Here is the Information for CWS.Xplugin Good Luck, GFL Variant 18: CWS.Xplugin - 'Helping' you search the web Approx date first sighted: November 11, 2003 Log reference: Not visible in HijackThis log! Symptoms: Some links in Google results redirecting to umaxsearch.com or coolwebsearch.com every now and then Cleverness: 10/10 Manual removal difficulty: Involves some Registry editing Identifying lines in HijackThis log: Not visible in HijackThis log! This variant is the first one that is not visible in a HijackThis log. It works invisible, changing links from Google search results to other pages. It took a while to find out how this variant works, since it doesn't use any of the standard locations. A file xplugin.dll is installed, which creates a new protocol filter for text/html. In normal english, this means it reads most of the web pages downloaded to your browser. It also randomly alters some links in Google search results to pages on umaxsearch.com and coolwebsearch.com. It claims to be made by something called TMKSoft. It is unknown if deleting the file has no side-effects, but using CWShredder or running regsvr32 /u c:\windows\system32\xplugin.dll (may vary depending on Windows version) fixes the hijack completely. From: " milady" <kg6ocz@xxxxxxxxxxxxx> Subject: -=PCTechTalk=- CWS_xplugin Date: Sat, 16 Oct 2004 11:37:37 -0700 I keep coming up with this THING , CWS_xplugin-during scan with my ISP spyware finder but I can't FIND it doing search in XP and spyware finder runs thru so fast I can't get clue where the thing is--..all spyware does is disable it but doesn't say where it is..neither Ad-aware or spybot find it..I did a search for it and everythng coming up in google points me to stuff I have to pay for..Is there ANYTHING that might find it? --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.778 / Virus Database: 525 - Release Date: 10/15/2004 To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk