Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential rootKit infection


  • Please log in to reply
7 replies to this topic

#1 gravideo

gravideo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Elgin, IL
  • Local time:04:33 PM

Posted 26 May 2009 - 12:27 AM

I am submitting this post because I read a post in which PropagandaPanda provided successful assistance regarding similar symptoms.

My RootKitRevealer (by sysinternals.com) indicates a couple of registry discrepancies that point to a potential rootKit problem:

1) Three Keys with a Data mismatch between Windows API and raw hive data
2) Two registry keys 0 bytes long where the Key name contains embedded nulls

Per the post I read, output from gmer.exe follows:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-25 22:22:43
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 863072C8 ZwAlertResumeThread
SSDT 863073A8 ZwAlertThread
SSDT 86335618 ZwAllocateVirtualMemory
SSDT 864808B0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF5D97020]
SSDT 86330FC0 ZwCreateMutant
SSDT 863356F0 ZwCreateThread
SSDT 86330C40 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF5D972A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF5D97800]
SSDT 863354F8 ZwFreeVirtualMemory
SSDT 86307108 ZwImpersonateAnonymousToken
SSDT 863071E8 ZwImpersonateThread
SSDT 86335418 ZwMapViewOfSection
SSDT 86330EE0 ZwOpenEvent
SSDT 8642CE18 ZwOpenProcessToken
SSDT 86330D20 ZwOpenSection
SSDT 863077B0 ZwOpenThreadToken
SSDT 8642CE88 ZwResumeThread
SSDT 8642BDB0 ZwSetContextThread
SSDT 86307880 ZwSetInformationProcess
SSDT 86307658 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF5D97A50]
SSDT 86330E00 ZwSuspendProcess
SSDT 863074F0 ZwSuspendThread
SSDT 8642CE50 ZwTerminateProcess
SSDT 86331BF8 ZwTerminateThread
SSDT 8648E910 ZwUnmapViewOfSection
SSDT 86335588 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 1B8 804E2814 4 Bytes CALL B1D4588A
.text ntoskrnl.exe!_abnormal_termination + 478 804E2AD4 4 Bytes JMP F18EB121
? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2580] kernel32.dll!VirtualProtect + 1C 7C801AEC 7 Bytes JMP 03DF0034
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 03DF00B8
.text C:\Program Files\Internet Explorer\iexplore.exe[2580] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 03DF013F

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01242F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01242C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01242CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01242CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00EE2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00EE2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00EE2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00EE2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 140
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xCC 0x5D 0x50 0xA2 ...

---- EOF - GMER 1.0.15 ----

The output from OTScanIt2.exe is also available but I don't see an attachment button to send it and it's too large for inclusion inside this post (200 KB).

I appreciate your help!
GRAVIDEO
www.gravideo.com

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,907 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:33 PM

Posted 26 May 2009 - 09:17 AM

You should not be following specific instructions provided to someone else especially if they were given in the HijackThis forum. Those instructions were given under the guidance of a trained staff expert to help fix that particular member's problems, NOT YOURS. Before taking any action, the helper must investigate the nature of the malware issues and then formulate a fix for the victim. Although your problem may be similar, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware. Using someone else's fix instructions could lead to disastrous problems with your operating system. It's best that you tell us what specific issues YOU are having rather than point to someone else.

With that said, not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. SSDT (System Service Descriptor Table) is a table that stores addresses of functions that are used by Windows. Both Legitimate programs and rootkits can hook into and alter this table. You should not be alarmed if you see any hidden entries created by legitimate programs after performing a scan.[/color][/i]

Please read "Info on common RKR log entries" such as Data Mismatches, RKR Secret Keys (embedded nulls), and Zero Bytes.

If you're unsure how to use RKR (or GMER) or read the logs, you should not be using them. Some ARK tools are intended for advanced users or to be used under the guidance of an expert as they are powerful and can be misused with disastrous results. There are many free ARK tools but some require a certain level of expertise and investigative ability to use.

What specific issues are you having that prompted you to follow someone else's instructions and run these tools?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 gravideo

gravideo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Elgin, IL
  • Local time:04:33 PM

Posted 26 May 2009 - 10:05 AM

The person, a moderator, said basically what you said about other peoples solutions, but did say to do the two things that I did but continue no further. Hence, my post.

Since my post, I have been noticing numerous TCP connections being made to a96-17-75-113.deploy.akmaitechnologies.com:http and that further concerns me.

My main concern was the points made early in my post regarding the Data Mismatches, RKR Secret Keys (embedded nulls), and Zero Bytes. Further, the use of sysinternals regdelnull routing to delete keys with nulls has no effect.
GRAVIDEO
www.gravideo.com

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,907 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:33 PM

Posted 26 May 2009 - 10:12 AM

My main concern was the points made early in my post regarding the Data Mismatches, RKR Secret Keys (embedded nulls), and Zero Bytes.

I already provided you the link with sysinternals' information about them.

Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Please download Rooter.exe and save to your desktop.
  • Double-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...
  • A DOS window will appear and show the scan progress.
  • If you receive a Windows - No Disk error message, click Continue.
  • Once the scan is complete, a notepad file (Rooter.txt) containing the report will open and Rooter will automatically close.
  • A log will also be saved at %systemdrive%\Rooter.txt (where %systemdrive% is usually C: or the drive that you have Windows installed).
  • Copy and paste the contents of Rooter.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 gravideo

gravideo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Elgin, IL
  • Local time:04:33 PM

Posted 26 May 2009 - 10:52 AM

Per your request, I downloaded and ran MBAM with the following results:

Malwarebytes' Anti-Malware 1.36
Database version: 2181
Windows 5.1.2600 Service Pack 2

5/26/2009 10:31:54 AM
mbam-log-2009-05-26 (10-31-54).txt

Scan type: Quick Scan
Objects scanned: 84605
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
//-----------------------------------------------------------------------//

I have downloaded and run Rooter.exe with the following results:

Microsoft Windows XP Professional (5.1.2600) Service Pack 2

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:76308 Mo/Free:1952 Mo)
D:\ [Fixed] - NTFS - (Total:572197 Mo/Free:1376 Mo)
F:\ [Fixed] - NTFS - (Total:95597 Mo/Free:3894 Mo)
J:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
K:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 05/26/2009|10:34

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
---------- C:\ColdFusion8\db\slserver54\bin\swagent.exe
---------- C:\ColdFusion8\db\slserver54\bin\swstrtr.exe
---------- C:\ColdFusion8\db\slserver54\bin\swsoc.exe
---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
---------- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Tablet.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
---------- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
---------- C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
---------- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
---------- C:\Program Files\Logitech\QuickCam\Quickcam.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
---------- C:\Program Files\Microsoft Office\Office10\msoffice.exe
---------- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
---------- C:\WINDOWS\system32\WTablet\TabUserW.exe
---------- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
---------- D:\DOCUMENTS AND SETTINGS\ADMIN\MY DOCUMENTS\MY SUPPLIERS\MICROSOFT\SYSINTERNALS\PROCEXP.EXE
---------- C:\WINDOWS\system32\cmd.exe
---------- D:\Documents and Settings\Admin\My Documents\My Suppliers\Microsoft\sysinternals\RootkitRevealer.exe
---------- C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
---------- D:\Documents and Settings\Admin\My Documents\My Suppliers\Microsoft\sysinternals\Tcpview.exe
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
---------- C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
---------- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 05/26/2009|10:35

----------------------\\ Scan completed at 10:35

//-------------------------------------------------------------------------//

Both of the above seem to indicate that there is not a problem, at least to my untrained eye. However, I remain concerned about the TCP connections to a96-17-76-113.deploy.akmaitechnologies.com:http. Connectios are also sometimes made to iw-in-f154.google.com:http.

If it's not beyond the scope of what you are doing with me, who/what initiates such connections. I have certainly not actively ititiated these connections. During the night last night the TCPView (sysinternals) reported a connection and when I clicked the "who is" button for the entry, it reported an outfit in Bejing, China. That sort of stuff is a bit alarming to a guy like me.
GRAVIDEO
www.gravideo.com

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,907 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:33 PM

Posted 26 May 2009 - 11:45 AM

Both of the above seem to indicate that there is not a problem

Correct.

There are other third party utilities that will allow you to manage and view detailed listings of all TCP and UDP endpoints on your system, including local/remote addresses, state of TCP connections and the process that opened the port:You can use netstat from a command prompt to obtain Local/Foreign Addresses, PID and listening state.
  • netstat -a lists all active TCP connections and the TCP and UDP ports on which the computer is listening.
  • netstat -b lists all active TCP connections, Foreign Address, State and process ID (PID) for each connection.
  • netstat -n lists active TCP connections. Addresses and port numbers are expressed numerically and no attempt is made to determine names.
  • netstat -o lists active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager. This parameter can be combined with -a, -n, and -p (example: netstat -ano).
You can use Process Monitor, an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity or various Internet Traffic Monitoring Tools for troubleshooting and malware investigation.

You can investigate IP addresses and gather additional information at:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 gravideo

gravideo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Elgin, IL
  • Local time:04:33 PM

Posted 26 May 2009 - 01:11 PM

quietman7,

Thank you for your assistance!
GRAVIDEO
www.gravideo.com

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,907 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:33 PM

Posted 26 May 2009 - 01:39 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users