I donwloaded the new defs today and the following two 'problems' were found.

I am a bit hesitant to remove/fix them because they mention "System 32."

What should I do? What are they and how did they get there?
It also mentions: King = "2 Entries, AdwareC" --- What is that?
===

Problem:
Widgi Toolbar

SBI $1F57ACC3 APPLICATON DATA FOLDER
C"\WINDOWS\system32]\config\systemprofile\Application Data\Application Update\

SBI $4051b8EE APPLICATON DATA FOLDER
C"\WINDOWS\system32]\config\systemprofile\Application Data\Application Update\temp\

Could you please do this? :)

Open SpyBot.
Check for problems.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Paste (Ctrl+V) those results into a new post.

No need to let Spybot fix anything just yet,I'd just like to have a peek at your log.Thanks.

Could you please do this? :)

Open SpyBot.
Check for problems.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Paste (Ctrl+V) those results into a new post.

No need to let Spybot fix anything just yet,I'd just like to have a peek at your log.Thanks.

Thank you. I will run the scan and then post the log. (I did not receive an email notification when you posted your response.)
Someone also referred me to the following "remedy" page for the Widgi Toolbar "threat." A bit scary to read, wouldn't you say?

http://www.spywarevoid.com/remove-widgi-toolbar-widgi-toolbar-removal-tutorial.html

P.S. After the scan is finished it has the following printed in RED wording:
Problem: Widgi Toolbar
Kind: 2 entries AdwasreC

And an "+" sign to the left. When I click on the "+" the two items show that I have posted in my first message above. I will right click on the RED wording and "Copy results to clipboard" and then post those results. Hope that is what you wanted in order to "fix" this "threat."

..

Further to my above post:

Widgi.Toolbar: [SBI $1F57ACC3] Application data folder (Directory, nothing done)
C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater\

Widgi.Toolbar: [SBI $4051B8EE] Application data folder (Directory, nothing done)
C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater\temp\


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-01-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-05-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-05-16 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-05-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-05-29 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-05-16 Includes\TrojansC-02.sbi (*)
2012-05-18 Includes\TrojansC-03.sbi (*)
2012-05-22 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-05-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Thank you. :)
That makes more sense now.In your first post,the r was accidentally cut off from Application Updater\,and I couldn't find any info at first.

Do you have,or did you have installed before,Widgi or Dealio toolbar?If you look in add/remove programs,are either in there,or is there anything listed with a publisher(if that info is available) by the name of Spigot,inc?

Thank you. :)
That makes more sense now.In your first post,the r was accidentally cut off from Application Updater\,and I couldn't find any info at first.

Do you have,or did you have installed before,Widgi or Dealio toolbar?If you look in add/remove programs,are either in there,or is there anything listed with a publisher(if that info is available) by the name of Spigot,inc?

=========
I don't remember ever installing Widgi or Dealio toolbar.

Did a Search (C:drive) for Spigot, Widgi and Dealio and nothing found.

Looked in Control Panel / Add Remove Programs and did not find anything listed for Widgi, Dealio or Spigot, Inc.

(Is it true that Weidgi was just added to the SB definition on 5/30/2012?

I ran MB, MSE and Housecall scans, but nothing found on either of them.)

(Is it true that Weidgi was just added to the SB definition on 5/30/2012?
I'm not certain if this is the first time Spybot added Widgi.toolbar to detections,but it is listed on the update page for May 30th:
http://www.safer-networking.org/en/updatehistory/index.html

There's an Application Updater folder associated with Widgi,and I also found some info that where yours is located on your computer might have to do with it also,but I haven't been able to find that out for 100% certainty.And,since you don't recall having anything installed like Widgi,Dealio,etc.,then it's probably best to double check about it,just in case.You can do that in the false positives section of the forum. :)
Here's a link which shows the info required:
http://forums.spybot.info/showthread.php?t=19117

False positives:
http://forums.spybot.info/forumdisplay.php?f=16
It may be a couple days before you get a response,perhaps Monday or so.

As for the King = "2 Entries, AdwareC" you mentioned in your first post,it didn't show in your last scan,and I can't find it listed within Spybot.
So,could you also open Spybot,click Mode,and then Advanced Mode,Tools,View Report,then press View Previous Report.There should be a Checks log in there,and if you ran your original scan on May 30th,it should have the date included at the end of it.It should look similar to this:Checks.120530-1409
Doubleclick it,it will open up in the Spybot window.Rightclick somewhere in that window,select Select All,then rightclick again,select Copy,then could you please post it here.

Is this what you wanted?

30.05.2012 19:46:43 - ##### check started #####
30.05.2012 19:46:43 - ### Version: 1.6.2
30.05.2012 19:46:43 - ### Date: 5/30/2012 7:46:43 PM
30.05.2012 19:46:46 - ##### checking bots #####
30.05.2012 19:47:27 - found: Widgi.Toolbar Application data folder
30.05.2012 19:47:27 - found: Widgi.Toolbar Application data folder
30.05.2012 20:05:24 - ##### check finished #####


I really didn't understand what you mentioned about False/Positives, etc. Am I supposed to post my entire thread (that I posted here) onto another Forum, etc.? I am getting a bit confused.
Or is it possible to move this whole thread to another (F/P) section? I just don't know at his post. For, as I said, I am quite confused at this point.

Yup,that's what I wanted. :)
However,the King = "2 Entries, AdwareC" is not listed there.Did you see that listed after you ran a scan the first time?

No,you don't need to post this entire thread in the false positives forum.You can just read through the How to report False Positives link first:
http://forums.spybot.info/showthread.php?t=19117
Then provide the info asked for in that post,and give a brief description.A lot of the information asked for is already shown here,so you could paste this link into your post in there,too. http://forums.spybot.info/showthread.php?t=66002
The reason I asked for you to post in there is so that a detective can look at what Spybot found,and confirm whether it is part of Widgi or not,because I don't know for certain,so in that case,it's best to ask one of those guys.

Yup,that's what I wanted. :)
However,the King = "2 Entries, AdwareC" is not listed there.Did you see that listed after you ran a scan the first time?


It says:
"P.S. After the scan is finished it has the following printed in RED wording:
Problem: Widgi Toolbar
Kind: 2 entries AdwasreC"

'KIND" not "King"

Yes,I had read that.However,I had thought the King = "2 Entries, AdwareC" you mentioned in your first post was something separate from that,and was something else found in your first scan:

What should I do? What are they and how did they get there?
It also mentions: King = "2 Entries, AdwareC" --- What is that?
Thank you for clearing that up.

Yes,I had read that.However,I had thought the King = "2 Entries, AdwareC" you mentioned in your first post was something separate from that,and was something else found in your first scan:

Thank you for clearing that up.

Therefore, I am finished here, in this section of the Forum?

Hi!

This is not a FP as such. Nevertheless we adjusted our rules a bit so that these folders will not be flagged that easily anymore.

Thank you.

Hi!

This is not a FP as such. Nevertheless we adjusted our rules a bit so that these folders will not be flagged that easily anymore.

Thank you.

What do I have to do now?
(P.S. I also posted, as suggested, in the F/P forum. Will they respond also?)

What do I have to do now?
(P.S. I also posted, as suggested, in the F/P forum. Will they respond also?)

I tried to Edit my above entry but was not allowed to do so. I wanted to add this question to the one above:
I just ran another scan and the same two items (Widgi Toolbar) are showing. Will they always be showing after a scan?

If the folders are empty, you can delete them. If not, please tell us which files are located there. Thank you.

If the folders are empty, you can delete them. If not, please tell us which files are located there. Thank you.

Sorry, I do not understand. What folders?

I donwloaded the new defs today and the following two 'problems' were found.

[...]

Problem:
Widgi Toolbar

SBI $1F57ACC3 APPLICATON DATA FOLDER
C"\WINDOWS\system32]\config\systemprofile\Application Data\Application Update\

SBI $4051b8EE APPLICATON DATA FOLDER
C"\WINDOWS\system32]\config\systemprofile\Application Data\Application Update\temp\

Those ones. ;)

Those ones. ;)

Ran new scan and nothing found.