Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Removing search.yahoo.com/?type=937811&fr=spigot-yhp-ff

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Removing search.yahoo.com/?type=937811&fr=spigot-yhp-ff

Unread postby Wei4 » September 18th, 2012, 9:17 pm

This is my first time here, but believe you guys may be of some help. Ever since I updated my Youtube Downloader via their "updater" I have had my homepage changed to "http://search.yahoo.com/?type=937811&fr=spigot-yhp-ff" and regardless of what I do I can't remove this issue. I have researched that it has to do with removing the Youtube Downloader Updater. This computer is not used for business at all and is a home computer. Help would be greatly appreciated.

Steps taken so far:
* I ran MalwareBytes AntiMalware, Found nothing.
* I Uninstalled Youtube Downloader all together, but the problem persisted.
* I performed a System Restore to the last previous restore date, problem persisted.
**Was prompted by Threatfire after the system restore to quarantine and kill this process:
C:\Program Files\Common Files\Spigot\SearchSettings\SearchSettings.exe
* I Ran PC Tools Threatfire and found nothing.
* I ran Microsoft Security Essentials, and found nothing


Here are my logs:
======
Log 1
======

Code: Select all
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by Kayvaan at 2:15:45 on 2012-09-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2038.870 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\ytd toolbar\ie\6.2\ytdToolbarIE.dll
TB: YTD Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\ytd toolbar\ie\6.2\ytdToolbarIE.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>] 
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{20405E63-42EC-411F-AE7C-CBA8A9638607} : DhcpNameServer = 129.49.7.170
TCP: Interfaces\{69923218-BC11-474B-A308-246344E9D806} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kayvaan\appdata\roaming\mozilla\firefox\profiles\7sxozz9y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-5-5 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-5-5 69392]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-7-26 794560]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-5-5 33552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-26 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 114144]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-4-25 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-25 1343400]
.
=============== Created Last 30 ================
.
2012-09-19 03:51:11	--------	d-----w-	c:\program files\CCleaner
2012-09-19 03:47:45	7022536	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{6c49ecc3-2b79-40ce-980e-c66bb199161b}\mpengine.dll
2012-09-19 03:34:13	7022536	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-19 00:40:21	--------	d-----w-	c:\users\kayvaan\appdata\roaming\Malwarebytes
2012-09-19 00:40:11	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-19 00:40:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-17 16:25:37	--------	d-----w-	c:\program files\Application Updater
2012-09-17 16:25:36	--------	d-----w-	c:\program files\YTD Toolbar
2012-09-17 16:25:36	--------	d-----w-	c:\program files\common files\Spigot
2012-09-12 16:08:10	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 16:08:10	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 16:08:10	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-07 05:38:27	114144	----a-w-	c:\program files\mozilla firefox\maintenanceservice.exe
2012-09-07 05:38:26	917984	----a-w-	c:\program files\mozilla firefox\firefox.exe
2012-09-07 05:38:26	82400	----a-w-	c:\program files\mozilla firefox\libEGL.dll
2012-09-07 05:38:26	425952	----a-w-	c:\program files\mozilla firefox\libGLESv2.dll
2012-09-07 05:38:26	258528	----a-w-	c:\program files\mozilla firefox\freebl3.dll
2012-09-07 05:38:26	2288608	----a-w-	c:\program files\mozilla firefox\gkmedias.dll
2012-09-07 05:38:26	1998168	----a-w-	c:\program files\mozilla firefox\d3dx9_43.dll
2012-09-07 05:38:25	73696	----a-w-	c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-07 05:38:25	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2012-09-07 05:38:25	2106216	----a-w-	c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-09-07 05:38:25	118240	----a-w-	c:\program files\mozilla firefox\crashreporter.exe
2012-09-07 05:38:24	18912	----a-w-	c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-09-06 01:56:30	--------	d-----w-	c:\users\kayvaan\appdata\roaming\Dropbox
2012-09-03 03:52:08	--------	d-----w-	c:\users\kayvaan\appdata\local\Google
.
==================== Find3M  ====================
.
2012-07-18 17:47:53	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-07-04 21:14:34	41984	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 21:14:34	102912	----a-w-	c:\windows\system32\browser.dll
2012-06-29 00:16:58	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-06-29 00:09:01	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-06-29 00:08:59	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
============= FINISH:  2:17:51.23 ===============




======
Log 2
======


Code: Select all
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume2
Install Date: 4/25/2012 12:59:47 PM
System Uptime: 9/18/2012 11:33:23 PM (3 hours ago)
.
Motherboard: Acer, Inc. |  | Prespa1         
Processor: Intel(R) Celeron(R) M CPU        440  @ 1.86GHz | U2E1 | 1866/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 33 GiB total, 8.678 GiB free.
D: is FIXED (NTFS) - 32 GiB total, 6.412 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP73: 9/19/2012 2:00:48 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Audition 1.5
Adobe Community Help
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Widget Browser
Agere Systems HDA Modem
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program
Bonjour
CCleaner
I-Doser v4
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Microsoft .NET Framework 4 Client Profile
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
PDF Settings CS5
SBaGen 1.4.4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Texas Instruments PCIxx21/x515/xx12 drivers.
ThreatFire
TIPCI
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.1
WinRAR 4.11 (32-bit)
YTD Toolbar v6.2
YTD Video Downloader 3.9.2
.
==== Event Viewer Messages From Past Week ========
.
9/19/2012 1:58:06 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/18/2012 8:39:02 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
9/18/2012 8:05:13 PM, Error: NetBT [4321]  - The name "KAYVAAN-PC     :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
9/18/2012 11:34:13 PM, Error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.  	Signatures Attempted: Current  	Error Code: 0x80070002  	Error description: The system cannot find the file specified.   	Signature version: 1.135.1409.0;1.135.1409.0  	Engine version: 1.1.8704.0
.
==== End Of File ===========================

Wei4
Active Member
 
Posts: 1
Joined: September 18th, 2012, 9:10 pm

Re: Removing search.yahoo.com/?type=937811&fr=spigot-yhp-ff

Unread postby Gary R » September 19th, 2012, 9:46 am

Connected to Educational Network
I see you are posting for help for a computer connected to an "Educational" Network.

TCP: Interfaces\{20405E63-42EC-411F-AE7C-CBA8A9638607} : DhcpNameServer = 129.49.7.170

NetRange: 129.49.0.0 - 129.49.255.255
CIDR: 129.49.0.0/16
OriginAS:
NetName: SUNY-SB
NetHandle: NET-129-49-0-0-1
Parent: NET-129-0-0-0-0
NetType: Direct Assignment
RegDate: 1987-08-03
Updated: 1999-06-23
Ref: http://whois.arin.net/rest/net/NET-129-49-0-0-1

OrgName: State University of New York at Stony Brook


May I draw your attention to ALL USERS OF THIS FORUM MUST READ THIS FIRST topic, which you should have read before posting for help.

The section here, explains why we do not offer help for such computers.

This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 19061
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware