Widgi reported but not removed

[DougH]

I ran Spybot yesterday and it reported Widgi as a problem. When I clicked fix it removed some other problems but reported that it couldn't remove one entry but would do so on restart.
I resatrted and it started Spybot (no other tasks were running or started) and Spybot repoerted a couple of other errors (why? It didn't report them before) but Widgi was still there. I restarted again and Spybot reported Widgi is still a problem.

How can I get rid of it.

I'm running XP SP3 with the Chrome browser.

[Zenobia]

Could you post the fixes logfile here,please?
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports.Look for the Fixes.yymmdd-hhmm file with the date from when you ran your scan,and doubleclick it.It will open up in the Spybot window,rightclick somewhere in that window and select Select All,then rightclick again and select Copy,then paste it here.

[DougH]

Thanks, here it is




--- Report generated: 2012-06-17 07:42 ---

Widgi.Toolbar: [SBI $D4C0BB69] System Service (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application Updater

Common Dialogs: History (2 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

MS Office 9.0: Recently used files (32 files) (Directory, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Microsoft\Office\Recent\

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\core.mochibot.com\com.mochibot.sol
Properties.size=105
Properties.md5=3BD2B399A9A0E781096B64170F03D817
Properties.filedate=1339660661
Properties.filedatetext=2012-06-14 08:57:40

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\images-na.ssl-images-amazon.com\mercury.sol
Properties.size=69
Properties.md5=B34931977F3425F053C44B7263ED689C
Properties.filedate=1339691911
Properties.filedatetext=2012-06-14 17:38:31

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\magazine.northerncountiesgolfer.co.uk\analytics.sol
Properties.size=419
Properties.md5=731233DAF4BA7C40EAD4DD5A36BEFBEF
Properties.filedate=1339625326
Properties.filedatetext=2012-06-13 23:08:46

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\mit-prog-dl.kaltura.com.edgesuite.net\analytics.sol
Properties.size=456
Properties.md5=5662796D2F4AC30FA4FC74C64D01B455
Properties.filedate=1339506173
Properties.filedatetext=2012-06-12 14:02:53

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\ups.surveyrouter.com\agdata.sol
Properties.size=148
Properties.md5=4D979CADD365B4E0E9014D3CA611EA54
Properties.filedate=1339673783
Properties.filedatetext=2012-06-14 12:36:22

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\aa.online-metrix.net\fpc.swf\session.sol
Properties.size=76
Properties.md5=646794C80C327C2F75DDF9B39523AB40
Properties.filedate=1339786712
Properties.filedatetext=2012-06-15 19:58:31

MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Microsoft Management Console\Recent File List

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Office 9.0: [SBI $BCA8814E] Internet history (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\Common\Internet\UseRWHlinkNavigation

MS Office 9.0 (Word): [SBI $EC31BB71] Recently used file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\Word\Data\Settings

MS Office 9.0 (Excel): [SBI $E49B52E1] Recent files (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\Excel\Recent Files

MS Office 9.0 (PowerPoint): [SBI $43C6507A] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\PowerPoint\Recent File List

MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Search Assistant\ACMru

Windows.OpenWith: [SBI $F3568C7E] Open with list - .123 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.123\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: [SBI $AA0766B5] Stream history (27 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (91 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Cookie (30) (Cookie, nothing done)


Cache: [SBI $49804B54] Cache (465) (Cache, nothing done)


History: [SBI $49804B54] History (16) (History, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-15 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-06-05 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-05-16 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-06-05 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-05-29 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2011-09-28 Includes\Trojans.sbi (*)
2012-06-12 Includes\TrojansC-02.sbi (*)
2012-06-06 Includes\TrojansC-03.sbi (*)
2012-06-11 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-06-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

[Zenobia]

Try going to Start on your computer,then Run.Type in services.msc,Services should open.Scroll through,and if there is a service named Application Updater(it also might have the description 'Automatically downloads and installs application updates'),then click on it and press Stop.If that's successful,try running Spybot and see if it is able to remove it now.

The rest of the items in your logfile all look to be usage tracks,and should have shown as the colour green when the scan was done:
http://www.safer-networking.org/en/d...agetracks.html
They're of no harm,so you can just ignore them if you wish.

Please let me know how it goes.

[DougH]

Application updater is showing 'Start the service'

However I tried to click 'start' so that I could 'stop' it but it gave an error saying 'Cannot find the path specified'
There is also a another service 'Automatic Updates' which is for Windows updates. But I assume that is not the one.

PS I'm OK with the items in green.

[Zenobia]

Did you have MyBrowserBar or Dealio toolbar installed before,or currently installed?If it's currently installed,you might be able to uninstall it from add/remove programs or from your browser.
From what I can find,it may have been bundled with another product,if you don't remember installing it.
It may also be named something else,I think...Youtube downloader toolbar,perhaps,or a couple of others.

[DougH]

I haven't downloaded any special toolbars and it doesn't appear in Add/Remove

[Zenobia]

Perhaps the service was left from a past install then.To check for sure,you could ask for help in malware removal.Should be able to remove it in there.

"BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

Malware Removal:
http://forums.spybot.info/forumdisplay.php?f=22

[DougH]

Thanks. I'll give them a try in a couple of days when I get back from holiday.

[Zenobia]