I ran Spybot yesterday and it reported Widgi as a problem. When I clicked fix it removed some other problems but reported that it couldn't remove one entry but would do so on restart.
I resatrted and it started Spybot (no other tasks were running or started) and Spybot repoerted a couple of other errors (why? It didn't report them before) but Widgi was still there. I restarted again and Spybot reported Widgi is still a problem.

How can I get rid of it.

I'm running XP SP3 with the Chrome browser.

Could you post the fixes logfile here,please? :)
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports.Look for the Fixes.yymmdd-hhmm file with the date from when you ran your scan,and doubleclick it.It will open up in the Spybot window,rightclick somewhere in that window and select Select All,then rightclick again and select Copy,then paste it here.

Thanks, here it is




--- Report generated: 2012-06-17 07:42 ---

Widgi.Toolbar: [SBI $D4C0BB69] System Service (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application Updater

Common Dialogs: History (2 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

MS Office 9.0: Recently used files (32 files) (Directory, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Microsoft\Office\Recent\

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\core.mochibot.com\com.mochibot.sol
Properties.size=105
Properties.md5=3BD2B399A9A0E781096B64170F03D817
Properties.filedate=1339660661
Properties.filedatetext=2012-06-14 08:57:40

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\images-na.ssl-images-amazon.com\mercury.sol
Properties.size=69
Properties.md5=B34931977F3425F053C44B7263ED689C
Properties.filedate=1339691911
Properties.filedatetext=2012-06-14 17:38:31

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\magazine.northerncountiesgolfer.co.uk\analytics.sol
Properties.size=419
Properties.md5=731233DAF4BA7C40EAD4DD5A36BEFBEF
Properties.filedate=1339625326
Properties.filedatetext=2012-06-13 23:08:46

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\mit-prog-dl.kaltura.com.edgesuite.net\analytics.sol
Properties.size=456
Properties.md5=5662796D2F4AC30FA4FC74C64D01B455
Properties.filedate=1339506173
Properties.filedatetext=2012-06-12 14:02:53

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\ups.surveyrouter.com\agdata.sol
Properties.size=148
Properties.md5=4D979CADD365B4E0E9014D3CA611EA54
Properties.filedate=1339673783
Properties.filedatetext=2012-06-14 12:36:22

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\aa.online-metrix.net\fpc.swf\session.sol
Properties.size=76
Properties.md5=646794C80C327C2F75DDF9B39523AB40
Properties.filedate=1339786712
Properties.filedatetext=2012-06-15 19:58:31

MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Microsoft Management Console\Recent File List

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Office 9.0: [SBI $BCA8814E] Internet history (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\Common\Internet\UseRWHlinkNavigation

MS Office 9.0 (Word): [SBI $EC31BB71] Recently used file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\Word\Data\Settings

MS Office 9.0 (Excel): [SBI $E49B52E1] Recent files (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\Excel\Recent Files

MS Office 9.0 (PowerPoint): [SBI $43C6507A] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\PowerPoint\Recent File List

MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Search Assistant\ACMru

Windows.OpenWith: [SBI $F3568C7E] Open with list - .123 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.123\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: [SBI $AA0766B5] Stream history (27 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (91 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Cookie (30) (Cookie, nothing done)


Cache: [SBI $49804B54] Cache (465) (Cache, nothing done)


History: [SBI $49804B54] History (16) (History, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-15 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-06-05 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-05-16 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-06-05 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-05-29 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2011-09-28 Includes\Trojans.sbi (*)
2012-06-12 Includes\TrojansC-02.sbi (*)
2012-06-06 Includes\TrojansC-03.sbi (*)
2012-06-11 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-06-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Try going to Start on your computer,then Run.Type in services.msc,Services should open.Scroll through,and if there is a service named Application Updater(it also might have the description 'Automatically downloads and installs application updates'),then click on it and press Stop.If that's successful,try running Spybot and see if it is able to remove it now.

The rest of the items in your logfile all look to be usage tracks,and should have shown as the colour green when the scan was done:
http://www.safer-networking.org/en/dictionary/usagetracks.html
They're of no harm,so you can just ignore them if you wish.

Please let me know how it goes. :)

Application updater is showing 'Start the service'

However I tried to click 'start' so that I could 'stop' it but it gave an error saying 'Cannot find the path specified'
There is also a another service 'Automatic Updates' which is for Windows updates. But I assume that is not the one.

PS I'm OK with the items in green.

Did you have MyBrowserBar or Dealio toolbar installed before,or currently installed?If it's currently installed,you might be able to uninstall it from add/remove programs or from your browser.
From what I can find,it may have been bundled with another product,if you don't remember installing it.
It may also be named something else,I think...Youtube downloader toolbar,perhaps,or a couple of others.

I haven't downloaded any special toolbars and it doesn't appear in Add/Remove

Perhaps the service was left from a past install then.To check for sure,you could ask for help in malware removal.Should be able to remove it in there. :)

"BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Malware Removal:
http://forums.spybot.info/forumdisplay.php?f=22

Thanks. I'll give them a try in a couple of days when I get back from holiday.

:bigthumb:

Just fixed widgi.toolbar problem in my Vista system and would like to share the experience. First detected by Spybot and identified as AdwareC. It multiplied to 18, then 23, then 24 entities in 2 days. Greatly slowed down my system. Could not be fixed by Spybot because it needs admin mode. Not even detected by Spyhunter!
So I used the following reference and proceed:
http://en.kioskea.net/faq/300-access-a-hidden-administrator-account-in-windows-vista
1. START, ACCESSORIES, right click COMMAND COM and choose RUN AS ADMINISTRATOR
2. Enter: net user administrator /active:yes
3. Switch to admin account
4. Run Spybot, fix selected problems, reboot
5. Allow Spybot to rerun on reboot, fix selected problems again.
6. Switch to usual user account
7. Disable admin acct as in Steps 1, then enter command:
net user administrator /active:no
Now my system is back to normal.
Afterwards I realize that Spybot can be run in admin mode. Right click on Spybot icon and choose RUN AS ADMIN, and I expect the result to be the same, but much easier. So I would suggest trying this latter route first.
Good luck.

Thanks but I believe 'Run as Admin' is a feature specific to Vista. It isn't an option in XP. Nor is COMMAND COM. But I operate as admin anyway.

Hi, I had a similar problem to SStor, and found that S&D fixed it when I selected `Admin Mode' from the S&D icon. This is available in Win7 - I wasn't aware of it before, so thanks SStor!



Just fixed widgi.toolbar problem in my Vista system and would like to share the experience. First detected by Spybot and identified as AdwareC. It multiplied to 18, then 23, then 24 entities in 2 days. Greatly slowed down my system. Could not be fixed by Spybot because it needs admin mode. Not even detected by Spyhunter!

Now my system is back to normal.
Afterwards I realize that Spybot can be run in admin mode. Right click on Spybot icon and choose RUN AS ADMIN, and I expect the result to be the same, but much easier. So I would suggest trying this latter route first.
Good luck.

It is not that long ago that I posted fixing widgi.toolbar in admin mode, and so I am quite surprised that my Vista system is inflicted with widgi.toolbar again. This time I started Spybot in Admin Mode, and the elimination process went smoothly. I would suggest Spybot publicizes more the availability of the admin mode and its special functionalities.

Hi there,

Pinned sticky in this forum: Run as Administrator (http://forums.spybot.info/showthread.php?t=55946) :)

Sorry I haven't posted but have been in hospital. I'm sorted now but the problem with widgi still exists.

SpyBot reports it. Says it will remove it after a restart but doesn't.

Any further suggestions would be welcome. Thanks

The error message SpyBot shows is


Widgi.Toolbar: [SBI $D4C0BB69] System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application

When I open the key with regedit nothing relevant shows.

Sorry to hear you were in the hospital.

You can ask for help in malware removal.
"BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Malware Removal:
http://forums.spybot.info/forumdisplay.php?f=22

Including a link back to this topic would probably be helpful. :)
http://forums.spybot.info/showthread.php?t=66092

Sorry I haven't posted but have been in hospital. I'm sorted now but the problem with widgi still exists.

SpyBot reports it. Says it will remove it after a restart but doesn't.

Any further suggestions would be welcome. Thanks


I presume you have WinXP and you used command com. When you switch users, it is still your usual account-admin. There is no separate admin account as in Vista. It is possible that what I described works only with Vista and Win7. Did the scan restart upon reboot? The rescan is slow and can take a long time. Have you tried right clicking Spybot icon to Run As Adminstrator? I don't have further experience beyond this.

The 'run as administrator' is it seems not relevant to XP (which I am running).

I have updated to the test version of SpyBot and still get the message. It still does not change on a reboot. I have just gone through the full cycle three times without running anything else (including my browser) with exactly the same outcome.

When you showed the last error message,did the end get cut off?

The error message SpyBot shows is

Widgi.Toolbar: [SBI $D4C0BB69] System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application

When I open the key with regedit nothing relevant shows.

It should be:
Widgi.Toolbar: [SBI $D4C0BB69] System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application Updater

Go to Start,Run,type in Services.msc,press OK.Scroll through and find Application Updater once again,double click it.When the properties window opens,highlight the text beside Service Name,rightclick and Copy it,then paste it here.
Also,where it says Path to Executable,is there anything listed there beside that?

Service name : - Application Updater

Path to Executable is blank

It's probably just a leftover service from a past install of widgi,then.Though I'm unable to tell that for certain here,which was why I was suggesting you give malware removal another go a few posts back.

You might be able to remove the service this way,if you want to try it:
Create a restore point:
http://support.microsoft.com/kb/948247

Go to Start,Run,Type cmd.exe,press enter.
Type in sc delete “Application Updater”,then press Enter.

May I get some help with the widgi.Toolbar which is showing on my Spybot scan?

I have only recently started using Spybot S D. 1.6.2 again after purchasing a replacement HP tower with Windows 7 Home Premium (x 64). I have read through Tashi's sticky notes on backing up and preliminary scans and have followed the instructions in anticipation of needing some documentation for you.

I have a current SSD scan.

tomh623

These sticky notes? :)
http://forums.spybot.info/showthread.php?t=288
If so,those are instructions for getting ready to post in the Malware Removal section of the forum.

You can find and post in that section of the forum here:
http://forums.spybot.info/forumdisplay.php?f=22

Thanks??????? I think. You were a great deal of help. i think?????

Edit
http://forums.spybot.info/showthread.php?p=430695#post430695