HELP! My Icons Hava All Changed to .lnk

Yeah, I'll bet you have! Didn't mean to put you through Hell by sending you there. Don't really expect they'll find much, if anything. Was nice to find out what was starting on your system at boot.

 

like abri i have been following this thread for a while now.!!! just have to say you'r a credit to MG's kniht. great work you are doing..........

 

i would like to add my name to that,i did appreciate his perseverance with my problem .

 

syrk

Another item that really doesn't need to be in your msconfig startup is PrintScreen. If you need to use PrintScreen, you can always start the program form the Start >> All Programs menu.

Also, open msconfig, click on the boot.ini tab and post a screenshot of it.

 

Kniht,

As the attached screenshot indicates there are no signs of the two ati2evxx.exe, realsched.exe (unless realsched.exe = realsched), and MsPMSPSv.exe. I did however find and disable cidaemon.exe. syrk

 

Kniht,

I have been unable to locate PrintScreen. Also, two things pertaining to my previous message: 1. I assumed that Realsched = Realsched.exe so I disabled it, and 2. I was only able to find and disable one cidaemon. syrk

 

Any improvement in your boot time? Is that box still popping up?

 

Knit,

The boot time is quite good, under 3 minutes. I enclose a new Bootlog. The box is still with me. syrk

 

Wow! Much better boot time!

I'm going to go through the items listed in the BootLog. In the meantime could you open msconfig, go to the boot.ini tab, and post a screenshot of it?

It's possible there's something in the boot.ini causing the box. If not, then we have eliminated one more item.

 

syrk

How many seconds from the time your turn on your PC does it take for the box to appear? (From the time you actually press the "on" button)

Count the seconds as accurately as you can. I know this may sound a bit trite, but I think I may be on to something.

 

Kniht,

As per request: ScreenShot of boot.ini tab. syrk

 

Kniht,

53 seconds.

syrk

 

OK

Does the box show up before or after the Windows screen where you see the horizontal moving light bar?

If after the light bar, how many seconds after?

If you don't click on OK in the box, does the box eventually disappear on it's own? If it does go away on it's own, how long does it remain on your desktop?

You stated in an earlier post that you booted 6 times and the box came up 4 out of 6 boots. Could this be recreated again?

Try booting several times allowing BootLog XP to be engaged on each boot.

Save each BootLog graph as a "bmp" file. Go back to BootLog XP and save the findings as a text file also. You may have to save each as Graph1, Graph2, txt1, txt2 etc. If you have a boot where the box doesn't show, compare the Bootlog where the box did appear to the Bootlog where the box did not appear and see if you can see any difference in the two, such as an entry that appears in one and not the other. Do this comparison with both the bmp file and the text file of the boot where the box did appear and did not appear.

Between the folks looking at your HJT and myself, we'll probably work you into a frenzy! There's got to be a logical explanation for this mystery box.

I got to get back to my shop. I handcarve fireplace mantels and got a customer that's wanting one done before Christmas. Only been woking on it for 2 months.

Let me know how the experiment turns out.

 

Kniht,

I'm back. The box shows up 13 seconds after the Windows screen where you see the horizontal moving light bar disappears.

Last night I left the computer on all night long. The box did not even blink. This is what I found in the morning "ë瘨ċasc3350p.sys".

I'll do the Bootlog graph/file analysis shortly. Are you finished with the mantel? syrk

 

Hey, syrk

No, not done with the mantel yet. I carve nature scenes. This mantel is 6 feet long and from end to the other is a scene with deer, bears, lake, waterfall, and the view from my clients house. Always been facinated with Chinese carvings in ivory. That's how I carve my mantels with that kind of detail.

Anyway, I Googled Asc3350p.sys and it has to do with the AdvanSys SCSI Card Driver.

Here's something that I found:

Step 1: Install the SCSI card

1. Shut down the computer.

2. Open the computer cover and insert the SCSI card into an
available PCI slot. Push the card all the way into the slot and
make sure that it is firmly seated.

3. Put the computer cover back on.

Step 2: Install and verify the SCSI driver

1. Turn on the computer.

2. Insert the Microtek CD-ROM into your CD-ROM drive, and
double-click the CD-ROM icon when it appears on your
desktop to open it.

3. Double-click the SCSI driver folder, and look for the Installer icon corresponding to the SCSI card you are using.
Double-click the Installer icon, and follow the on-screen instructions until installation of the driver is complete.

4. Restart the computer.

The SCSI card will be automatically detected by the system.



Can you relate to any of this? Make sure you have the latest driver update for the SCSI card.

As I stated at the begining of this thread, it's as if the mystery box is asking your permission to roll back to a previous driver.

Try Googling "Asc3350p.sys" and see what you come up with.

Also Google "AdvanSys SCSI Card Driver".

Let me know if any of this strikes a chord with you.

 

Kniht,

I don't know what to make of all of this stuff about SCSI. Let me start by updating the SCSI card driver. I've had this computer for 3 years now and I've not made the update. Wanna give me a hint about how to make this update. syrk

 

Just my guess on this "white box" issue. I have seen it several times (a white box about 2" x 3" with OK in it) and it is always a game or program that has been installed that needed a patch. A serial key or code or something.

Is it possible someone either downloaded or installed something on the computer recently they got from someone or that they were required to enter a number or patch it.

If you can think back when this happened and what might have been installed and uninstall it, the white box might go away.

Steve

 

syrk

A good way to find out what drivers on your system need updating is to run Driver Agent:

Here:
http://www.driveragent.com/?PHPSESSID=57d37b4142de166f5926764c7d398ead&res=2

This will give you a list of all drivers in your system needing an update. You can then go to the website of the manufacturer of the item, such as the SCSI Card, and download the latest driver.

Also, think about what Matacumbie has posted.

 

Kniht,

Here's a ScreenShot of the DriverAgent list of all drivers in my system which need an update. It's quite a long list. Which is the SCSI Card one and where do I go for the update? syrk

 

From what I see of the DriverAgent screenshot, the listing under SCSI and Raid Controllers is what you want.

To get detailed information of what is on your system, go here:

http://www.pxserver.com/WinAudit.htm (freeware)

Download WinAudit

Another good system info program is SIW 1.65 here:

http://www.gtopala.com/siw_download.html (freeware)

I have both on my PC and don't know which I like best. I think SIW has more detail, but WinAudit is good also.

Both programs will give you info. on SCSI cards, drivers, manufacturers, etc.

Cross reference what these programs show and what DriverAgent has come up with.

 

Kniht,

Tried to update SCSI driver from the Dell download site but to no avail: it seems that I have the most recent driver which came with the computer (2003). I then went to the Promise Technology site which makes it clear that they do not give support to Dell purchasers. I went no further.

Some more goodies from "the box":

C:\windows\msagent\intl\agt0409.dll
C:\windows\system32\xpsp1res.dll
CDigest SSPI Authentication Package

syrk

 

Do a search and see if any of these are on your system:

Secur32.dll

Lsasrv.dll

Ksecdd.sys

Kdcsvc.dll

Kerberos.dll

When you do a search make sure "Search hidden files and folders" is checked.

Is your computer set to automatically logon or do you manually logon and if so does the box show before you logon or after?

 

Kniht,

YES Secur32.dll

YES Lsasrv.dll

YES Ksecdd.sys

NO Kdcsvc.dll

YES Kerberos.dll


I have attached ScreenShots for the first 3 Yeses. In the next message I'll send the 4th one.

My computer is set to automatically logon.

syrk

 

Kniht,

The 4th ScreenShot is attached. syrk

 

Don't know why I had you search for those .dlls in my previous post. I've got them on my system. Been up too long trying to finish up carving this mantel before Christmas!!!

Anyway, if you have no need for your computer to read smart cards, go into services, double click on Smart Card, stop the service and either set it to manual or disabled. Mine is set on disabled.

I know it's been a while, but have you thought about what Matacumbie posted in post #117?

It seems like this mystery pops up any message it wants to.

This entry seems interesting "Digest SSPI Authentication Package"

Type that in search and see what you come up with.

 

Kniht,

I have disabled Smart Card in Services. It was on manual to begin with. I ran a search in my computer on "Digest SSPI Authentication Package". Nothing.

I have been acting on what Matacumbie suggests. So far I have the following story: Son number 1 was playing with a friend EA MVP Baseball 2004. The game stalled twice. Each time they re-booted. For some reason son number 1 inserted into a USB port a non working (broken) Logitec Dual Action Game Pad. He gave up on the Game Pad and removed it from the USB slot. The boys tell me that they stopped playing when an Ad-Aware message box appeared on the screen. Son number 1 swears that he was faced with the choice of clicking on Block or Allow. He chose Block. I came home two hours later and found the Ad-Aware message box on the screen. I don't remember what I clicked on (Allow or Block) but that's when the stuff hit the fan. The icons all changed to .lnk etc. I forgot to mention that during the game the boys were connected to the internet.

I wanted to go further with the interrogation but the Geneva Convention was cited. Son number 2 was not involved. Son number 3 is four years old. The wife has her own PC so she never comes near my beast. syrk

 

That is one of the best posts I've ever read!! I've raised 3 kids and I know what you mean by the Geneva Convention!

syrk, I needed a good laugh, thanks

Now I really think you're on to something. I take it you have Ad Aware SE and are using the Ad Watch feature. It seems to me you must have allowed something when all your icons started messing up.

Open the Ad-Watch log file and check what was recorded around the time you noticed the icon problem.

Hopefully something will be revealed. May have to do with the game your son and his friend were playing.

Let me know if you find anything.

 

Kniht,

I cheched the Ad-Watch SE Professional Event History log. It only goes back a week. The event occurred November 25. Are there other event logs that we might want to take a look at? syrk

 

syrk,

Sorry I haven't got back with you sooner. Been in my shop making Christmas gifts. I make everything from Grandfather Clocks to wood toys for my Grandkids. Arts and Crafts style furniture is a big request this year from my kids.

Anyway, was it an online game your son was playing? If so, can he remember the name of the game and what site he was at?

Let's try this, download Filemon:

http://www.microsoft.com/technet/sysinternals/utilities/filemon.mspx

Open Filemon and go to "Options". If Auto Scroll is checked, unchecked it.

Manually scroll through the listings and see if something may be running that has to do with a game or something that you're not familiar with or just doesn't look right. May not show anything but it's worth a shot.

 

Kniht,

I'm going to be away from my pc until Jan 2. The family is firstly going up north (Flanders) and then crossing the Channel for New Year's. All the best for you and your family. syrk

 

Re: HELP! My Icons Have All Changed to .lnk

Kniht,

I looked at the first 30,000 files using Filemon. Using one of your recommended widgets I attach ScreenShots of what may be nothing but to me it seems unusual. Should I keep looking further using Filemon? syrk

 

Hey syrk,

Did you have a good New Year?

I'll look further at your last post. In the meantime, I've been doing some research . I noticed you have Ad-Watch to start at boot. Disable Ad-Watch from starting at boot. Reboot and see if the box appears.

 

Very nice Christmas in Flanders and New Year's in London. We've got these high speed trains so between Flanders and London is about an 80 minute ride: 20 minutes to Calais, 20 minutes under the Channel waters and the rest through the English countryside. But I'm back to the grind. And you?

Anyway, I disabled Ad-Watch from starting at boot, rebooted and box still there. I attach another ScreenShot of my Ad-Watch settings just in case you want to have a look at it. syrk

 

How far back does your Ad-Watch Event History go. If it goes back as far as Nov. 25 or earlier, there would be a record of the "block" or "allow" that you clicked on after your son played the game. Hopefully you find something in the history.

It's been so long this you started this thread, refresh my memory confused , have you ran:

1. chkdsk (lists and corrects errors on the hdd)

2. sfc /scannow (system file checker)

3. file defragmentation (try anything at this point)

 

Re: HELP! My Icons Have All Changed to .lnk

Kniht,

Unfortunately the Ad-Watch Event History does not go back as far as far back as Nov. 25.

I might have done some of the stuff you mentioned but let me try again. Is there a best way to run them?

By the way when I last ran the Filemon widget the following message came on: "Windows - damaged file

The file or the repertory\WINDOWS\Internet Logs\BACKUP.RDB is damaged and unreadable. Execute CHKDSK".

syrk

 

Let's go ahead and run chkdsk first.

1. Click Start, select Run,
2. Then type "cmd" in the box (without the quotes).
3. Click Ok
4. In the command prompt that opens, type in the following command:

chkdsk c: /f /r

(Assuming it's C: drive you want to check)

5. Press "Enter".

You will be presented with "Chkdsk cannot run because the volume is in use by another process. Would you like this volume to be checked the next time the system restarts?" type in "y" (without the quotes).

6. Press "Enter".

7. Reboot and let chkdsk do it's thing.

Checked your printscreens of Filemon. From what I can see, things look pretty normal.

 

Re: HELP! My Icons Have All Changed to .lnk

Kniht,

I just ran the following:

1. chkdsk: the box is there
2. sfc /scannow: not able to complete it
3. file defragmentation: the box is still there

The sfc /scannow gave me the following message:
"Protection of Windows files

The necessary files for the functioning of Windows have to be copied in the folder DLL Cache

insert your CD ROM Windows XP Family edition now"

What does that mean? syrk

 

It means the system needs for you to insert the Windows XP cd into your cd/dvd device in order to copy some missing dll files to the dllcache folder located in System32.

 

Should I give it a shot?

 

Go ahead and insert the XP cd when instructed.

 

But the XP cd label refers to Service Pack 1. My PC has a Windows XP Service Pack 2.

 

When you insert your Xp cd are you getting a message stating something to the effect of "the version of Windows on your computer is newer than the version on the CD."?

If so, you'll need to slipstream the sp2 files with the Xp cd installation files.

 

Kniht,

I'm indeed getting that message. What does "slipstream" mean? syrk

 

Basically, slipstreaming is incorporating sp2 files into the i386 files (Windows install files) that are on the XP cd.

Instead of creating a slipstream cd, you could remove the SP2 update if the option is available from Add/Remove. With this option you will have to download and reinstall sp2 after running sfc /scannow.

Good info on slipstreaming here:

http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp

 

Kniht,

Before I bite the bullet and try the slipstream stuff I want to run this by you. I tried to engage my PC's IDE DRIVE DIAGNOSTIC with the following result: When booting I pressed F12 and engaged the diagnostic which resulted in this message

"IDE HARD DRIVE DIAGNOSTIC running, please wait...

Primary SATA Drive 0: No device

Secondary SATA Drive 0: No device

Primary IDE
Drive 0: No device
Drive 1: No device

Secondary IDE
Drive 0: SAMSUNG DVD-ROM SD-6161-Diagnostic not supported
Drive 1: NEC DVD+RW ND-1100A-Diagnostic not supported

No Hard Drives installed, press any key to continue"

When I pressed any key the boot continued and the box appeared.

Is this somehow related to my problem? syrk

 

Does your diagnostic software depend on SMART being enabled on the HDD?

When you do the slipstreaming, after you have copied the files from the XP cd, dowloaded and extracted the sp2 files and combined the i386 files and sp2 files, copy the now updated i386 folder to your c: drive.

Open regedit and navigate to:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Setup

In the right pane look for "SourcePath".

The "Value Data" should reflect the path to the i386 folder. If it's located in c: then the "Data" should be "c:\" (without the quotes)

If the "Value Data" is not c:\ - double click on "SourcePath".

In the box that opens, type in c:\

Clcik OK

By copying the sp2 updated i386 folder to your HDD, you can run sfc /scannow without having to reach for the XP cd as often, if at all.

 

syrk

Just out of curiosity, run a search for regedit.com. Be sure to search hidden files and folders. Regedit.com would be located in either C:\Windows or in System32.

 

Kniht,

You sure are a patient man. Attached are PrintScreens of regedit.com goodies.

"Does your diagnostic software depend on SMART being enabled on the HDD?"
Was your previous question. I don't think I understand it. Can you be a little more explicit? syrk

 

Kniht,

I forgot to mention it but a couple of nights ago I did the IDE DRIVE DIAGNOSTIC in a different way (Ctrl/A or Ctrl/Alt/D I don't remember which, sorry) and the result was positive. I'm still trying to build up enough courage to do the slipstreaming thing. syrk

 

I remember when this thread first started you stated that you couldn't open regedit by typing in "regedit" in Run, you had to type in "regedit.exe"

Is this still the case?

If so delete regedit.com and see if you can open the registry editor by typing in just regedit.