• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0


5 posts in this topic



well. I used the newest version of cws shredder (btw: good job, Merijn) and it did remove the searchx.cc version of the malware, but I think that the program modified the IE-link to reinstall itself whenever I used it.

so.. I remove the sh*t with cws shredder and it's gone. if I start IE by clicking iexplore.exe, everything is ok and clean. if I click the IE link in the start-programs menu instead, the malware reinstalls itself.


I could be wrong, but it's worth a check (for improving shredder).




I was wrong... maybe.. I created a new link to IE and got searchx.cc again.. closed IE, ran a shredder and after clicking iexplore.exe, IE was clean again.. so.. the malware has obviously infected something else... hmm.. I'll try another way.. brb.

Edited by qy3pr

Share this post

Link to post
Share on other sites



SearchX needs to be removed in a different way :)


Let's have a look at a HijackThis Log.


1. If you don't already have HijackThis, Download HijackThis from downloads.subratam.org/hijackthis.zip

2. Make a folder in My Documents and name it with a name you like.

3. Extract the contents of the Zip file to this newly made folder.

4. You should get a dynamite like icon. Run that and press SCAN. The SCAN button will change to SAVE. Click on SAVE and a notepad window should pop-up. Save that entire content

5. Copy the entire content of the HijackThis Log and paste it here.DO NOT Delete or modify anything yet, as some of it is needed to keep your system in Good Shape.



Share this post

Link to post
Share on other sites

ok. I tested to run IE by clicking on a shared (read-only) shortcut through the network. there's nothing wrong with the link.. the installation process starts somewhere else.. here's the log:


Logfile of HijackThis v1.97.7

Scan saved at 11:09:47, on 2004-06-14

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:














R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll


O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - Startup: Microsoft Office.lnk = C:\Program\office\Office\OSA9.EXE

O4 - Startup: Adobe Gamma Loader.lnk = C:\Program\Vanliga filer\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0276bdbfbdeb7d...ip/RdxIE601.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200405...llInstaller.exe

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = Bostream

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =,




btw, I know what the registry is and how windows and pc's work.. it's just this hijacker I can't get rid of.. and somehow I never get this kind of crap.. this is not my computer we're talking about.

Share this post

Link to post
Share on other sites

Download this file from http://downloads.subratam.org/dllfix.exe .


Preferably to Desktop. Double click on it and it being a self -extractor, will create its own folder. Run Start.Bat from there. Run Option 1. which is "Run Find-All... ". Let it complete and there will be a pop-up window with a log.

Post that log here.


[ Tutorial - http://forums.subratam.org/index.php?showtopic=583 with screenshots for better understanding. Follow upto step 5 ]



Share this post

Link to post
Share on other sites

This is for Windows 2000 or Windows XP only


but I had to modify the batch-file in order to see that message.. otherwise the shell window closed automatically.


PS. btw: thx for your help. I also forgot to mention that the computer runs win98.

Edited by qy3pr

Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0