Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Widgi reported but not removed

  1. #1
    Member
    Join Date
    May 2007
    Posts
    49

    Default Widgi reported but not removed

    I ran Spybot yesterday and it reported Widgi as a problem. When I clicked fix it removed some other problems but reported that it couldn't remove one entry but would do so on restart.
    I resatrted and it started Spybot (no other tasks were running or started) and Spybot repoerted a couple of other errors (why? It didn't report them before) but Widgi was still there. I restarted again and Spybot reported Widgi is still a problem.

    How can I get rid of it.

    I'm running XP SP3 with the Chrome browser.
    Last edited by tashi; 2012-06-17 at 04:05. Reason: Moved from the malware forum

  2. #2
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,483

    Default

    Could you post the fixes logfile here,please?
    Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports.Look for the Fixes.yymmdd-hhmm file with the date from when you ran your scan,and doubleclick it.It will open up in the Spybot window,rightclick somewhere in that window and select Select All,then rightclick again and select Copy,then paste it here.

  3. #3
    Member
    Join Date
    May 2007
    Posts
    49

    Default

    Thanks, here it is




    --- Report generated: 2012-06-17 07:42 ---

    Widgi.Toolbar: [SBI $D4C0BB69] System Service (Registry key, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application Updater

    Common Dialogs: History (2 files) (Registry key, nothing done)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    MS Office 9.0: Recently used files (32 files) (Directory, nothing done)
    C:\Documents and Settings\Douglas Howell\Application Data\Microsoft\Office\Recent\

    Log: Activity: SchedLgU.Txt (Backup file, nothing done)
    C:\WINDOWS\SchedLgU.Txt

    Log: Activity: imsins.log (Backup file, nothing done)
    C:\WINDOWS\imsins.log

    Log: Install: comsetup.log (Backup file, nothing done)
    C:\WINDOWS\comsetup.log

    Log: Install: ocgen.log (Backup file, nothing done)
    C:\WINDOWS\ocgen.log

    Log: Install: setupapi.log (Backup file, nothing done)
    C:\WINDOWS\setupapi.log

    Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\mofcomp.log

    Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemcore.log

    Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemprox.log

    Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\winmgmt.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\core.mochibot.com\com.mochibot.sol
    Properties.size=105
    Properties.md5=3BD2B399A9A0E781096B64170F03D817
    Properties.filedate=1339660661
    Properties.filedatetext=2012-06-14 08:57:40

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\images-na.ssl-images-amazon.com\mercury.sol
    Properties.size=69
    Properties.md5=B34931977F3425F053C44B7263ED689C
    Properties.filedate=1339691911
    Properties.filedatetext=2012-06-14 17:38:31

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\magazine.northerncountiesgolfer.co.uk\analytics.sol
    Properties.size=419
    Properties.md5=731233DAF4BA7C40EAD4DD5A36BEFBEF
    Properties.filedate=1339625326
    Properties.filedatetext=2012-06-13 23:08:46

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\mit-prog-dl.kaltura.com.edgesuite.net\analytics.sol
    Properties.size=456
    Properties.md5=5662796D2F4AC30FA4FC74C64D01B455
    Properties.filedate=1339506173
    Properties.filedatetext=2012-06-12 14:02:53

    Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, nothing done)
    C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\ups.surveyrouter.com\agdata.sol
    Properties.size=148
    Properties.md5=4D979CADD365B4E0E9014D3CA611EA54
    Properties.filedate=1339673783
    Properties.filedatetext=2012-06-14 12:36:22

    Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, nothing done)
    C:\Documents and Settings\Douglas Howell\Application Data\Macromedia\Flash Player\#SharedObjects\NNR7C4GG\aa.online-metrix.net\fpc.swf\session.sol
    Properties.size=76
    Properties.md5=646794C80C327C2F75DDF9B39523AB40
    Properties.filedate=1339786712
    Properties.filedatetext=2012-06-15 19:58:31

    MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS Office 9.0: [SBI $BCA8814E] Internet history (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\Common\Internet\UseRWHlinkNavigation

    MS Office 9.0 (Word): [SBI $EC31BB71] Recently used file list (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\Word\Data\Settings

    MS Office 9.0 (Excel): [SBI $E49B52E1] Recent files (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\Excel\Recent Files

    MS Office 9.0 (PowerPoint): [SBI $43C6507A] Recent file list (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Office\9.0\PowerPoint\Recent File List

    MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Search Assistant\ACMru

    Windows.OpenWith: [SBI $F3568C7E] Open with list - .123 extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.123\OpenWithList

    Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

    Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

    Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (4 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

    Windows Explorer: [SBI $AA0766B5] Stream history (27 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (91 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $B7EBA926] Last visited history (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-2946278530-654351994-41216124-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Cookie: [SBI $49804B54] Cookie (30) (Cookie, nothing done)


    Cache: [SBI $49804B54] Cache (465) (Cache, nothing done)


    History: [SBI $49804B54] History (16) (History, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-08-15 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2012-01-16 Includes\Adware.sbi (*)
    2012-06-05 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-11-29 Includes\DialerC.sbi (*)
    2012-01-31 Includes\HeavyDuty.sbi (*)
    2012-05-16 Includes\Hijackers.sbi (*)
    2012-05-16 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2012-03-13 Includes\Keyloggers.sbi (*)
    2012-03-13 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2012-04-17 Includes\Malware.sbi (*)
    2012-06-05 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2012-05-29 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-12-13 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2012-01-17 Includes\Spyware.sbi (*)
    2012-05-08 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti (*)
    2011-09-28 Includes\Trojans.sbi (*)
    2012-06-12 Includes\TrojansC-02.sbi (*)
    2012-06-06 Includes\TrojansC-03.sbi (*)
    2012-06-11 Includes\TrojansC-04.sbi (*)
    2012-05-23 Includes\TrojansC-05.sbi (*)
    2012-06-12 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    Last edited by DougH; 2012-06-17 at 09:52.

  4. #4
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,483

    Default

    Try going to Start on your computer,then Run.Type in services.msc,Services should open.Scroll through,and if there is a service named Application Updater(it also might have the description 'Automatically downloads and installs application updates'),then click on it and press Stop.If that's successful,try running Spybot and see if it is able to remove it now.

    The rest of the items in your logfile all look to be usage tracks,and should have shown as the colour green when the scan was done:
    http://www.safer-networking.org/en/d...agetracks.html
    They're of no harm,so you can just ignore them if you wish.

    Please let me know how it goes.

  5. #5
    Member
    Join Date
    May 2007
    Posts
    49

    Default

    Application updater is showing 'Start the service'

    However I tried to click 'start' so that I could 'stop' it but it gave an error saying 'Cannot find the path specified'
    There is also a another service 'Automatic Updates' which is for Windows updates. But I assume that is not the one.

    PS I'm OK with the items in green.
    Last edited by DougH; 2012-06-17 at 11:13.

  6. #6
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,483

    Default

    Did you have MyBrowserBar or Dealio toolbar installed before,or currently installed?If it's currently installed,you might be able to uninstall it from add/remove programs or from your browser.
    From what I can find,it may have been bundled with another product,if you don't remember installing it.
    It may also be named something else,I think...Youtube downloader toolbar,perhaps,or a couple of others.

  7. #7
    Member
    Join Date
    May 2007
    Posts
    49

    Default

    I haven't downloaded any special toolbars and it doesn't appear in Add/Remove

  8. #8
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,483

    Default

    Perhaps the service was left from a past install then.To check for sure,you could ask for help in malware removal.Should be able to remove it in there.

    "BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

    Malware Removal:
    http://forums.spybot.info/forumdisplay.php?f=22

  9. #9
    Member
    Join Date
    May 2007
    Posts
    49

    Default

    Thanks. I'll give them a try in a couple of days when I get back from holiday.

  10. #10
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,483

    Default


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •