Re: Challenging Problem: XP Gurus Needed: Desktop Icons Revert To Defaults

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Keith Miller (k.miller79_at_verizon.net)
Date: 04/01/04 

Date: Wed, 31 Mar 2004 20:11:59 -0600

I've made some recent posts on this subject. The solution I've found is:

Start -> Run -> Regedit

Navigate to:
    "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid"
        (HKCU = HKEY_CLASSES_ROOT)

Right-click the folder icon for this key & select 'Permissions'

Click 'Advanced' -> click 'Add' -> type "System" -> click 'OK'

Put a check in the 'Deny' column for the 'Set Value' permission.

'OK' your way out.

        **************************
Here's a regmon filter string that will show you the offending process:

"winlogon.exe*HKCU\*Explorer\CLSID"

With this filter applied, open your scheduled tasks folder and run a task you know will be quick (or create something simple like a scheduled launch of notepad). You'll see winlogon executing a 'createkey' & 'closekey'. When winlogon creates this key, it copies the subkeys of "HKCU\Software\Classes\CLSID\" (to test this, modify the values for the icons found under this key to something other than those found in HKCR.)

If you were filtering for a 'delete' or 'setvalue' (which is what I was doing first, too :), you wouldn't see it.

Keith

"Roger" <Kael_Sidhe@yahoo.com> wrote in message news:a82ccb5c.0403311414.1ce92ec1@posting.google.com...
> THERE ARE MANY POSTS ON THIS SUBJECT BUT EVERY ONE I'VE READ MAKES
> INCORRECT ASSUMPTIONS AND HEADS DOWN THE WRONG PATH OR ELSE JUST
> ADDRESSES THE SYMPTOMS WITHOUT ADDRESSING THE PROBLEM. THIS IS GOING
> TO BE LONG AND DETAILED BUT I'M GOING TO TELL YOU EVERYTHING I KNOW
> ABOUT THIS PROBLEM AND HOPEFULLY SOME GURU CAN HELP US!
>
> PROBLEM: After changing/renaming the XP Desktop System icons (My
> Computer, Network Neighborhood, Recycle Bin, Outlook, Internet
> Explorer) they revert back to their respective default icons/default
> names. It does not matter how you make the modifications. (right
> click, Theme, Display Properties, etc) The end result is the same.
>
> WHAT IT IS NOT:
> It is NOT an NVIDIA driver/service problem. I have an ATI Radeon
> card.
> It is NOT an icon cache issue. I've tried it and it doesn't work.
> It is NOT a problem with any other icons. ONLY effects system desktop
> icons.
> It is NOT a NoSaveSettings issue. I've verified my settings here.
> It is NOT a Windows Classic settings issue. I'm not using classic.
> It is NOT a login script or boot problem. The change can happen at
> any time.
> It is NOT a problem right out of the box. It always works fine at
> first.
> It is NOT the windows default icon that displays when something is not
> associated with anything.
>
> OBSERVATIONS/ASSUMPTIONS:
> Your icons actually revert back to the defaults behind the scenes
> and you don't see it until the desktop has been refreshed. Your
> desktop gets refreshed by various events so that is why we're seeing
> it happen seemingly at random. If the icons have reverted then
> anything that refreshes your desktop will cause the default icons to
> reappear. If nothing refreshes your desktop then you would never
> notice that they have already reverted.
> Here is what is actually happening. XP stores it's true default
> icons under HKEY_CLASSES_ROOT in a CLSID key. I've observed that
> these do not seem to change. When you customize one of these system
> icons XP will create a new key under
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\.
> As long as these keys are present then your icon customizations are
> in effect. What is happening is that these override keys are being
> deleted somehow!
> I have spot checked regedit and seemingly at random I would find
> these override keys missing. Sure enough, as soon as the keys turned
> up missing, if I hit F5 to refresh my desktop *poof* my default icons
> were back.
>
> WHEN IT HAPPENED/WHAT I'VE TRIED:
> I'd been running XP just fine for about 6 months and then it began
> happening. Just a week ago I formatted and reinstalled XP and the
> problem was gone. I spent the next several days installing
> applications back on my PC and I noticed yesterday that the problem
> was back! The only thing I installed that day was MS Encarta 2003 and
> Unreal Tournament 2004. UT2004 was not out last year so I've
> eliminated it from the running. I uninstalled MS Encarta 2003 but the
> problem remained. My guess is that these applications have nothing to
> do with the problem.
> I've jacked up my icon cache and I've verified my NoSaveSettings
> registry key but neither helped. I used regmon to watch all the
> registry modifications but that didn't help because whatever made the
> modifications DID NOT SHOW UP IN REGMON! I triple checked this and
> used various methods of filtering to make certain that I hadn't missed
> it in all the log clutter. I even tried deleting the keys myself just
> to see if it would catch it and it did. Whatever is deleting these
> keys is doing so in a way that is not detectable by regmon! I've also
> monitored and verified my background processes and I keep them very
> clean. I've not messed around with the services though because I
> don't know much about them.
>
> VIRUS/SPY SCANNING:
> I've thoroughly scanned with McAfee and I'm running their Shield as
> well. I've scanned everything with Adaware's spyware scanner (both up
> to date) but I'm still having the issue. The only other thing I can
> think of is that I know I DID have some spyware on my machine.
> Adaware did report that it had cleaned up a few things (not just
> cookies) and I do remember getting one message from McAfee telling me
> that it detected something weird but couldn't delete the file. I
> looked for the file in question and it was gone. It was something
> like "[index].htm" or something like that. These could be unrelated
> to the issue but I don't know.
>
> WHAT I'M RUNNING:
> My current Windows XP Home Edition installation has Service Pack 1 and
> all subsequent patches installed using Windows Update. My system sits
> behind a Linksys router and I also run XP's firewall. (enabled) I
> keep McAfee and Adaware up to date. I have an ATI Radeon 9700 Pro
> graphics card and an Audigy2 Sound Blaster card.
>
> WHAT I WANT:
> I know I can manually modify the default CLSID's in HKEY_CLASSES_ROOT
> and thus when the icons "revert" they will be reverting back to my
> overrides but that only addresses the symptoms not the cause. I would
> greatly appreciate discovering the root cause of the issue and a
> method to correct it. At this point I would even be willing to pay
> someone a reasonable fee for technical support that actually led to
> such a solution! Please help if you can!
>
> Thank you,
> Roger Westbrook

Relevant Pages