockers, web content filters, mail attachment filter and there is a great "quick start" guide on the download page which gives step by step instructions for install.
Kerio Personal Firewall :: http://www.sunbelt-software.com/Kerio.cfm - I am not entirely certain, but this may be free-for-30-day trial. I'm posting this because it will seriously secure your computer (to the point that you might find it irritating), it IS simple enough for typical users, but powerful and robust enough for "power" users. Allows you to fine-tune application rules to restrict access to/from specific IP addresses and/or ports on your computer. I believe the free version even blocks advertisements and popups.
Wow, so ... that's a long list of software there, eh? Bet some people are going to be more confused than anything after reading this book of knowledge....
So, you ask, what would I recommend out of the list above? If I were going to install anything on anyone's machine to be the best, well-rounded solution, I would cleanup the computer - to make sure it's clean, post a Hijackthis log for verification in the Computer Help forum! In the process, ask me what I'm liking at the time (new software comes out all the time) and I'll let you know my thoughts.
Information on how to create a hijackthis logfile is here: http://67-72chevytrucks.com/vboard/showthread.php?t=235802
Download link for the HijackThis software: http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download
As a final note, I really have a lot of faith and respect for WebRoot's "SpySweeper" software. It's a pay-program ($30), and I believe it's worth every penny. It is not a one-shot solution (there isn't one out there), but if you used this as a replacement for AdAware SE and/or Spybot S&D, I believe you would be doing a more adequate job of protecting your computer, IMO. Just my 2¢.
UPDATE:
GeeksToGo does a better job of updating their threads than I do. I highly recommend checking out their free tools section: http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html
Also, they have a great guide to quick cleanups. I highly recommend using this process when posting here for help: http://www.geekstogo.com/forum/Must-Read-Before-Posting-Hijackthis-Log-t2852.html