-
Widgi reported but not removed
I ran Spybot yesterday and it reported Widgi as a problem. When I clicked fix it removed some other problems but reported that it couldn't remove one entry but would do so on restart.
I resatrted and it started Spybot (no other tasks were running or started) and Spybot repoerted a couple of other errors (why? It didn't report them before) but Widgi was still there. I restarted again and Spybot reported Widgi is still a problem.
How can I get rid of it.
I'm running XP SP3 with the Chrome browser.
Last edited by tashi; 2012-06-17 at 03:05.
Reason: Moved from the malware forum
-
Spybot Advisor Team
Could you post the fixes logfile here,please?
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports.Look for the Fixes.yymmdd-hhmm file with the date from when you ran your scan,and doubleclick it.It will open up in the Spybot window,rightclick somewhere in that window and select Select All,then rightclick again and select Copy,then paste it here.
-
Thanks, here it is
--- Report generated: 2012-06-17 07:42 ---
Widgi.Toolbar: [SBI $D4C0BB69] System Service (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application Updater
Common Dialogs: History (2 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
MS Office 9.0: Recently used files (32 files) (Directory, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Microsoft\Office\Recent\
Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log
Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log
Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log
Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log
Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log
Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log
Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\core.mochibot.com\com.mochibot.sol
Properties.size=105
Properties.md5=3BD2B399A9A0E781096B64170F03D817
Properties.filedate=1339660661
Properties.filedatetext=2012-06-14 08:57:40
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\images-na.ssl-images-amazon.com\mercury.sol
Properties.size=69
Properties.md5=B34931977F3425F053C44B7263ED689C
Properties.filedate=1339691911
Properties.filedatetext=2012-06-14 17:38:31
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\magazine.northerncountiesgolfer.co.uk\analytics.sol
Properties.size=419
Properties.md5=731233DAF4BA7C40EAD4DD5A36BEFBEF
Properties.filedate=1339625326
Properties.filedatetext=2012-06-13 23:08:46
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\mit-prog-dl.kaltura.com.edgesuite.net\analytics.sol
Properties.size=456
Properties.md5=5662796D2F4AC30FA4FC74C64D01B455
Properties.filedate=1339506173
Properties.filedatetext=2012-06-12 14:02:53
Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\ups.surveyrouter.com\agdata.sol
Properties.size=148
Properties.md5=4D979CADD365B4E0E9014D3CA611EA54
Properties.filedate=1339673783
Properties.filedatetext=2012-06-14 12:36:22
Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\aa.online-metrix.net\fpc.swf\session.sol
Properties.size=76
Properties.md5=646794C80C327C2F75DDF9B39523AB40
Properties.filedate=1339786712
Properties.filedatetext=2012-06-15 19:58:31
MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Microsoft Management Console\Recent File List
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Office 9.0: [SBI $BCA8814E] Internet history (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\Common\Internet\UseRWHlinkNavigation
MS Office 9.0 (Word): [SBI $EC31BB71] Recently used file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\Word\Data\Settings
MS Office 9.0 (Excel): [SBI $E49B52E1] Recent files (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\Excel\Recent Files
MS Office 9.0 (PowerPoint): [SBI $43C6507A] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\PowerPoint\Recent File List
MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Search Assistant\ACMru
Windows.OpenWith: [SBI $F3568C7E] Open with list - .123 extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.123\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (27 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (91 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Cookie (30) (Cookie, nothing done)
Cache: [SBI $49804B54] Cache (465) (Cache, nothing done)
History: [SBI $49804B54] History (16) (History, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-15 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-06-05 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-05-16 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-06-05 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-05-29 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2011-09-28 Includes\Trojans.sbi (*)
2012-06-12 Includes\TrojansC-02.sbi (*)
2012-06-06 Includes\TrojansC-03.sbi (*)
2012-06-11 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-06-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Last edited by DougH; 2012-06-17 at 08:52.
-
Spybot Advisor Team
Try going to Start on your computer,then Run.Type in services.msc,Services should open.Scroll through,and if there is a service named Application Updater(it also might have the description 'Automatically downloads and installs application updates'),then click on it and press Stop.If that's successful,try running Spybot and see if it is able to remove it now.
The rest of the items in your logfile all look to be usage tracks,and should have shown as the colour green when the scan was done:
http://www.safer-networking.org/en/d...agetracks.html
They're of no harm,so you can just ignore them if you wish.
Please let me know how it goes.
-
Application updater is showing 'Start the service'
However I tried to click 'start' so that I could 'stop' it but it gave an error saying 'Cannot find the path specified'
There is also a another service 'Automatic Updates' which is for Windows updates. But I assume that is not the one.
PS I'm OK with the items in green.
Last edited by DougH; 2012-06-17 at 10:13.
-
Spybot Advisor Team
Did you have MyBrowserBar or Dealio toolbar installed before,or currently installed?If it's currently installed,you might be able to uninstall it from add/remove programs or from your browser.
From what I can find,it may have been bundled with another product,if you don't remember installing it.
It may also be named something else,I think...Youtube downloader toolbar,perhaps,or a couple of others.
-
I haven't downloaded any special toolbars and it doesn't appear in Add/Remove
-
Spybot Advisor Team
Perhaps the service was left from a past install then.To check for sure,you could ask for help in malware removal.Should be able to remove it in there.
"BEFORE You POST"(Please read this Procedure Before Requesting Assistance)
Malware Removal:
http://forums.spybot.info/forumdisplay.php?f=22
-
Thanks. I'll give them a try in a couple of days when I get back from holiday.
-
Spybot Advisor Team
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules