'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
Disable Protective Software
The protective software you have running on your system may interfere with certain fixes that we need to make. Please follow these instructions to disable it.
Disable SpywareGuard
Right-click on the System tray icon of Spywareguard. It will open the program.
Click on the "Options" tab.
Please uncheck all three options, "Enable Real-Time Scanning","Enable Download Protection", and "Enabled Browser Hijack Protection".
Then go to Menu, File, Exit.
Click 'Yes' to confirm.
Spybot TeaTimer
Please launch Spybot Search and Destroy.
Click "Mode" at the top and make sure "Advanced" is selected.
On the left, click System Startup and uncheck "SpybotSD TeaTimer".
Please Reboot the Computer
Once we have cleaned up your computer, you can re-enable them.
Next, reboot your computer in Safe Mode by doing the following:
Restart your PC and when you get the first Windows XP screen with the bar running across, start pressing the F8 key as if your life depended on it, from the menu select the option to enter Safe Mode
Run Cleanup! using the following configuration:
1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:
* Delete Newsgroup cache
* Delete Newsgroup Subscriptions
* Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.
* CleanUp! will not create any backups!!
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Next go to Control Panel click Display>Desktop>Customize Desktop>Website
Under the 'Web pages' box, Uncheck everything present.
Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
* Click Scanner
* Click Complete System Scan to begin scanning.
* Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
* "Perform action on all infections"
* Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop
Answer Yes, when prompted to install an ActiveX component.
* The program will then begin downloading the latest definition files.
* Once the files have been downloaded click on NEXT
* Locate the Scan Settings button & configure to:
o Scan using the following Anti-Virus database:
+ Extended
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
* Click OK & have it scan My Computer
* Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
* Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
In your next post, please include fresh copies of:
Ok spent most of the night running everything you have for me. Thanks for you help.
Here are the posts you requested.
Logfile of HijackThis v1.99.0
Scan saved at 7:54:57 AM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, February 05, 2006 07:48:50
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/02/2006
Kaspersky Anti-Virus database records: 174915
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 67341
Number of viruses found: 10
Number of infected objects: 29
Number of suspicious objects: 0
Duration of the scan process: 3212 sec
replmap.dll
1024 dir
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
hp***.tmp
~~~ Icons in System32 ~~~
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 736 'explorer.exe'
Killing PID 736 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
SharedTaskScheduler exporter by Grinler
Registry Pseudo-Format Mode (Not a valid reg file):
My internet speed is very slow. When i reboot, there is a pop up showing that something is still trying to change my internet explorer homepage. The Spyware strike is not trying to reinstall every half hour though, which is very nice, along with the toolbar pop up that has ceased.
I really haven't done much on the computuer, because i saw the viruses and bad files on the Kaspersky Online Scanner, and didn't want to make anything worse. Just wanted to wait patiently for the Dr's diagnosis? :-)
Some of the virus files are quarantined by housecall and the rest are in system restore, which should not cause any problems. We will clean them up later.
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
You will be prompted to check for updated definitions, please do so.
(This may take several minutes)
Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
Click on Sweep and allow it to fully scan your system.
When the sweep has finished, click Remove. Click Select All and then Next
From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.
Exit Spy Sweeper.
Restart your computer, and then please copy and paste the SpySweeper log into this thread.
Better, nothing is changing my home page upon reboot, and my internet speed has improved somewhat. One thing of note, my Windows Media Player is not working while online. Real and Quicktime all work correctly, but everytime a webpage runs off WMV i get an error message saying "Can not Create DirectShow Player". This is the first time i have ever had this error, and it is the same on both IE and Netscape.
The logs look good and your PC currently seems to be clean.
If all is good you can create a new system restore point, to flush all earlier system restore points which may be containing infected files.
* Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
* Click Apply
* Then untick the same checkbox & click OK
* This deletes ALL restore points that had the infection and creates a clean one
Enable your Protective Software
SpywareGuard
Spybot TeaTimer
To help prevent future spyware installations/infections:
Keep the Windows and Internet Explorer updated with the latest fixes. These fixes are available free from Microsoft. Click on Tools in the IE menu bar and then on Windows update. You can also use the following links
Download
Microsoft AntiSpyware at the Microsoft site. Here's a
tutorial from Microsoft on how to install Microsoft AntiSpyware, scan/remove spyware, setup scheduled scans and use real-time protection.
Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
I would say check for updates weekly and if you want, run them weekly (or maybe bi-weekly).
You should also upgrade (to a newer version) if any of the above programs have one available.
Ok did the test, and the download of DirectX, and getting the same error. Is there a possiblity one of these spyware downloads is blocking it? It works fine offline, but online it fails to work, like it is being prevented from running?
How do i go about uninstalling WMV? It is neither in my Add/remove programs listing, nor does it have an uninstall in its folder. Reading through other postings, it looks like uninstalling in safe mode, then reinstalling is the only known fix. But i can't even find the uninstall.
There's no uninstall utility for WMP in Windows XP. You would have to use the (Optional if you're adventurous solution) in the link provided in my previous post.
Chik
453 Posts
0
February 5th, 2006 01:00
Download & extract it to it's own folder - smitRem.exe http://www.downloads.subratam.org/smitRem.exe
Download and install Ewido Security Suite http://download.ewido.net/ewido-setup.exe
* When installing, under "Additional Options",
o uncheck - Install background guard
* Have Ewido update itself & then exit the program.
If you are having problems with the updater, you can use this link to manually update Ewido http://www.ewido.net/en/download/updates/
Click on the "Options" tab.
Please uncheck all three options, "Enable Real-Time Scanning","Enable Download Protection", and "Enabled Browser Hijack Protection".
Then go to Menu, File, Exit.
Click 'Yes' to confirm.
Click "Mode" at the top and make sure "Advanced" is selected.
On the left, click System Startup and uncheck "SpybotSD TeaTimer".
Please Reboot the Computer
Restart your PC and when you get the first Windows XP screen with the bar running across, start pressing the F8 key as if your life depended on it, from the menu select the option to enter Safe Mode
Run Cleanup! using the following configuration:
1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:
* Delete Newsgroup cache
* Delete Newsgroup Subscriptions
* Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.
* CleanUp! will not create any backups!!
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Next go to Control Panel click Display>Desktop>Customize Desktop>Website
Under the 'Web pages' box, Uncheck everything present.
Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
* Click Complete System Scan to begin scanning.
* Click OK when prompted to clean files
* "Perform action on all infections"
* Choose clean and click OK.
Answer Yes, when prompted to install an ActiveX component.
* Once the files have been downloaded click on NEXT
* Locate the Scan Settings button & configure to:
o Scan using the following Anti-Virus database:
+ Extended
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
* Click OK & have it scan My Computer
* Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
* Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
* HiJackThis log
* Online scan
* Smitfiles.txt
* Ewido's log
-chik
Message Edited by Chik on 02-04-2006 09:56 PM
peeps58
33 Posts
0
February 5th, 2006 10:00
Here are the posts you requested.
Logfile of HijackThis v1.99.0
Scan saved at 7:54:57 AM, on 2/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N4 - Mozilla: user_pref("browser.startup.homepage", "www.yahoo.com"); (C:\Documents and Settings\Just Me\Application Data\Mozilla\Profiles\default\2qtp5xs7.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Just Me\Application Data\Mozilla\Profiles\default\2qtp5xs7.slt\prefs.js)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4687/mcfscan.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, February 05, 2006 07:48:50
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/02/2006
Kaspersky Anti-Virus database records: 174915
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 67341
Number of viruses found: 10
Number of infected objects: 29
Number of suspicious objects: 0
Duration of the scan process: 3212 sec
Infected Object Name - Virus Name
C:\Documents and Settings\Just Me\.housecall\Quarantine\count.jar-69e3b4cc-382fb90d.zip.bac_a02108/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Just Me\.housecall\Quarantine\count.jar-69e3b4cc-382fb90d.zip.bac_a02108/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Just Me\.housecall\Quarantine\count.jar-69e3b4cc-382fb90d.zip.bac_a02108/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Just Me\.housecall\Quarantine\count.jar-69e3b4cc-382fb90d.zip.bac_a02108 Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2.tmp Infected: Trojan-Downloader.Win32.Zlob.fz
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\D.tmp Infected: Trojan-Downloader.Win32.Zlob.fz
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0032163.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0032163.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0032163.exe/WISE0022.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0032163.exe/WISE0023.BIN/data0002 Infected: not-a-virus:AdWare.Win32.WebRebates.r
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0032163.exe/WISE0023.BIN/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0032163.exe/WISE0023.BIN/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0032163.exe/WISE0023.BIN/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0032163.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0032163.exe Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0032164.exe/data0008 Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0032164.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP280\A0038090.exe/data0008 Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP280\A0038090.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP280\A0038091.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP280\A0038091.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP280\A0038091.exe/WISE0022.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP280\A0038091.exe/WISE0023.BIN/data0002 Infected: not-a-virus:AdWare.Win32.WebRebates.r
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP280\A0038091.exe/WISE0023.BIN/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP280\A0038091.exe/WISE0023.BIN/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP280\A0038091.exe/WISE0023.BIN/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP280\A0038091.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP280\A0038091.exe Infected: not-a-virus:AdWare.Win32.WebRebates.p
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041752.exe Infected: Trojan-Downloader.Win32.Zlob.fy
Scan process completed.
peeps58
33 Posts
0
February 5th, 2006 11:00
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Sat 02/04/2006
The current time is: 23:53:56.59
Running from
C:\smitrem\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
SharedTaskScheduler exporter by Grinler
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}"="Replay for WindowsXP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}\InProcServer32]
@="C:\WINDOWS\system32\replmap.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SpywareStrike © by noahdfear
SpywareStrike directory present
SpywareStrike uninstaller present
Starting SpywareStrike uninstaller
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
Security Toolbar
~~~ Shortcuts ~~~
Online Security Guide.url
Security Troubleshooting.url
~~~ Favorites ~~~
Antivirus Test Online.url
~~~ system32 folder ~~~
replmap.dll
1024 dir
ld****.tmp
mssearchnet.exe
ncompat.tlb
nvctrl.exe
hp***.tmp
~~~ Icons in System32 ~~~
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 736 'explorer.exe'
Killing PID 736 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
SharedTaskScheduler exporter by Grinler
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:35:21 AM, 2/5/2006
+ Report-Checksum: 4A5C628E
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> Trojan.Small : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Just Me\Application Data\Netscape\NSB\Profiles\yh27k1qv.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP286\A0041131.ini -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP286\A0041134.ref -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP294\A0041299.exe -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP294\A0041306.ini -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP294\A0041307.ref -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP294\A0041310.exe -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041425.exe -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041432.ini -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041433.ref -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041436.exe -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041520.exe -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041521.ref -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041522.ini -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041531.exe -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041736.exe -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041737.ref -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041738.ini -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041747.exe -> Adware.SpywareStrike : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0041750.dll -> Not-A-Virus.Hoax.Win32.Renos.bc : Cleaned with backup
::Report End
Chik
453 Posts
0
February 5th, 2006 14:00
How is everything working?
-chik
peeps58
33 Posts
0
February 5th, 2006 15:00
I really haven't done much on the computuer, because i saw the viruses and bad files on the Kaspersky Online Scanner, and didn't want to make anything worse. Just wanted to wait patiently for the Dr's diagnosis? :-)
Chik
453 Posts
0
February 5th, 2006 17:00
(This may take several minutes)
peeps58
33 Posts
0
February 6th, 2006 01:00
4:36 PM: | Start of Session, Sunday, February 05, 2006 |
4:36 PM: Spy Sweeper started
4:36 PM: Sweep initiated using definitions version 611
4:36 PM: Starting Memory Sweep
4:39 PM: Memory Sweep Complete, Elapsed Time: 00:03:25
4:39 PM: Starting Registry Sweep
4:40 PM: Found Adware: whenu save
4:40 PM: HKCR\acm.acmfactory\ (5 subtraces) (ID = 773927)
4:40 PM: HKCR\acm.acmfactory.1\ (3 subtraces) (ID = 773933)
4:40 PM: HKCR\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\ (12 subtraces) (ID = 773937)
4:40 PM: HKCR\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (9 subtraces) (ID = 773950)
4:40 PM: HKCR\appid\acm.dll\ (1 subtraces) (ID = 773960)
4:40 PM: HKCR\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}\ (1 subtraces) (ID = 773962)
4:40 PM: HKLM\software\classes\acm.acmfactory\ (5 subtraces) (ID = 773964)
4:40 PM: HKLM\software\classes\acm.acmfactory.1\ (3 subtraces) (ID = 773970)
4:40 PM: HKLM\software\classes\appid\acm.dll\ (1 subtraces) (ID = 773974)
4:40 PM: HKLM\software\classes\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}\ (1 subtraces) (ID = 773976)
4:40 PM: HKLM\software\classes\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\ (12 subtraces) (ID = 773979)
4:40 PM: HKLM\software\classes\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (9 subtraces) (ID = 773992)
4:40 PM: Found Adware: psguard\winhound fakealert
4:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ (2 subtraces) (ID = 1035010)
4:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ || displayname (ID = 1035011)
4:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ || uninstallstring (ID = 1035012)
4:40 PM: Found Adware: cws-aboutblank
4:40 PM: HKU\S-1-5-21-2587767776-386415881-3091646560-1007\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
4:40 PM: HKU\S-1-5-21-2587767776-386415881-3091646560-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
4:40 PM: HKU\S-1-5-21-2587767776-386415881-3091646560-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
4:40 PM: Registry Sweep Complete, Elapsed Time:00:00:20
4:40 PM: Starting Cookie Sweep
4:40 PM: Found Spy Cookie: partypoker cookie
4:40 PM: just me@partypoker[1].txt (ID = 3111)
4:40 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:40 PM: Starting File Sweep
4:51 PM: Found Adware: cws iesearch
4:51 PM: securityclassloader.class-46081636-22511e46.class (ID = 55971)
4:57 PM: Warning: Invalid Stream
4:57 PM: Warning: Invalid Stream
4:57 PM: Warning: Invalid Stream
4:57 PM: File Sweep Complete, Elapsed Time: 00:17:22
4:57 PM: Full Sweep has completed. Elapsed time 00:21:10
4:57 PM: Traces Found: 84
10:24 PM: Removal process initiated
10:24 PM: Quarantining All Traces: cws-aboutblank
10:24 PM: Quarantining All Traces: psguard\winhound fakealert
10:24 PM: Quarantining All Traces: cws iesearch
10:24 PM: Quarantining All Traces: partypoker cookie
10:24 PM: Quarantining All Traces: whenu save
10:25 PM: Removal process completed. Elapsed time 00:01:31
********
4:35 PM: | Start of Session, Sunday, February 05, 2006 |
4:35 PM: Spy Sweeper started
4:35 PM: Sweep initiated using definitions version 611
4:35 PM: Starting Memory Sweep
4:35 PM: Sweep Canceled
4:35 PM: Memory Sweep Complete, Elapsed Time: 00:00:31
4:35 PM: Traces Found: 0
4:36 PM: | End of Session, Sunday, February 05, 2006 |
********
4:34 PM: | Start of Session, Sunday, February 05, 2006 |
4:34 PM: Spy Sweeper started
4:34 PM: Your spyware definitions have been updated.
4:35 PM: | End of Session, Sunday, February 05, 2006 |
Chik
453 Posts
0
February 6th, 2006 10:00
peeps58
33 Posts
0
February 6th, 2006 14:00
Major problems have ceased, thanks again.
Chik
453 Posts
0
February 6th, 2006 16:00
Windows Media player error:
Go to the Run box on the Start Menu and type in:
sfc /scannow
Click OK
It may ask you to insert your Windows XP CD
If that doesn't solve your problem:
You might have to reinstall directx
The logs look good and your PC currently seems to be clean.
If all is good you can create a new system restore point, to flush all earlier system restore points which may be containing infected files.
* Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
* Click Apply
* Then untick the same checkbox & click OK
* This deletes ALL restore points that had the infection and creates a clean one
Enable your Protective Software
SpywareGuard
Spybot TeaTimer
To help prevent future spyware installations/infections:
Keep the Windows and Internet Explorer updated with the latest fixes. These fixes are available free from Microsoft. Click on Tools in the IE menu bar and then on Windows update. You can also use the following links
Windows security and critical updates
Internet Explorer security and critical updates
Download Microsoft AntiSpyware at the Microsoft site. Here's a tutorial from Microsoft on how to install Microsoft AntiSpyware, scan/remove spyware, setup scheduled scans and use real-time protection.
Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
I would say check for updates weekly and if you want, run them weekly (or maybe bi-weekly).
You should also upgrade (to a newer version) if any of the above programs have one available.
You should be good to go.
Good luck,
-chik
peeps58
33 Posts
0
February 6th, 2006 23:00
Chik
453 Posts
0
February 7th, 2006 01:00
Edit: Looks like there is NO uninstall utility, so uninstall is not possible, maybe there's no cure for this problem.
It might be caused by the problem your having with the codecs
Your solution might be to Uninstall WMP then reinstall it
-chik
Message Edited by Chik on 02-07-2006 09:49 AM
Chik
453 Posts
0
February 8th, 2006 02:00
peeps58
33 Posts
0
February 9th, 2006 01:00
Chik
453 Posts
0
February 9th, 2006 02:00
There's no uninstall utility for WMP in Windows XP. You would have to use the (Optional if you're adventurous solution) in the link provided in my previous post.
-chik