HELP! My Icons Hava All Changed to .lnk

dude, I can't read the entire thread but things seem bad. Have you considered the malware possibillity? Pessimistic, eh...

 

Sailor,
This file fix software Kniht posted helped the first person, but I don't know if the second person tried it since he/she is not troubled by the extensions.

 

No, not pessimistic, just a logical step toward elimination of possible causes.

Apparently, syrk, (whom this thread is trying to help) ran all kinds of scans for all kinds of maleware, including some online scans, but syrk's system was deemed clean.

It's not a bad problem, apparently when syrk boots a message box appears with an OK button. The message box text is garbled, and changes with the occassion. If syrk clicks OK on the mystery box, boot is continued as if nothing has happened. We've straightened out a few problems syrk has had, but this one has me baffled. Aren't out of options quite yet though.

 

Kniht,

I followed this path using regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and took a screenshot of the right panel using my new found toy: the Gadwin Print Screen program. (I hope I'm using it correctly). Everything seems to be normal including the 5th entry which seems to be about Real Player. Fichiers communs = shared files. syrk

 

Re: HELP! My Icons Have All Changed to .lnk

Kniht,

I opened msconfig and took a screenshot of the startup stuff. The last entry which Gadwin did not pick up is Spyware Guard. syrk

 

syrk

That PrintScreen program is quite a toy. Comes in handy. Looks like you got the hang of it!

I was hoping something would show in the registry run key, mainly out of desperation. Actually, you stated this box pops up even in Safe Mode so none of these entries would be the problem since they are not loaded in Safe Mode.

Did you happen to uninstall any applications just prior to your noticing the box? You stated earlier that you noticed the box right after using Doug Knox' EXE file extension fix. Is this the case? Or, was there some other event prior to the box appearing?

Also, go to Start >> Control Panel >> Java. In the "General" tab click on "About". See what build of java is on your system. It looks as though you have update 6. Update 10 is out and can be downloaded here:

http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html

Save the download to your desktop. Go to Add/Remove programs and uninstall any older versions of J2SE Runtime Environment. Go to Program Files and delete any old jre folders prior to update 10.

Double click on the downloaded Java update 10 to install. This may not cure the box problem, but it's always good to stay up to date in the Java area.

 

Kniht,

I've got some more PrintScreen stuff for you from Event Viewer. I rebooted twice in a span of twenty minutes and what I got is the same: an error and a warning. One is in English the other in French. Let me know if you need the French stuff translated. syrk

 

Sorry about that. Here's the second one. I thought I loaded both of them on the same reply. syrk

 

Je parle francais un peu (hope I spelled that right). Whole family is from Quebec (Montague) but that's about all the French I know.

Interpretation would be great.

Have been looking up some of the other error codes I see in your event viewer.

Need to know a little about your system, especially the OS.

 

Kniht,

I downloaded the new java stuff and rebooted. The box is still there. syrk

 

I didn't read every post on all 4 pages; BUT; has anyone suggested Dial-A-Fix ???? It a wonderous little application... go the registration center in DAF and check all the boxes. There's no chance of doing any damage so if you feel like it, you could check EVERY box... you may need to uncheck the 'Tool Tips' box in order to see everything w/o the tips blocking things out... Seriously, try Dial-A-Fix if you haven't already. It's a free download from 'The Geeks' in the All In One downloads section.

hopperdave2000

 

Dial-a-Fix is worth a shot. I know the Repair_Permissions works great.

Download here: http://www.majorgeeks.com/download4899.html

 

syrk

I noticed you have an error 7026. These event id's usually have to do with drivers that fail to load on boot. Check it out and see what the message is.

It will usually read something like this:

Details
Product: Windows Operating System
Event ID: 7026
Source: Service Control Manager
Version: 5.0
Component: System Event Log
Symbolic Name: EVENT_BOOT_SYSTEM_DRIVERS_FAILED
Message: The following boot-start or system-start driver(s) failed to load:

 

Kniht
i know that you are trying to help more than one person with this problem and your last instruction to me was to uncheck (hide extensions for known file types) i have done this and no difference has been observed. you were also correct when you thought i had a 7026 error i also had a 7001 error both of which referred to the service control manager. one event was the plug and play device failed to start because it had been disabled .i have corrected this ,i did not disable it ,and the second event referred to the uninterrupted power supply is not enabled . i have disabled this until the manufacturer Mesh tells me that one was fitted when purchased. now to refer to the .Ink problem perhaps you could advise me further to overcome this . regards dogsbody

 

Kniht,

My stuff including my OS:

Dell-Dimension 8300 Series
Date of Birth September 9, 2003
Chipset PCI Intel I875P at 533 MHz (support processor with bus
system at 800 MHz)
BIOS Version: A02
Memory DDRSDRAM Dual Channel
BUS AGP 8x, 8 USB 2.0, 4 PCI
AVG 7.5 FREE
10/100 Pro Ethernet (RJ 45 only)
Windows XP Home SP2 (build 2600)
Intel Pentium 4 at 3.2 GHz, bus system at 800 MHz
2048 Mo DDR SDRAM (4 x 512)
Floppy Drive 3.5"/1.44 Mo
240Go Serial ATA RAID 0 Stripe (2 hard disks x 120 GB 7700rpm with
DataBurstTM cache)
Dell Monitor 18" 1800FP Flat Ultrasharp (DVI)
Video Card ATI Radeon 9800 Pro 128 Mo DDR (exit TV support DVI and Dual Display)
Burner DVD + RW 4x/CDRW (12x/10x/32x) and Player DVD ROM 16x with decoder software MPEG 2 (2 players 2bays 5"1:4)
Sound Card Sound Blaster Audigny 2 (Port IEEE 1394 included)
Altec Lansing ADA995 - 5 x 20 W and base 100 W (THX)
Modem Card (DATA/FAX) 56kbps V92
Mouse Cordeless logitech
Microsoft Office, Work
Logitech Dual Action USB Gamepad
Microsoft SideWinder Force Feedback 2 Joystick
Belkin 7 port USB hub

Do you want me to work on the error 7026 or should we try Dial-a-Fix or something else? syrk

 

Kniht,

This is what the 7036 message says:

Details of Event

Event
Date: 06/12/2006
Type: Information
User: N/A
Computer: POSTE
Source: Service Control
Category: None
Event ID: 7036

Description
The service Service COM of copying CD IMAPI is stopped

Event Manager will send the following information on the internet
Categorie: None
Date: 11/11/2006
Hour: 20:29:00
ID of event: 7036
Company name: Microsoft Corporation
Name of File: netevent.dll
Name of product:
Source: Service Control Manager
Type: Information
Version of file: 5.1.2600.0
Version of product: 5.1.2600.0

syrk

 

What? You don't like my French?

I'll give you credit having to interpret all this stuff I'm throwing at you.

Anyway, go ahead and run Dial-a-Fix, really can't hurt anything and see what happens.

You let me know what event id 7036 was which IMAPI is no big deal.

What does 7026 read or was 7036 a typo error?

 

I'm sorry Kniht,

Your French is perfect.

Which boxes do I click on in the dial-a-fix program? There is also a tools part of the program. Which tools do I choose from that list, if any? I've attached the most recent screenshots from the dial-a-fix program for reference. Merci. syrk

 

Before you use Dial-a-Fix, may I suggest you download and install a program called ERUNT:

Here: http://www.majorgeeks.com/download1267.html

ERUNT is a great application, has saved my butt on a number of occassions.

Be sure to read the "readme" to get familiar with the program. Use ERUNT to backup your registry before using Dial-a-Fix. Should something go amiss, one click and ERUNT will restore your registry.

Open Dial-a-Fix and click on the hammer (Tools). In the top pane, click on Repair Permissions, click GO. It may take a few minutes for Dial-a-Fix to do it's work.

One more thing, I thought you might like the Gadwin PrintScreen, may I suggest if you wish not to send an entire full screen, right click on the PrintScreen icon in the system tray, select "Properties", click on the "Source" tab and select "Rectangular Area". By doing this, you can left click on an area and drag the cursor. This will form a rectangular box that you will be able to move and resize to capture just the item you want folks to see. Just a suggestion.

 

Kniht,

I ran dial-a-fix in normal mode and also safe mode. In the last hour or so I re-booted a total of six times: two times no box and four times box. I don't get it. syrk

 

I don't either. Let's try this, may be grabbing at straws but it won't hurt anything.

Start >> Control Panel >> Administrative Tools >> Services

Stop the Auto Update Service, don't disable it just stop it. Then go to C:\Windows\SoftwareDistribution.

Open the SoftwareDistribution folder and delete the subfolders you see except the "Data Store" folder. Open the "Data Store" folder and delete everything there except the "Logs" folder. Open the "Logs" folder and delete everything except the files edb.chk and edb.log

Go back into "Services" and start the Auto Update Service.

Now go to C:\Windows\Temp and delete everything in the Temp folder.

Reboot and see if the box appears.

 

Kniht,

No good. I tried it. syrk

 

OK, let's try this. Download "Autoruns" (freeware)

Here: http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx

No need to install, just extract the .zip file to a location of your choice and click on "autoruns.exe".

Go to "Options" and click on "Hide Microsoft Entries".

Go to "File" and click on "Refresh".

This will now list everything that starts automatically on your system that is not Microsoft related.

Items are listed in the order in which Windows processes them.

Look for an entry that is at the top of the list (since you have to click OK in the mystery box in order to continue boot) or an entry that has nothing to do with applications that you know are installed on your system.

Especially check the "Everything", "Logon", and "Winlogon" tabs.

If we can't find something using "Autoruns", I'll have you download "Regmon" (freeware) so we can see in the registry itself the activity on boot. A little more technical, but we'll get to that chapter, if need be, if "Autoruns" turns up nothing.

Let me know if you find something using "Autoruns".

 

Kniht,

I'm a little bit overwhelmed by the number of entries that I have to examine. Nevertheless, I'll keep going, but was has caught my eye (I do admit that I might have my Sherlock Holmes hat on a little bit too tight on this one) is that the word "devices" is misspelled:

ADILOADERadi loader Analog Deivces c:\windows\system32\drivers\adildr.sys

Could this be the culprit? I have no idea what I'm getting at. syrk

 

Could very well be ADILOADER. Is it listed in Autoruns in Logon, Winlogon?

Is it one of the first listings?

I googled ADILOADER and it seems to be a French thing. Many websites were in French. You may want to google ADILOADER and see what you come up with.

You can always unchecked the entry ADILOADER and reboot. If that's not the problem, you can always recheck the entry in Autoruns.

If this doesn't work, we're going to try BootLog XP.

 

Kniht,

It's neither Logon nor Winlogon, it's Everything, and it's located in the very middle. syrk

 

Kniht,

This is the location of ADILOADE Radi loader Analog Deivces c:\windows\system32\drivers\adildr.sys : HKLM\System\CurrentControlSet\Services.

I further unchecked the entry ADILOADER and rebooted. The box is still here. Manana I'll google ADI. syrk

 

Is your monitor manufactured by the ADI Corporation?

What is listed in the "Winlogon" tab of Autoruns?

Is there anything listed in the "Boot Execute" tab?

 

syrk

Have you run chkdsk lately?

Double click on "My Computer"

Right click on C: drive and select "Properties"

Select the "Tools" tab

Where you see "Error Checking" click on "Check Now"

Under "Check disk options" put a check in both boxes

Click on "Start"

You will be presented with a message box explaining why the chkdsk cannot be run at this time and if you would like to schedule this disk check to occur the next time you restart the computer -- click "Yes"

Reboot. It will take a while for chkdsk to run it's course.

 

Kniht
i'm sorry i was not awake to your question of 12/5/06 ,yes of the 25 icons on the desktop 18 of them have the .lnk extension . but i repeat none of this appears to stop me from using the system in any form so far. i did as you suggested and got the Fix from Dougknox but when i opened it all i seem to get is a lot of registry keys, and not being of the advanced user type i would not know how to proceed.although i would welcome any advice as to how to correct this problem ,if its critical?

 

If you were able to download the .reg file, instead of double clicking on the file to add it to the registry, right click on the file and select "Merge".

 

Kniht
i don't know what i'm doing wrong but when i click on the reg file and Merge, it comes back to the reg key screen. i am using Zip Genius .i think i will download it again, i'll be back later

 

Kniht
just to make it clear, its duogknox/winxp fixes/file association fixes/lnk(shortcut) file association fix. am i correct?

 

LNK (shortcut) File Association Fix

 

dogsbody

Download the .zip file to Desktop. Extract to Desktop.

Go to "Start" >> "Run"

Type "regedit" (without the quotes), click OK

In regedit, click on "File", select "Import"

Navigate to where you saved the .reg file (Desktop)

Click on the .reg file and click "Open"

 

Kniht,

This is in response to your message number 78:

1. "Is your monitor manufactured by the ADI Corporation?" I've looked every where and don't have an answer.

2. "What is listed in the "Winlogon" tab of Autoruns?" Please see attachment.

3. "Is there anything listed in the "Boot Execute" tab?" Nothing is listed.

And another thing. The last time I booted the mystery empty message box came up with the following: "c\windows\system32\xps1res.dll."

syrk

 

syrk

Uncheck WRNotifier, this is a leftover from uninstall of SpySweeper.

Have you run chkdsk yet as per post #79

 

Kniht
when i clicked on "import" three reg files came up ,do i import all three ? i,m sorry to be such a pain, but i hope i,m getting there. dogsbody.

 

Kniht
i forgot to tell you, iv,e only opened 2006 1607 reg file, the other two are 2006 1119 and 1208 , i don,t know what these contain ,i,ll wait for your answer. i take it you need to shut down and reboot to take effect?
dogsbody.

 

This is the only .reg file that should be on your Desktop for import into the registry if you downloaded "LNK (shortcut) File Association Fix"

 

Kniht
the file on my desktop, states, Lnkfile_.Reg
registration entries
5kb. the registry editor states this file has been successfully entered into the registry.

 

Kniht
i really must thank you ,iv'e tried it again and rebooted and every thing now works okay . thanks.

 

Your quite welcome, glad things are working the way they're suppose to.

 

Kniht,

I unchecked WRNotifier and I ran chkdsk as per your post #79. No good. Should we try Regmon? syrk

 

Hey, syrk, glad you're back. Hoping you wouldn't get confused with all the other posts in the meantime.

Go here: http://www.greatis.com/utilities/bootlogxp/ and download Bootlog XP. (30 day free trial)

Follow the instructions. Run the program a few times. Compare each run.

If you want, post a screenshot. Whatever is causing the box will probably be recorded as one of the first items in Bootlog XP.

We'll try this program first.

 

Kniht,
This has been an amazing thread. Thanks for your perserverance.
abri

 

Kniht,

I'm posting a screenshot. It represents the part of the boot which took the longest time. I can and will post others if need be. syrk

 

According to what I see from your logfile it takes almost 6 minutes for your system to boot up! (Excellent screenshot by the way)

Mine boots in 73 seconds.

What is listed before "System" in the logfile?

While I study the BootLog XP logfile and check the startup entries:

Go here and download HijackThis: http://www.majorgeeks.com/download3155.html


Open HijackThis and select "Do a system scan and save a logfile"

Copy and Paste the HijackThis logfile in a post on the Major Geeks Malware Removal Forum.

Title your post something like "HJT logfile - slow boot". Mention in your post it takes 6 minutes to boot up. Have patience, these folks are pros at reading HJT logfiles and tend to be rather busy.

Do not attempt to fix anything until advised to do so by the experts.

Something may show up in your HJT logfile causing the mystery box to appear.

We're still not out of options yet.

 

syrk

While you're waiting for the HJT folks:

I noticed you have 2 instances of ati2evxx.exe running on your system. Check Task Manager you should see 2 listed.

This is what I found on ati2evxx.exe

"What does it do?
ati2evxx.exe - This process provides optional features that the majority of us really couldn't care less about. The XT's overdrive feature uses this. If you have an XT you'll probably want to leave this on. Known to slow boot process".

Google "ati2evxx.exe" yourself and read about it. If you feel you really don't need it, open msconfig and in the "Startup" tab uncheck the entry.

You also have 2 instances of cidaemon.exe running. This is the Windows Indexing Service which has a tendency of eating up resources. It's not a necessary service to have running. It's your choice, but I reccommend disabling this service.
Go to "Start" >> Control Panel >> Administrative Tools >> Services. Look for "Indexing Service". Double click on Indexing Service to bring up "Properties". Where you see "Startup type", click on the blue arrow and select "Disabled". In "Service Status" click "Stop". Click "Apply" then "OK".

Another startup you may want to disable is Realsched.exe . Google this also and decide for yourself whether you really need it at startup.

I found some info. on Realsched.exe Here:

-- http://www.help2go.com/Tutorials/MP3Audio/Disable_RealPlayer_realsched.exe.html

Also, MsPMSPSv.exe. I found some info on this service here:

http://www.neuber.com/taskmanager/process/mspmspsv.exe.html

MsPMSPSv.exe seems to be installed with Windows Media Player 7. I have Media Player 10 and don't have this service on my system. Again Google MsPMSPSv.exe yourself and see if you really need it. If not you can disable this service and delete it from startup.

The less unnecessary applications you have at startup, the faster will be the boot.

If you decide to keep these items from starting on boot, run BootLog XP and see if there is a difference in your boot time.

 

Kniht,

I've been scanning my fingers right down to the bone keeping the spyware folks happy. At my slow rate I'll probably get back to you Wednesday. Merci for the info about the unecessary extra weight my pc has been carrying. syrk