Hello,

Recently, I had done a system scan on my laptop with the Spybot - Search & Destroy 2.0.12 on a windows 7 64 bit system. However, for some reason the scan can not fix these issues. Is there any way to fix them? Here is what the scan results look like. Please help. Thank you

Search results from Spybot - Search & Destroy

4/12/2013 12:10:57 PM
Scan took 00:22:40.
7 items found.

Toolbar.Snap.do: [SBI $946FBA81] User settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1111270923-3458708538-1847884519-1001\Software\Microsoft\Internet Explorer\Main\Search Page

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1111270923-3458708538-1847884519-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (70) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (6) (Browser: History, nothing done)



--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-04-11 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-12-18 Includes\Adware.sbi (*)
2013-04-09 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-04-09 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-04-09 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-04-09 Includes\Spyware.sbi (*)
2013-04-09 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-03-19 Includes\TrojansC-02.sbi (*)
2013-04-09 Includes\TrojansC-03.sbi (*)
2013-03-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2013-03-01 Includes\TrojansC.sbi (*)

Try opening Spybot-S&D Start Center,then rightclick System Scan and select Run as Administrator.

These results are Usage Tracks,and they aren't cause for concern.

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1111270923-3458708538-1847884519-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (70) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (6) (Browser: History, nothing done)
This page explains what Usage Tracks are. :)
http://www.safer-networking.org/faq/usage-tracks/

This one is in the Pups category:

Toolbar.Snap.do: [SBI $946FBA81] User settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1111270923-3458708538-1847884519-1001\Software\Microsoft\Internet Explorer\Main\Search Page
So,I'll show you this page that explains what the Pups category is.
http://www.safer-networking.org/faq/pups/

I ran a scan as administrator and nothing happened. Although none of these are not threating, is there anyway to "fix" them? If not its ok.

Thank you for your help. :)

You're welcome. :)
After you clicked the Fix Selected button when the scan was done,did you see green checkmarks beside the items listed,or did it say Fixing Failed,or anything like that?

Every time after finishing a scan, there are green checkmarks beside the items. However, it still says that nothing was changed.:confused:

Did you restart your System after Scan finished and then try scanning again?

Every time after finishing a scan, there are green checkmarks beside the items. However, it still says that nothing was changed.
Do you mean that the same items return after you scan again? :)

Yes. :)

Ok,gotcha. :bigthumb:
It is normal for some Usage Tracks to return as you use your computer,if you do a scan with Spybot,and some time passes before you do your next scan.Of course,they shouldn't return right away,though,if you do a Spybot scan and then do another one right after that. :)

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1111270923-3458708538-1847884519-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (70) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (6) (Browser: History, nothing done)

As for this one,it should not be returning after you click Fix Checked:

Toolbar.Snap.do: [SBI $946FBA81] User settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1111270923-3458708538-1847884519-1001\Software\Microsoft\Internet Explorer\Main\Search Page
Since this is in the Pups category,the best way I can think of to describe Pups is that it is recognized that some computer users might not wish to have it on their computer.If you would like it removed then please try this:

This one could possibly be a leftover of a past install,but you should check that snap.do isn't still installed on your computer.
Click your Start orb,go to Control Panel,Uninstall a Program,look for Snap.Do,and if found rightclick it,then select Uninstall.You may get a prompt asking if you want to change your default search provider and home page to the old settings,if you do get that prompt,click Yes,then continue on with the uninstall.Reboot if prompted to.
After you're done,open Spybot-S&D Start Center,then rightclick System Scan and select Run as Administrator,then click Fix Checked when Spybot is done.
Please let me know if Spybot is finding it again after you do another scan.

I looked to see if Snap.do was installed on my laptop and it wasn't. :(

That's ok,what Spybot found may be a leftover from a past install of snap.do. :)
Unfortunately,I can't find any easy way to reset your search page within the latest versions of Internet Explorer without resetting it back to the way it was when you first got your computer:
http://windows.microsoft.com/en-CA/internet-explorer/change-ie-settings?ocid=IE10_resetting_affect#ie=ie-10-win-7
This way is the safest way to do it,but you also will have to set Internet Explorer up the way you want to again.

So,you can either follow the instructions on the page above,or if you would rather create and merge a .reg file to change just the search page in the registry,you could do that instead,it's your choice.(The .reg file doesn't involve having to set up Internet Explorer again,but it's a bit more risky.)

If you would like to try the .reg file,please copy the text within the code box:


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"

Go to Start,type in Notepad and open it.Rightclick and paste the text into notepad,then click File,then Save As.
Beside File Name,type searchpage.reg
Beside Save as Type,click the arrow in the dropdown box,and select All Files (*.*)
Over to the left,click Desktop,then click Save.
Close Notepad,go to your desktop,and rightclick searchpage.reg,and select Merge.
Say Yes to the UAC prompt,then you'll be prompted with a warning asking if you're sure you wish to continue.If you wish to continue,select Yes.You should get a prompt telling you if it merged successfully or not.

When you're all done with whichever way you chose to reset your Search Page,then please open Spybot-S&D Start Center,then rightclick System Scan and select Run as Administrator,and let me know if Snap.do isn't detected any more. :)

I tried the first method and Snap.Do is still detected. I don't want to try using the second method because I don't want to cause any harm to my laptop. :(

Ok,since that didn't work,you could ask for help removing it in Malware Removal. :)

The instructions to follow are here:
http://forums.spybot.info/showthread.php?t=288

And this is Malware Removal:
http://forums.spybot.info/forumdisplay.php?f=22

You could include this link in your post in Malware Removal also,if you like.It will link to this thread and let the person helping you know the general gist of what you need help with:
http://forums.spybot.info/showthread.php?t=68304

Ok. Thanks for the help. :) I do have one question though, would I be better off to restore my laptop to the point where I first purchased it? It's been a thought, however I don't want to risk any other possible infections.

You're welcome. :)
No,in my opinion you shouldn't restore your laptop back to when you first bought it,what Spybot is detecting isn't that bad,so that would be too drastic.I'm sorry if my sending you to Malware Removal worried you.

The reason to go there is that the snap.do detection keeps coming back,and they have logs and such in Malware Removal so that they can see for sure whether it is installed or not,and can also change your search page fairly easily,so that Spybot should not find Snap.do when you do scans anymore. :)

Ok. The reason why I asked is because it seems that ever since my web browser updated to internet explorer 10 it's been acting up. Some problems I've been experiencing include:

1.) Multiple browsers opening after closing and takes several attempts to close them.

2.) Web pages will not display and I will be taken to the can't display screen (This happens frequently).

3.) Youtube videos will take forever to load or the video will say "an error has occurred".

However after my attempt of uninstalling and reinstalling spybot, my web browser was working correctly when spybot was uninstalled. But after reinstalling it I was having problems again ( and enabling spybot's add-ons only made matters worse). Could the snap.do have something to do with these problems possibly occurring?

Thanks again! :)

You're welcome. :)
Those issues may be unrelated to what Spybot found,and some troubleshooting probably would need to be done.
So,I think this would be the best way to go about it:
If you get help in the malware section of this forum,then the snap.do Spybot detection should be fixed,and since you'd be posting logfiles in Malware Removal,if any of the problems Internet Explorer 10 is having are related to malware of some kind,they would most likely see that in your logfiles,and will work with you to fix it.

If,after you are all done in Malware Removal and your topic is closed,if the problems with Internet Explorer continue,you could post back here.
Those problems shouldn't be related to sdhelper or immunization,but there are a couple things that could be looked at,just to be sure. :)

Hey, How about updating your entire Windows System first then re-try the Spybot fix issue again....

Hi everybody,

First I am french speaker, so I already apologise for any mistakes I'll do.

I don't really know where to post this, but I have some information that might be helpful, I'm not a specialist in computers but it seem I finally could get rid of the snap.do toolbar. Actually, I first tried to find the program in my control panel to remove it as a simple program, but I couldn't find it! I read a lot about it because this toolbar was really messing up with the speed of my computer and my internet connection! It was a nightmare! :slap:

So, I read that sometimes the program is renamed another way (Resoft Ltd), So I looked for it in my control panel but again, couldn't find it! I tried to get rid of it through each of my web browsers settings (google chrome, Mozilla...), but again, couldn't find it there either, and when I did at some point, it would just come back again! :hair:

Then I realised there was an icon I didn't know in the quick search toolbar of my Mozilla Firefox browser, next to the adress bar, it was called Quick Share. I remembered I saw it before in my programs but thought it was part of a program I had added. So I went back to my control panel and removed it. Better to close your browsers before doing so.

Then I went to each settings of my web browsers and took it off in every settings where I could find it (sometimes is called quick share, sometimes snap.do, just delete all of them)... muha:

For Mozilla, in "tools", then "add-ons", then "extensions", check if quick share or snap.do is still there. If so, delete it but normally it should be gone, unless your browser wasn't restarted. Also in "tools", then "options", change your home page adress.

For Google Chrome, there is more too do: in "settings", check again for the add-ons and remove snap.do or quick share. Then in the settings section: I don't have the exact terms in english as my browsers are in french, but I'll do my best to do translation...
In "start" section, if the button "open a page or a group of pages" is selected by default, click next on "group of pages" and delete all pages you don't want to have at start of your browser (I had igoogle, babylon, snap.do and other unwanted - never asked for it). Add the homepage you want and save.
In appearance, change the homepage button if the page is not the one you want.
Then in Research section, click on "manage search engines" and again, delete all unwanted ones.

For Internet explorer, I've got no idea how to remove everything as I don't use it, but the process must not be so different. I've also Safari but it seems it wasn't harmed by snap.do.

Now, it seems it has worked for my computer :2thumb: and I hope it's not going to come back! Maybe someone can tell me what's to do to avoid getting all these unwanted toolbars/programs? Is there some settings to do in the web browsers which could help to protect the computer from getting infected (maybe cookies,..) I've got Kaspersky Internet Security 2013, but still, it didn't stop it! And I'm tired of spending time on trying to clear this out!

Hope this helps, maybe the administrators can correct me if I did something wrong in the process?