Weird Icon Overlay Appearing Over Shortcuts/Executables
55 replies, posted
So, for about a week or so, this icon as appeared as an overlay above the icons for my internet shortcuts and executable files.
It has also been recently replacing the normal icon that it overlays with a blank paper-like icon after running the shortcut/executable, no matter what the previous icon was.
I don't have a virus as I have ran MSE and Malwarebytes numerous times and they have both found nothing.
I honestly have no clue what the icon is for or where it came from.
If anyone could give any help, I'd be very appreciative.
Icon: [img]http://puu.sh/5rjMg.png[/img]
Example of it in action: [img]http://puu.sh/5rkgv.png[/img] [img]http://puu.sh/5rkny.png[/img]
I tried reverse image searching it.
[url=https://www.google.com/search?tbs=sbi:AMhZZitozsHqL2QxdNxl6z7JCDAJ2_1ELhxHdkVoGPVIXq9m_1xfxo8Ls0SzOzyixvBF_1m_1P3yyDmX63USL2nruKnrBIELR6nKwN0GuumywdA0lCCYfqV5BU1OOOQn9wvlF6ruUmyrpGrMUbtZHWEvsTmXsL2tVwoVFmuaUcY6Y8lM7kCLl0Nq-ykuG_14DmSzke3QFfVNPflB2cV0H5OTfa_1r84u-56EJ5iy9fEw3pa4O7TUvF3zlr24TsBfsSNuw4dgrLDklRuaXaEpaBYRWssMExLMSB1xf4B65I_1bktyFyE_10CgcIcmruRxkG8Rsgpi0pd3SbmEwGNkM-_1gweOovNGm_1HyfxsY2TCQsOS0OqOKNWx5rcA79wG2OEp0RyQIK_1jhi80MnPq6zeOoMmpCcEbxYeMAtRSeDBF0q6LBGSM-_1qzrl8egqk6lFQ63OJewRSvjIDxRzRxj65HzgMzdsq6rLz_149nfO70KI8oksp-yFqGX1XRRURD4uY49MQJmSwvu68SFbyXFcRnkRog5br5Vfx-Pc0P86l-sUIsGTODwcunaHoZuqYC9JEVBx7xra4gxlLAfcTc2kC0Mlw13wyOMWjF2gM8TFvZRL-wRcIYDQ01hcm6BNjxfwk6m5nttzJNoHIl8hmDS6LjS8hUB6FMbi2GBofzn_1AuXHVbIyPsaE89wWp_1upsGvqC33q4agrQrtk4u4TVHOnLxN4ZfUrC3hJv9mRtAFF9rzVOlEg9u4y5ij4AXfpijqpjfTUN0EQQTuz-7-T9xNyv_1D9k9SDD_1vxadY2QWuFSg2bDUOljEHPwYxoCIaVrxxjQPAAwQKexEfGEwtShxfr6xelRsSu6uidcnO1aZJkH_1pTIuG5G3JTo7CS9oKQ_1ksaadv_15cH7gLjNOrkD_1uQUOovyU5BWpzcdwiWXQiAgHbSS9HTMfk7JFh2BpCvNuB5hne-rQRxrBvygSZbPpfy45f0NfBi7KGalA0kj6TLWVhbAafqnEXvcunmayU5XRZK-2j5Q8rYYQ0h8L6oW3xZXMbkXZ0yzfDrK0HTuyK3_1DFKcY0aR1Qo3_1eL0QwQ5fwrPlLcBDsi1_1I4ZHZbwzcb0bwZ1c7cH2Pl0dBzK_1yXdKqjaL_1O_17zO9jtrhsW5j_1xTloHWMt5CDCTdqJp6KP-M_1t&hl=en&biw=1294&bih=683&site=imghp&sa=X&ei=sm-RUvHiBJHFsATg_oGoBw&ved=0CE8Q9Q8oAA]This is the result.[/url]
yea, i did that too
but none of the results have any relevence with me
I didn't think so, which is what makes this even more strange.
Did you install anything recently? Any major changes to any settings that you can think of? Just trying to cover all the basic bases here.
i dont have the greatest memory, and i dont know exactly when it happened, but i can give a couple of key things that i did that might have to do with it
1) i got a sort of bluescreen thing that shut off my computer completely out of the blue (it closed too fast so i couldnt read it, but it has since not been repeated) (it was the only bluescreen ive ever gotten, ever)
2) it takes explorer.exe about a minute to actually load my desktop and things like that (before the bluescreen, its been automatic
3) i can close and reopen explorer.exe for the desktop and stuff to immediately load
4) i have made a registry change regarding the windows 7 libraries (i removed them via a step-by-step tutorial found on the official windows 7 forums and in a way that shouldnt have affected anything else)
thats about all the relevent information i have
it really is an absolute mystery to me too, or I'd have it solved
Press windowskey+r and run msconfig
Try disabling non-critical services and boot items. Otherwise I believe there's a program that has been installed that integrated itself with explorer. (Photobook)
Which removing it should solve the problem
ive ran msconfig everything was okay
ive never encountered or even searched for anything related to photobook before asking this question
and i also got my second blue screen today
i dont know how to make the blue screen last longer so i can actually read it tho
[QUOTE=Wingz;42969915]ive ran msconfig everything was okay
ive never encountered or even searched for anything related to photobook before asking this question
and i also got my second blue screen today
i dont know how to make the blue screen last longer so i can actually read it tho[/QUOTE]
it should dump BSOD logs here: "c:/windows/minidump"
okay, and how do i gain access to the info stored in a dmp file
[QUOTE=Wingz;42970191]okay, and how do i gain access to the info stored in a dmp file[/QUOTE]
i can check it if you want, or you can use this program
[url]http://www.nirsoft.net/utils/blue_screen_view.html[/url]
Try recreating the icon cache. Copy and paste the text in the quote below into a Notepad file and save it with a .bat extension on your desktop. Remember to make Notepad save it as "all files" and not a .txt file. When you're ready, run it as admin.
[B]Warning: This will shut down Windows Explorer and then restart your machine when you run it.[/B] Only run it when you've got everything you care about shut down properly.
[QUOTE]ie4uinit.exe -ClearIconCache
taskkill /IM explorer.exe /F
del "%localappdata%\IconCache.db" /A
shutdown /r /f /t 00[/QUOTE]
[URL="http://www.sevenforums.com/tutorials/49819-icon-cache-rebuild.html"]Source[/URL]
[QUOTE=Mike Tyson;42972397]i can check it if you want, or you can use this program
[url]http://www.nirsoft.net/utils/blue_screen_view.html[/url][/QUOTE]
I've checked the dmp file and googled the bug check via the program. It lead me to this.
[url]http://msdn.microsoft.com/en-us/library/windows/hardware/ff559271(v=vs.85).aspx[/url]
The 3 offending (highlighted pinkish) files are hal.dll, ntoskrnl.exe, and win32k.sys.
According to the program, hal.dll appears to be a hardware abstraction layer dll, ntoskrnl.exe appears to be the NT kernel and system, and win32k.sys appears to be a multi-user win32 driver.
I found this on the above link
[img]http://puu.sh/5stLD.png[/img]
I will use the recovery console via a usb after trying to restart the icon cache as elixwhitetail explained.
Hopefully I can get this all sorted out.
[editline]24th November 2013[/editline]
oh, and this is the full thing tha ti failed to check before
apparently win32k.sys is the faulty driver/whatever
[img]http://puu.sh/5suwJ.png[/img]
Oh, derp. I got all wrapped up in making sure I got the icon cache instructions and everything correct (so I didn't fuck your computer :v:) that I forgot to also suggest running the System File Checker. You may need a Win7 disc.
Open a command prompt as administrator and run this command: sfc /scannow
Do this before rebooting into the recovery console, because what you'd be doing in there is stopping the offending service..but we don't know what the problem is yet.
[QUOTE=elixwhitetail;42972802]Oh, derp. I got all wrapped up in making sure I got the icon cache instructions and everything correct (so I didn't fuck your computer :v:) that I forgot to also suggest running the System File Checker. You may need a Win7 disc.
Open a command prompt as administrator and run this command: sfc /scannow
Do this before rebooting into the recovery console, because what you'd be doing in there is stopping the offending service..but we don't know what the problem is yet.[/QUOTE]
so, icon cache, then sfc /scannow, then recovery console?
[QUOTE=Wingz;42972827]so, icon cache, then sfc /scannow, then recovery console?[/QUOTE]
Hold off on recovery console entirely for the moment, please. It's unwise to leap into disabling services (which is what the bit you posted above is suggesting you do with the recovery console) if you don't know the source of the problem.
I did a bit of searching on the BSOD error info you gave (the image). Tell me about your video card. What model is it, and what version are your drivers? (Nvidia are xxx.xx, AMD are xx.xx)
[URL="http://answers.microsoft.com/en-us/windows/forum/windows_7-system/blue-screen-0x1000008e/5bc2def6-083c-429d-8696-8423d1df3893"]Here's one source, on Microsoft's own forums.[/URL] The issue itself isn't the same as what you're experiencing, but the advice the top answer has is mostly broad and generic and refers to video drivers, BIOS, and then there's the fact that 0x1000008E is the same as 0x0000008E (haven't dug into that yet). I'm not in a rush to get too far ahead of myself, so don't update any drivers yet, just check your version.
[QUOTE=elixwhitetail;42972856]Hold off on recovery console entirely for the moment, please. It's unwise to leap into disabling services (which is what the bit you posted above is suggesting you do with the recovery console) if you don't know the source of the problem.
I did a bit of searching on the BSOD error info you gave (the image). Tell me about your video card. What model is it, and what version are your drivers? (Nvidia are xxx.xx, AMD are xx.xx)[/QUOTE]
Alright, ill hold off on the recovery console. My GPU is an ATI Radeon HD 4200. Its version is 8.970.100.3000.
[img]http://puu.sh/5sv0V.png[/img]
I edited my previous post with more info, please make sure you check it. :v:
I think a driver update is in order, but we're not going to do that [U]yet[/U]. One thing at a time.
Wingz, please run the icon cache rebuild. If, after the reboot, the icon stuff isn't fixed, please run sfc /scannow in the admin-level command prompt. That'll require a reboot if it changes anything, as well.
righto
While you're doing that, I've got one more thing racked up. If the icon thing is fixed, well, fantastic, but if Explorer is still crankyfucked like it has been since the BSOD, then we're not done.
Drivers are still on hold here. Download (use the button to generate a randomly-named exe instead of the zip download -- the exe can be trusted) GMER from [URL="http://www.gmer.net/"]gmer.net[/URL]. GMER is a powerful toolkit, but my primary interest in it at this moment is for diagnostic purposes.
When GMER starts up, it begins a scan of your system to sort of establish a baseline idea of what might be going on. The main window should start to have text showing up. Black text is normal and we can basically ignore it. Red text is a sign of trouble, but it is not quite the same as a positive hit on a virus scanner. After 3 minutes or so, unless it's still pushing text to the screen, it's probably finished with the initial scan.
so, i rebuilt the icon cache
ran the sfc /scannow
the icon cache thing did nothing
the sfc /scannow only managed to get rid of my visual style
ill do the gmer thing now
[editline]24th November 2013[/editline]
should i click scan?
and if so, what settings do i enable
it doesnt appear to be doing anything atm
[img]http://puu.sh/5swY3.png[/img]
[editline]24th November 2013[/editline]
bump bcuz edit
Make sure you run it as admin, it should be doing its thing silently. Give it 3 minutes or so. Sometimes it won't return anything during the first scan, and that's normal and usually a good thing.
If you want, uncheck Files and ADS and hit scan, remembering that red is bad, everything else is very likely normal.
Gmer is probably going to come up with nothing, and that's what we're hoping for, but it's worth running to make sure.
Hmm... also, sorry for messing up your visual style, but sfc'll do that if you had a custom style. Its job is to ensure that system files are the originals. :v:
Just to check, how far back do your system restores go? Any available prior to the BSOD incident?
[QUOTE=elixwhitetail;42973946]Hmm... also, sorry for messing up your visual style, but sfc'll do that if you had a custom style. Its job is to ensure that system files are the originals. :v:
Just to check, how far back do your system restores go? Any available prior to the BSOD incident?[/QUOTE]
could i be reminded about how i would go about checking my system restores?
[editline]25th November 2013[/editline]
nevermind, my earliest system restore goes back to 11/20/13
i dont think itll help
No, that likely won't. Go into Control Panel, then Administrative Tools.
In the Admin Tools, open up Event Viewer. We care about the system log. However, system log will be clogged with stuff we don't care about, so click the filter option on the right and check warning/alert/error, leave info and verbose off.
What's the error text (don't paste [I]all[/I] of the info, just the for-humans error message) of the topmost (most recent) event? Also, the Event ID and Source would be very useful to have. Thanks.
[img]http://puu.sh/5sBKj.png[/img]
i cant find any filter options :(
Normally I always get the dumb pane on the right-hand side of the window. However, under action, there will be "filter current log", that's the ticket.
okay, so, i found the 2 most recent errors, and they seem to reoccur
[img]http://puu.sh/5sCu4.png[/img]
[img]http://puu.sh/5sCvy.png[/img]
Hmm, have you ever used any VPN software? If not, yellow alert time.
yea, ive used openvpn twice this week
[editline]25th November 2013[/editline]
also, as for the actual crash, i found this a little bit lower
[img]http://puu.sh/5sDwq.png[/img]
Sorry, you need to Log In to post a reply to this thread.
