Steps taken so far:
* I ran MalwareBytes AntiMalware, Found nothing.
* I Uninstalled Youtube Downloader all together, but the problem persisted.
* I performed a System Restore to the last previous restore date, problem persisted.
**Was prompted by Threatfire after the system restore to quarantine and kill this process:
C:\Program Files\Common Files\Spigot\SearchSettings\SearchSettings.exe
* I Ran PC Tools Threatfire and found nothing.
* I ran Microsoft Security Essentials, and found nothing
Here are my logs:
======
Log 1
======
- Code: Select all
. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Kayvaan at 2:15:45 on 2012-09-19 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.870 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThreatFire\TFService.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\ThreatFire\TFTray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\UI0Detect.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\ytd toolbar\ie\6.2\ytdToolbarIE.dll TB: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\ytd toolbar\ie\6.2\ytdToolbarIE.dll mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [<NO NAME>] mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{20405E63-42EC-411F-AE7C-CBA8A9638607} : DhcpNameServer = 129.49.7.170 TCP: Interfaces\{69923218-BC11-474B-A308-246344E9D806} : DhcpNameServer = 192.168.1.1 Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\kayvaan\appdata\roaming\mozilla\firefox\profiles\7sxozz9y.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ff FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-5-5 51984] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-5-5 69392] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928] R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-7-26 794560] R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-5-5 33552] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-26 253088] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 114144] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-4-25 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-25 1343400] . =============== Created Last 30 ================ . 2012-09-19 03:51:11 -------- d-----w- c:\program files\CCleaner 2012-09-19 03:47:45 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6c49ecc3-2b79-40ce-980e-c66bb199161b}\mpengine.dll 2012-09-19 03:34:13 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-09-19 00:40:21 -------- d-----w- c:\users\kayvaan\appdata\roaming\Malwarebytes 2012-09-19 00:40:11 -------- d-----w- c:\programdata\Malwarebytes 2012-09-19 00:40:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-17 16:25:37 -------- d-----w- c:\program files\Application Updater 2012-09-17 16:25:36 -------- d-----w- c:\program files\YTD Toolbar 2012-09-17 16:25:36 -------- d-----w- c:\program files\common files\Spigot 2012-09-12 16:08:10 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 16:08:10 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 16:08:10 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-07 05:38:27 114144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-09-07 05:38:26 917984 ----a-w- c:\program files\mozilla firefox\firefox.exe 2012-09-07 05:38:26 82400 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2012-09-07 05:38:26 425952 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2012-09-07 05:38:26 258528 ----a-w- c:\program files\mozilla firefox\freebl3.dll 2012-09-07 05:38:26 2288608 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-09-07 05:38:26 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2012-09-07 05:38:25 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-09-07 05:38:25 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-09-07 05:38:25 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2012-09-07 05:38:25 118240 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2012-09-07 05:38:24 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2012-09-06 01:56:30 -------- d-----w- c:\users\kayvaan\appdata\roaming\Dropbox 2012-09-03 03:52:08 -------- d-----w- c:\users\kayvaan\appdata\local\Google . ==================== Find3M ==================== . 2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll 2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 2:17:51.23 ===============
======
Log 2
======
- Code: Select all
. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 4/25/2012 12:59:47 PM System Uptime: 9/18/2012 11:33:23 PM (3 hours ago) . Motherboard: Acer, Inc. | | Prespa1 Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz | U2E1 | 1866/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 33 GiB total, 8.678 GiB free. D: is FIXED (NTFS) - 32 GiB total, 6.412 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP73: 9/19/2012 2:00:48 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Adobe AIR Adobe Audition 1.5 Adobe Community Help Adobe Creative Suite 5.5 Master Collection Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Adobe Widget Browser Agere Systems HDA Modem AIM 7 Apple Application Support Apple Mobile Device Support Apple Software Update Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program Bonjour CCleaner I-Doser v4 Intel(R) Graphics Media Accelerator Driver iTunes Java Auto Updater Java(TM) 6 Update 31 Microsoft .NET Framework 4 Client Profile Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 15.0 (x86 en-US) Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service PDF Settings CS5 SBaGen 1.4.4 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Texas Instruments PCIxx21/x515/xx12 drivers. ThreatFire TIPCI Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.1 WinRAR 4.11 (32-bit) YTD Toolbar v6.2 YTD Video Downloader 3.9.2 . ==== Event Viewer Messages From Past Week ======== . 9/19/2012 1:58:06 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 9/18/2012 8:39:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 9/18/2012 8:05:13 PM, Error: NetBT [4321] - The name "KAYVAAN-PC :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer. 9/18/2012 11:34:13 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.135.1409.0;1.135.1409.0 Engine version: 1.1.8704.0 . ==== End Of File ===========================