Possible Keylogger/Malware/Spyware Problem

[Antonio09]

Hi There,

Firstly thank you for offering your services to the people of the world for free especially myself. It's a huge gesture which I really appreicate & admire.

Im a Forum Administrator on music forum which uses Invision Power Board. My account on this forum was hacked by an IP address in the UK somehow by stealing my password .They accessed the admin Control Panel & sent a mass email/PM asking members to sign up to another forum.

So I think I have a keylogger and/or trojan/spyware hiding about in my PC, which could be taking any other og my username/password details.

I am very careful about what I download, but think it came from a free premium rapidshare (Account details can be given if required) a forum member gave me.(owners advised this is the member who hacked my account) who has since been deleted from the forum.

I've ran Ad-Aware & done a full scan using my McAfee which didn't really pick up anything but am still skeptical as to whether or not the trojan/keylogger has been removed.

Appreicate your expertise & knowldge which is a great asset to us all how need it. Keep up the great & generous work!

King regards,

Antonio

As requested:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Antonio at 13:49:43.28 on Sun 28/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1465 [GMT 10:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.optusnet.com.au/
uSearch Page = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
uSearch Bar = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
uDefault_Page_URL = http://www.google.com.au/ig/dell?hl=...au&ibd=2070723
uInternet Connection Wizard,ShellNext = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=2070723
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol70t~1.lnk - c:\program files\aol 7.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-7-24 214024]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-7-24 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-7-24 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-7-24 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-7-24 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-7-24 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-7-24 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-7-24 34216]

=============== Created Last 30 ================

2009-06-27 16:21 268 a---h--- C:\sqmdata14.sqm
2009-06-27 16:21 244 a---h--- C:\sqmnoopt14.sqm
2009-06-13 10:55 244 a---h--- C:\sqmnoopt13.sqm
2009-06-13 10:55 232 a---h--- C:\sqmdata13.sqm
2009-06-13 10:54 244 a---h--- C:\sqmnoopt12.sqm
2009-06-13 10:54 232 a---h--- C:\sqmdata12.sqm

==================== Find3M ====================

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-08 01:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-08 01:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 14:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 14:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 14:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 14:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 14:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 14:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 14:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 14:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 14:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 14:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 14:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 19:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 19:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 15:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 15:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 22:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 22:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-16 00:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-16 00:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-09-23 20:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092320080924\index.dat

============= FINISH: 13:50:12.68 ===============

Attached Logs:

[TheBruce1]

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Quote:

My account on this forum was hacked by an IP address in the UK somehow by stealing my password .They accessed the admin Control Panel & sent a mass email/PM asking members to sign up to another forum.

Are you sure your account was hacked or it could be that they just sent PMs to forum members, it is not the first time this has been done on forums.

Nothing in you log indicates a keylooger or any other malicious file(s), just some tidying up to do.

===========

Click > Start > Control Panel > Add or Remove Programs and uninstall the following programs:

J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Leave Java(TM) 6 Update 14 installed
URL Assistant<---Pre-installed on Dell/HP machines. This is a program that redirects mis-typed URLs to a Dell branded Google search page.
Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

Additional Information Here

========

Download ATF-Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

=========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

This animation will guide you through the process:




To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

========
Log Required
Kaspersky Scan Report

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

[Antonio09]

[quote=TheBruce1;2215687]

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========
Are you sure your account was hacked or it could be that they just sent PMs to forum members, it is not the first time this has been done on forums.
===========

Hello :)

Thanks for your reply.

I can't edit my first post to remove the attached logs as recommended, appreicate if this can be done :)

Im quite positive my account on the forum was hacked. Several different UK IP's were logging into my account & I live no where near the UK. The top part of the forum page displayed another forum when I logged in and the forum skin was different.

1.I have uninstall the suggested programs as requested shown below:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
URL Assistant
Viewpoint Media Player

2. Downloaded & Run ATF Cleaner

3.Completed the Kaspersky Online Scan. Log attached below:

Look forward to your reply.

Kind Regards,

Antonio

[TheBruce1]

Hello again

Quote:

Im quite positive my account on the forum was hacked. Several different UK IP's were logging into my account & I live no where near the UK. The top part of the forum page displayed another forum when I logged in and the forum skin was different.

I suggest you contact the Invivision forum regarding this matter, your computer is clean.
http://forums.invisionpower.com/

Quote:

I can't edit my first post to remove the attached logs as recommended, appreicate if this can be done :)

Done.

=======

Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.


Clear Firefox cookies/cache

• Select "Tools"
• Select "Options".
• Select "Privacy".
• In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want.
• Click OK.
• In Private area click "Clear Now".

-------------------------------------------------------------------------------------------

MICROSOFT UPDATES

1.Click Start,Run, type sysdm.cpl, and then press OK.
2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended).

Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.


For Internet Explorer users:
WOT for IE

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Avant
Firefox
Opera
K-Meleon

------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
Malwarebytes ' Anti-Malware

SpywareBlaster to help prevent spyware from installing in the first place.

• Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items

------------------------------------------------------------------

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

If your having trouble downloading & extracting,see link below for guidance:
http://www.mvps.org/winhelp2002/hosts2.htm

Once you have extracted the host file,double click on it and a new window will open.

Double-click on mvps.batand follow the prompts

---------------------------------------------------------------

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

----------------------------------------

SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

==============================================

Secunia PSI is a programme that will alert you to vulnerabilities and outdated programs you have installed, such as Java, Flash Player and many more.

It can also alert you if you have not installed the latest patches from Microsoft.

==============================================

Also, please take a look at this well written article:

PC Safety and Security--What Do I Need?

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread once more, as we may mark this as resolved, thanks.

[Antonio09]

Thank you for all your help so far you have been great:)

My account on this forum was hacked again yesterday once I was re-instated as a forum admin.Perhaps becuase I didn't get the chance to change my password & login details but im still lost has to how it's happening even though my system is clean.

Will simply changing my password fix it? Any other thoughts?

[TheBruce1]

Hello again

Quote:

My account on this forum was hacked again yesterday once I was re-instated as a forum admin.

Your TSF account was hacked and by that i mean your password was changed. Do you keep your account information anywhere on you computer or at your forum?

[Antonio09]

Sorry for the confusion I mean't my account on the music forum was hacked & deleted not TSF. But was my TSF account hacked also? I don't store my account information anywhere. That's why I thought I had a keylogger at first.

It seems the owners & seem to think someone has hacked the music site getting the login in details & the server IP, nothing may have happened on my PC but not still not 100% convinced yet.

We think once the person hacked into the main server they have access to everyone's accounts and do things like undelete banned members, ban other members without them realising it & could even delete the owners account if they wanted. It just happens they used my account as im the only forum admin apart from the owners to send out the Mass PM's & emails.

Do you think this would be correct? Any other steps I can take to retify this?

[TheBruce1]

Hello again

Quote:

But was my TSF account hacked also?

If your TSF account was hacked, they would have changed the password, so i doubt that was the case.

If you have not done so already, i would recommend that you take the site offline, until the problem has been corrected.

It would seem as thought the problem lies at the forum, have you spoken to Invivision and see if the can run some security scan to check if the site has been compromised?

There is nothing in your logs to indicate a keylogger or anything else for that matter, so you`ll need to speak to someone who deals with server issues, which is something i no little about.

[Antonio09]

Apologies for my late reply. Thanks so much for your help it's good to know my PC is OK.

I will endeavour to contact Invivision & hope I can find the answers there.

Please go ahead close this topic & thanks again for your advice & help

Take care

[TheBruce1]

Hope everything goes well, take care