HELP! My Icons Hava All Changed to .lnk

syrk

Do a search to see if any of these items are on your system:

cmd.com
netstat.com
ping.com
regedit.com (we know you have this one)
taskkill.com
tasklist.com
tracert.com
onces.exe
winlog.exe
wini.exe
xtc.tmp
Download.zip

Be sure to search Hidden Files and Folders

 

I have none of these. syrk

 

Can you open regedit by typing just regedit (not regedit.exe) in the Run box?

 

Kniht,

I just noticed something-- Both of these HJT log entries have .lnk.:

O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

syrk

 

That's interesting. I was just noticing the same thing myself.

Let's try this:

Show Verbose Security Status Messages (Windows 2000/XP). This setting allows you to configure Windows so that you receive verbose startup, shutdown, logon, and logoff status messages. This may be helpful to in troubleshooting slow startup, shutdown, logon, or logoff behaviour.

Open your registry and find or create this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System

To enable verbose status messages create a new DWORD value called "verbosestatus" and set it to "1". (verbosestatus REG_DWORD 0x00000001 (1))

An additional value called "DisableStatusMessages" forces status messages to be disabled, make sure this value does not exist or is set to "0". (DisableStatusMessages REG_DWORD 0x00000000 (0))

Restart Windows for the change to take effect.

Registry Settings System Key: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPolicies System] Value Name: verbosestatus Data Type: REG_DWORD (DWORD Value) Value Data: (0 = default, 1 = enable verbose status)

System Key: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPolicies System] Value Name: disablestatusmessages Data Type: REG_DWORD (DWORD Value) Value Data: (1 = default, 0 = enable verbose status)

Upon reboot, watch your desktop, what is happening at boot is now displayed in text. Let me know if the box appears before, during or after the text display.

 

I was in heaven today for five minutes.

First I disabled Ad-Watch,

I opened my registry by typing "regedit.exe "

Then I created the two DWORD values and rebooted.

It was a normal reboot of days gone by. I was expecting rows and rows of only boot text but what I got was a normal, traditional boot. And.......THERE WAS NO BOX!!!

I savared the moment but somehow I knew it was not going to last.

I enabled Ad-Watch and rebooted. Upon reboot the box was back. I checked
the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System key and noticed that the two DWORD values were gone.

syrk

 

I think we're getting close to solving this.

Create the DWORD values again as in post #155. Disable Ad-Watch and reboot several times. See if the values remain. Of course you'll know if startup text is appearing or not.

 

Kniht,

Thank you! It works! After 4 days my conclusion is that your solution has held up.


First I enabled Ad-Watch and set it to active and not automatic.

I opened my registry by typing "regedit.exe " ("regedit" alone does not work)

Then I created the two DWORD values and rebooted.

Oddly enough I have never seen any startup text.

thanx again.syrk

 

Let's hope it's a permanent fix and not just a workaround. Do you dare boot into Safe Mode and see if the box appears? Or should we just leave things well enough alone?

Not really sure if we got to the root cause of the problem or not, but seems to me it had something to do with Ad-Watch and the file association fixes (.lnk and .exe). You stated in a previous post that after applying the fixes is when this box appeared at boot.

Since Ad-Watch detects registry changes, it's almost as if Ad-Watch was throwing these changes at you not all at once, but a few at a time for you to either accept or block (you were only presented with the OK choice).

The only problem with that theory is you said the box also appeared when booting into Safe Mode. As to my understanding of Safe Mode, and if I'm wrong please correct me, Ad-Watch doesn't get loaded during Safe Mode boot. Unless there is some rogue registry entry for Ad-Watch that gets caught up in the boot, the Ad-Watch "mystery box" theory looks to be "busted"!

If the box comes back, PM me or dust the cobwebs off this thread and continue.

Good luck, syrk, it's been an interesting thread to say the least!

 

Kniht,

I just tried Safe Mode and it has also held.

I have to make a slight correction: at boot there is a little bit of extra text. Can't really read it though because it goes by too fast but I'm pretty sure that it's related to the box problem.

I would like very much to seek help regarding file association, if this is the correct term to use. For instance, "regedit" will not get me excess into the registry but "regedit.exe" will. I am slowly realizing that I've had of recent more of thse file association problems. Another most notable one has been when I've tried to open my HijackThis backup log file. syrk

 

Glad everything worked in Safe Mode. If in the registry the "verbosestatus" value is set to "1" (enabled) and the "Disablestatusmessages" value is set to "0" (disabled), you will see text flashing rather quickly on your desktop during boot. These text messages are items that are loading during boot. You will also be presented with text flashing on your desktop during logoff and shutdown. These messages can help in the diagnosing of boot and shutdown problems.

Example for using "verbosestatus" in a boot problem. An aquaintance of mine was having problems with slow boot times. He enabled "verbosestatus" and watched the text presented on the desktop at boot. The text went by rapidly but then hung on one item being loaded. He found that his computer was taking several minutes to load a file called msg117.dll.

Upon Googling "msg117.dll", he found it was spyware, so upon eliminating this .dll, boot time was reduced.

These boot messages you now see should not be contained in a "box", but come across your boot screen near the center. If you go back into the registry and change the value of "verbosestatus" to "0" (disable) or change the value of "disablestatusmessages" to "1" (enable), upon the next boot, you should no longer see these messages flashed across your boot screen.

That aside, I am a little puzzled by the fact that you can't open regedit by just typing in "regedit". This is usually a symptom of Regedit.com being on your system either in %systemroot% (Windows) or in System32.

If Regedit.com is on your system and you type in Run "regedit", Regedit.com takes precedence over regedit.exe. therefore not allowing regedit to open. By typing in Run "regedit.exe", regedit.exe takes precedence over "Regedit .com" and opens regedit. After typing in "regedit" in Run and selecting OK, open Task Manager and see if "Regedit.com" is running.

What happens when you try to open your HJT logfile? Are you having any problems opening file extensions other than .txt files?