Spigot Widgi Toolbar Malware | Joachim De Zutter
31st of October 2011


Unwanted software named YouTube Downloader Toolbar v4.7 by Spigot gets installed with YouTube Downloader 3.4. Removal from the list of installed software fails.

Filename: YouTubeDownloaderSetup34.exe
Filesize: 7385191 bytes
MD5: 62d432a8b6867a1fc7a617de7b736953
SHA1: 21ece50e242cd2014c3a73262bfad894267be7e3
SHA256: 9a144d4b15798b7f12ca681d8de859d8cc509a7ece85fbf4c027c3c39023ca2b

The installation is logged in the event log:

Log Name: System
Source: Service Control Manager
Event ID: 7036
The Windows Installer service entered the running state.

Log Name: Application
Source: MsiInstaller
Event ID: 1040
Beginning a Windows Installer transaction: %HOMEDRIVE%%HOMEPATH%\AppData\Local\Temp\{2BBBA1BA-9B31-40DD-941A-888AB787E5E5}\youtubedownloaderToolbar.msi. Client Process Id: 2500.

Log Name: Application
Source: MsiInstaller
Event ID: 11707
Product: YouTube Downloader Toolbar v4.7 -- Installation operation completed successfully.

Log Name: Application
Source: MsiInstaller
Event ID: 1033
Windows Installer installed the product. Product Name: YouTube Downloader Toolbar v4.7. Product Version: 4.7. Product Language: 1033. Manufacturer: Spigot, Inc.. Installation success or error status: 0.

Log Name: Application
Source: MsiInstaller
Event ID: 1042
Ending a Windows Installer transaction: %HOMEDRIVE%%HOMEDIR%\AppData\Local\Temp\{2BBBA1BA-9B31-40DD-941A-888AB787E5E5}\youtubedownloaderToolbar.msi. Client Process Id: 2500.

The .msi file installs the following:

\Common\Spigot
\Common\Spigot\Search Settings
\Common\Spigot\wtxpcom
\Common\Spigot\Search Settings\baidu_ff.xml
\Common\Spigot\Search Settings\baidu_ie.xml
\Common\Spigot\Search Settings\Lang
\Common\Spigot\Search Settings\SearchSettings.exe
\Common\Spigot\Search Settings\yahoo_ff.xml
\Common\Spigot\Search Settings\yahoo_ie.xml
\Common\Spigot\Search Settings\yandex_ff.xml
\Common\Spigot\Search Settings\yandex_ie.xml
\Common\Spigot\Search Settings\Lang\res1031.ini
\Common\Spigot\Search Settings\Lang\res1033.ini
\Common\Spigot\Search Settings\Lang\res1034.ini
\Common\Spigot\Search Settings\Lang\res1036.ini
\Common\Spigot\Search Settings\Lang\res1040.ini
\Common\Spigot\wtxpcom\chrome.manifest
\Common\Spigot\wtxpcom\components
\Common\Spigot\wtxpcom\install.rdf
\Common\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
\Common\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
\Common\Spigot\wtxpcom\components\WidgiToolbarFF.dll
\Common\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
\Common\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
\Common\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
\program files\Application Updater
\program files\Mozilla Firefox
\program files\WidgiToolbar
\program files\Application Updater\ApplicationUpdater.exe
\program files\Mozilla Firefox\extensions
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com
\program files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
\program files\Mozilla Firefox\extensions\youtubedownloader@mybrowserbar.com
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome.manifest
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\install.rdf
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\locale
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\chevron.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\chevron.xul
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\login.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\login.xul
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\parser.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\RadioWidget.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\RadioWidget.xul
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\RssTickerWidget.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\searchbox.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\searchbox.xul
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\utils.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\widgichevron.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\widgicomm.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\widgihandling.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\widgilisteners.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\widgitoolbarplugin.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\widgitoolbarplugin.xul
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\content\widgiui.js
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\locale\EN-US
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\locale\EN-US\searchbox.dtd
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\locale\EN-US\widgitoolbarplugin.dtd
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\locale\EN-US\widgitoolbarplugin.properties
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\amazon.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\btnClose.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\btnMinimize.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\chevron.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\dailymotion.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\ebay.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\facebook.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\googleplus.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\hulu.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\icon_settings.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\metacafe.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\radiobeta.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search-button-hover.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search-button.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search-chevron-hover.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search-chevron.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search-wmrk-baidu.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search-wmrk-yahoo.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search-wmrk-yandex.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\searchbox.css
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search_amazon.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search_baidu.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search_ebay.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search_yahoo.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search_yandex.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\search_youtube.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\splitter.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\twitter.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\veoh.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\widgitoolbarplugin.css
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\youtube.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\ytd.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\ytd_logo.gif
\program files\Mozilla Firefox\extensions\PARTNERNAME@widgitoolbar.com\chrome\skin\ytd_logo_hover.gif
\program files\WidgiToolbar\IE
\program files\WidgiToolbar\Res
\program files\WidgiToolbar\WidgiHelper.exe
\program files\WidgiToolbar\IE\[USER_VER]
\program files\WidgiToolbar\IE\[USER_VER]\youtubedownloaderToolbarIE.dll
\program files\WidgiToolbar\Res\amazon.gif
\program files\WidgiToolbar\Res\btnClose.gif
\program files\WidgiToolbar\Res\btnMinimize.gif
\program files\WidgiToolbar\Res\dailymotion.gif
\program files\WidgiToolbar\Res\ebay.gif
\program files\WidgiToolbar\Res\facebook.gif
\program files\WidgiToolbar\Res\googleplus.gif
\program files\WidgiToolbar\Res\hulu.gif
\program files\WidgiToolbar\Res\icon_settings.gif
\program files\WidgiToolbar\Res\Lang
\program files\WidgiToolbar\Res\metacafe.gif
\program files\WidgiToolbar\Res\radiobeta.gif
\program files\WidgiToolbar\Res\search-button-hover.gif
\program files\WidgiToolbar\Res\search-button.gif
\program files\WidgiToolbar\Res\search-chevron-hover.gif
\program files\WidgiToolbar\Res\search-chevron.gif
\program files\WidgiToolbar\Res\search_amazon.gif
\program files\WidgiToolbar\Res\search_baidu.gif
\program files\WidgiToolbar\Res\search_ebay.gif
\program files\WidgiToolbar\Res\search_yahoo.gif
\program files\WidgiToolbar\Res\search_yandex.gif
\program files\WidgiToolbar\Res\search_youtube.gif
\program files\WidgiToolbar\Res\twitter.gif
\program files\WidgiToolbar\Res\veoh.gif
\program files\WidgiToolbar\Res\widgets.xml
\program files\WidgiToolbar\Res\youtube.gif
\program files\WidgiToolbar\Res\ytd.gif
\program files\WidgiToolbar\Res\ytd_logo.gif
\program files\WidgiToolbar\Res\ytd_logo_hover.gif
\program files\WidgiToolbar\Res\Lang\res1031.ini
\program files\WidgiToolbar\Res\Lang\res1033.ini
\program files\WidgiToolbar\Res\Lang\res1034.ini
\program files\WidgiToolbar\Res\Lang\res1036.ini
\program files\WidgiToolbar\Res\Lang\res1040.ini
\Windows\system32
\Windows\winsxs
\Windows\system32\msvcm90.dll
\Windows\system32\msvcp90.dll
\Windows\system32\msvcr90.dll
\Windows\winsxs\dlCRTx86
\Windows\winsxs\Manifests
\Windows\winsxs\Policies
\Windows\winsxs\ulCRTx86
\Windows\winsxs\ulpCRTx86
\Windows\winsxs\dlCRTx86\msvcm90.dll
\Windows\winsxs\dlCRTx86\msvcp90.dll
\Windows\winsxs\dlCRTx86\msvcr90.dll
\Windows\winsxs\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36.cat
\Windows\winsxs\Manifests\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36.manifest
\Windows\winsxs\Policies\dlpCRTx86
\Windows\winsxs\Policies\dlpCRTx86\9.0.30304.0.cat
\Windows\winsxs\Policies\dlpCRTx86\9.0.30304.0.policy
\Windows\winsxs\ulCRTx86\msvcm90.dll
\Windows\winsxs\ulCRTx86\msvcp90.dll
\Windows\winsxs\ulCRTx86\msvcr90.dll
\Windows\winsxs\ulCRTx86\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36.cat
\Windows\winsxs\ulCRTx86\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36.manifest
\Windows\winsxs\ulpCRTx86\9.0.30304.0.cat
\Windows\winsxs\ulpCRTx86\9.0.30304.0.policy

A startup key was created:

"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"
"SearchSettings" = "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"


The following program suggested a new default search provider: Search Settings

Hit CTRL+ALT+DEL to open the task manager
Go to the Processes tab
Right click on the SearchSettings.exe process
Click Open File Location to find the folder it is located in
Click on End process, go to explorer and delete the Spigot folder it is located in



Filename: C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
Filesize: 894304
MD5: fe4c7ed6a1d77b89079b101b0f7b1e41
SHA1: a4696e213dd00f12cde9f04cce178f24017c7986
SHA256: 9e4b6eab06caff8004319ce9fa1c581c43a35aae1a708d3f8f8e5e0d88700e7e

Filename: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
Filesize: 911712
MD5: b1afeb3669e67f51dbadff1ffb05d5c5
SHA1: 1e15e1decfbcdbf8899693c1087b4aa12e5e1747
SHA256: 713c143cb2e6416bc3f0086ea8f4961a964ac7e8f1ad027570116db7ce523590

Filename: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
Filesize: 911712
MD5: 18f9dfb0a5fa233277b3b6c94023e1a3
SHA1: d46254724a150519e433d682e6883c772f6c8c49
SHA256: adc78ba4c9787fd66927c8c396c086d960860c30c2d73d3c46ae1c2dd08f9cd5

Filename: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
Filesize: 911712
MD5: 7d07eed76da914b432d36199b8917605
SHA1: 6df208bfe42b4d6a10b34798e472a0efc5415bdd
SHA256: bd46c4c9dbaf1028f6f878b9db1b03abf5399ee66de505fe43d30760af303323

Filename: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
Filesize: 911712
MD5: b1afeb3669e67f51dbadff1ffb05d5c5
SHA1: 1e15e1decfbcdbf8899693c1087b4aa12e5e1747
SHA256: 713c143cb2e6416bc3f0086ea8f4961a964ac7e8f1ad027570116db7ce523590

Filename: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
Filesize: 911712
MD5: 2777cf5dbf88f9847ac1f308e0e00cc7
SHA1: f68f6bdb918d483bc446a9c2b7c94f892b9b9841
SHA256: 0ea7ea510c6935268f31c2066290978a3fc9e91c6b4133175e875352c415f36c

Filename: C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
Filesize: 745880
MD5: a1f105cb15118f3d4aef799da40c08f9
SHA1: 1aac3f9eb70ccd3dc829d3b12bd8b88b52031056
SHA256: 1bd289a98f2ae237f674dcfcf1b4cedc2668c9550ee3ee7b241be2598fd40fc0

Filename: C:\Program Files (x86)\WidgiToolbar\WidgiHelper.exe
Filesize: 68960
MD5: 5e7e9aa2176550a65eb26174928ccb8a
SHA1: fe6851aedd83588ed28ea4c2938796a89026712d
SHA256: 1293cbe76fa8c37a4718deb38f741f7ba20b129fc20efa96c2d534b32bd53a09

Filename: C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll
Filesize: 1050464
MD5: d2dc36af27713c37d1c3c21f6152eed5
SHA1: 1950e351dd1c3bd6a4bf98a78df311fac14d2143
SHA256: 84d4081f3c03fa453ab4899ed0de5910dc6aad44a38e3254e337e982bb0ea73a

Filename: C:\Windows\Installer\260c25b6.msi
Filesize: 3471872
MD5: e4ed5dfdf568405ba5bde781e2665512
SHA1: d34f01077986a22ed9db35ff5bf855d0165f0fdd
SHA256: 38a622e559058b91b5f82de53af6601b1271154ad1fb2f70e4daf6b6fa55aad5

Filename: C:\Windows\Installer\{3F2B3914-A927-4D1E-8417-E7B7C3339434}\ARPPRODUCTICON.exe
Filesize: 53248
MD5: 7f4e0bb80adb2d293ec2d0f31ccaaf13
SHA1: 28b7c70645a8c3e92c4a1bb5a4815df6bb5241e7
SHA256: 3a881f720d7dafd334b831c7b7f8f265e358f4d0a80f28f52033cff903ad11fe

Filename: C:\Windows\Installer\{3F2B3914-A927-4D1E-8417-E7B7C3339434}\1033.MST
Filesize: 3584
MD5: 8131f7bd337ed8fa4808adff38402172
SHA1: 283e7d6c6931c3e80ea8589668df40a7faea83d3
SHA256: c272ea1af03e79e3f3d3eb5c6c6cc8f6632b885ff3351bd989ca91df39a198cf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C169240EF4B21940A3359FB3D63ACDF]
"4193B2F3729AE1D448717E7B3C334943" = "C?\Program Files (x86)\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9]
"4193B2F3729AE1D448717E7B3C334943" = "C?\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3F2B3914-A927-4D1E-8417-E7B7C3339434}]
"DisplayName"="YouTube Downloader Toolbar v4.7"
"Language"=dword:00000000
"Version"=dword:04070000
"WindowsInstaller"=dword:00000001
"VersionMinor"=dword:00000007
"VersionMajor"=dword:00000004
"URLUpdateInfo"=""
"URLInfoAbout"=""
"UninstallString"="MsiExec /X{3F2B3914-A927-4D1E-8417-E7B7C3339434}" (REG_EXPAND_SZ)
"EstimatedSize"=dword:00001aa3
"Size"=""
"Readme"=""
"Publisher"="Spigot, Inc."
"NoRepair"=dword:00000001
"NoModify"=dword:00000001
"ModifyPath"="MsiExec /X{3F2B3914-A927-4D1E-8417-E7B7C3339434}" (REG_EXPAND_SZ)
"InstallSource"="C:\\Users\\%USERNAME%\\AppData\\Local\\Temp\\{2BBBA1BA-9B31-40DD-941A-888AB787E5E5}\\"
"InstallLocation"="C:\\Program Files (x86)\\YouTube Downloader Toolbar\\"
"InstallDate"="20111031"
"HelpTelephone"=""
"HelpLink"=""
"DisplayVersion"="4.7"
"Contact"=""
"Comments"=""
"AuthorizedCDFPrefix"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YouTube Downloader]
"ISN"="D0FAD83C62014BF8AB493BB6F7DB9528"
"appClass"="WT"
"user_ver"="4.7"
"installDir"="C:\\Program Files (x86)\\YouTube Downloader Toolbar\\"
"partnerId"="40"
"install_timestamp"="20111031171802"
"D_WSD"="1"
"partnerGuid"="{F3FEE66E-E034-436a-86E4-9690573BEE8A}"
"toolbarId"="WT937811"
"kitType"="SSE"
"partnerName"="YouTube Downloader"
"uninstall"="{3F2B3914-A927-4D1E-8417-E7B7C3339434}"
"LangID"=dword:00000409
"serverURL"="http://youtubedownloader.mybrowserbar.com/"
"code_ver"=dword:00000089
"channelId"=dword:000e4f53

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\Program Files (x86)\YouTube Downloader Toolbar\FF\chrome.manifest" = 1
"C:\Program Files (x86)\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties" = 1
"C:\Program Files (x86)\YouTube Downloader Toolbar\FF\install.rdf" = 1
"C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" = 1
"C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll" = 1
"C:\Program Files (x86)\Common Files\Spigot\wtxpcom\install.rdf" = 1
Hijackthis found a browser helper object and a URL search hook:

R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll

ApplicationUpdater.exe, SearchSettings.exe and the Firefox toolbar established a TCP connection with 174.36.215.20

http://www.utrace.de/?query=174.36.215.20
Provider: SoftLayer Technologies
Organisation: BitPusher, LLC
Region: Dallas (US)