HELP! My Icons Hava All Changed to .lnk

I have no idea what in the world I did but my desktop icons and those in the start/programs menu are now called 'whatever the program is called'.lnk. I double click and nothing runs. I have no access to the internet. I cant use system restore. I think it has somethibg to do with Ad-Watch because that's the last thing I remember seeing on the screen before everything went to lnk.

syrk

 

Try this:

Go here: http://www.dougknox.com/

1. Click on "Win XP fixes".

2. Click on "File Association Fixes"

3. Look for "LNK (Shortcut) File Association Fix"

Hope this helps.

 

I should have put this in my previous post:

Go here:

http://dougknox.com/xp/file_assoc.htm

Click on "EXE File Association Fix"

Run the fix in my previous post and this fix.

 

Kniht,

Thanx for your quick response. But whatever I did also killed my access to the internet. When I double click on my wanadoo.fr icon nothing happens. How do I get back my connection to the internet? syrk

 

Have you ran the 2 fixes yet to see if they help with the problem.

 

Thanx Kniht,

It worked. But one thing remains: Every time I turn on the PC an empty box appears. Empty in the sense that there is nothing written on it except on the OK box. So when I try to close the box in order to boot up nothing happens, but when I click on the OK box the box disappears and I'm able to boot up. How can I find out what the mystery box is all about and then eventually get rid of it? syrk

 

Try this:

Open Run, type msconfig, click ok, go to the "Startup" tab and look to see if anything unusual is listed.

Also, open Run, type regedit, click ok, navigate to:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run

Look in the right pane and see what is listed there. It may give some clue as to what this box is.

 

Hi Kniht,

I looked at the msconfig and regedit stuff but honestly I can't tell what's unusual and what's normal. But I did try something on my own: I ran the oldie but goodie CWShredder in safe mode which found CWS.MsConfig. I then went back to normal mode and this time around the mystery box had some writing in it 'c:\windows\system32\drivers'. What's the next step? syrk

 

It seems like your system wants to load old drivers back into your system. By clicking OK on the message, the system loads old drivers and then allows you to boot.

You say more of the message is starting to appear. Maybe a few more boots and the entire message will come out.

Have you installed any new hardware lately, such as a printer, etc.?

 

No, nothing new has been installed. The last memorable event has been the downloading of the newest internet explorer. Any other thoughts? syrk

 

Go to Start >> Run

Type in "devmgmt.msc" (without the quotes), click OK

In the Device Manager click on "View"

Click on "Show hidden devices"

See if any listings have a yellow triangle with a black exclamation point.

 

Got a yellow triangle with a black exclamation point under the category of Pilots Non Plug-and-Play: General Purpose USB Driver (adildr.sys). I just remembered that right after I got rid of the .lnk stuff on Saturday I hooked up a brand new Belkin 7 USB port hub. Kniht, an EWIDO scan just found a trojan by the following name: Trojan.Nilage.aep. I'm still trying to decide what to do because the trojan is embedded in a large file, and quarantining the file would mean quarantining the entire program which I'm only storing and not using. Is this new discovery of the trojan and the elimination of CWS.MsConfig
related to the stuff that we're trying to accomplish? syrk

 

syrk,

The first thing we need to address is the Trojan. What you need to do is post in Major Geeks' "Malware Removal" forum exactly what Ewido found and the dilema your in as far as placing the file in quaranteen. They have much more knowledge than I do when it comes to malware.

As far as CWShredder finding MsConfig, I noticed each time I open msconfig to say stop a program from running at startup, and after that I run CWShredder, it always comes up with msconfig as being a Trojan. Don't know why it does this but I wouldn't be concerned about it unless CWShredder comes up with MsConfig without you first running the System Configuration Utility (msconfig).

After you've taken care of the Trojan in the Malware Removal Forum, come back to this thread and let me know what happened. Then we'll work on the Device Manager problem.

This Trojan may have alot to do with the problem you are having.

 

Kniht,

I did as you suggested and Bigarrick wrote:

"Most of these utilities because of what they do will come up as an infection most of which are false positives and are no threat. If you however do not know what this is then delete the ZIP file below. If you do know what it is then I wouldn't worry about this.

Quote:
C:\Documents and Settings\utilisateur\Mes documents\simon.krys\Microsoft Windows XP Professional (SP2)\Extras\XP Stuff.zip"

I have decided to leave it alone.

Can you still help to get rid of that dreadful box. syrk

 

Go to Start >> Control Panel >> Administrative Tools >> Event Viewer >> System and see if there are any errors or warnings related to adildr.sys, any drivers, or errors correlating to your boot up times.

Glad you feel better about the Trojan item. I use Ewido and have had one false positive in the last 2 years of use. Good piece of software. Let's hope Ewido stays that way now that Grisoft has taken ownership.

 

Should have put this in my previous post:

Try booting into Safe Mode and see if the box appears.

You probably already know how to boot into Safe Mode, but here it is anyway:

As your computer is booting, tap the F8 key which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and then press the "Enter" key.

 

i don't want to intrude on this thread ,but my icons and some start/program headings have the same "ink" on them but it does not affect the ability to select a program , but should i be concerned?
dogsbody

 

Kniht,

Even under safe mode the empty box shows up.

But now I'm in double trouble. Since I was no longer able to for some inexplicable reason to run AVG Anti-Virus 7.1 Free, I dumped it and installed AVG Anti-Virus 7.5 Free and AVG Anti-Spyware 7.5 Free. I'm now unable to receive e-mail messages using Ootlook, but I can send them out allright. I can receive and send e-mail using the Wanadoo.fr service. syrk

 

I use AVG Anti-Spyware 7.5 and have no problem with receiving emails. Not familiar with the workings of AVG Anti-Virus. Try disabling the Anti-Virus and see if you can receive emails. You might also try creating a new profile for Outlook.

Lets get this straightened out and then we'll tackle the box.

Have you ran scans with AVG Anti-Virus and Anti-Spyware. I'd probably give that a whirl.

 

Here's info. on the ink extension

INK (2) Pantone Color information; Corel Draw
INK (1) Bitmap Picture; Cross Pad XP handheld digital notepad

I'd say if it isn't broke, no need to fix it.

 

Also, the .Ink extension is for shortcuts, normally on the desktop.

 

syrk

You may also want to run an online scan. A good one is here:

http://www.bitdefender.com/scan8/ie.html

 

syrk

Read this about AVG and Outlook emails:

http://forum.grisoft.cz/freeforum/read.php?1,36151,backpage=,sv=

 

thankyou Kniht
i have scanned and found nothing.but as you say unless it aint broke don' fix it.
dogsbody.

 

Kniht,

This is the Outlook error message:

"The server has re-sent an error. Account: 'Messagerie Wanadoo',
Server*: 'pop.wanadoo.fr', Protocole : POP3, Response of Server : '-ERR AVG POP3 Proxy Server: Cannot connect to the mail server!', Port : 110, Sécurisé (SSL) : Non, Error of Server : 0x800CCC90, Number of errer : 0x800CCC90".

I have run scans with AVG Anti-Virus and Anti-Spyware in safe mode as well as Ad-Aware, Spybot and Avast. No change: the box is still there and still no connection. I will be trying your other suggestions piecemeal. thanx. syrk

 

Kniht,

Outlook is back on. The reason it was not coming on is because I blocked its entrance with my zonealarm firewall. Not very smart on my part.

Can we please get back to that mystery box. What step should I take next? syrk

 

Alright, syrk, glad you got the email working. Let's see, I guess we're down to figuring out the mystery box. We get that taken care of, your PC should be running like a top.

Since the message box appears even in Safe Mode, check to be sure you have the latest drivers for these items:

Video
Keyboard
mouse
Cd ROM
Floppy Drive (if you have a floppy drive)

I still feel since the message box mentions system32\drivers it has something to do with rolling back to using an old driver.

By the way, what items do you have hooked up the the Belkin Port Hub?

 

Kniht,

I just turned my pc on and got a big surprise. The mystery box read for about 3 minutes the following: "c:\windows\system32\winbrand.dll". And then the citation disappeared. But the box remained. syrk

 

syrk

Open regedit and navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Look in the right pane for LegalNoticeCaption and LegalNoticeText. What is the value "Data" of each string?

 

Kniht,

I just tried regedit but it's telling me that windows can't open it for me and that I either have to go get a program that will open regedit on the web or I have to choose one of the opening programs on my pc. syrk

 

Kniht,

I figured it out. I just typed in "regedit.exe" and I was in. Both Legal Notice Caption and Legal Notice Text show no value, meaning it's a blank. syrk

 

Do you still have the yellow triangle with the black exclamation point in it in Device Manager?

If so, right click on the device that has the triangle, select "Uninstall" and reboot. It should come up with the found new hardware program and go through a setup of the device.

 

Kniht,

The answer is no. Strange, I can't even find the "General Purpose USB Driver (adildr.sys)" entry under the category of Pilots Non Plug-and-Play. syrk

 

Kniht,

This is the type of junk I usually find in the mystery box:

鷐èЉЉVƷČ

syrk

 

You're right, syrk, this whole thing gets even more strange at every post.

OK, let me see, your desktop icons are working fine now.

No more yellow triangle in Device Manager. Xp does not need the adildr.sys anyway.

All your USB Devices are working fine.

You were able to open regedit and the Data for the two strings was blank (I was hoping some kind of text was in the Data value for LegalNoticeCaption and LegalNoticeText, would have been the answer to the mystery box).

So, correct me on this if I'm wrong, we're down to just figuring out the mystery box.

 

Kniht,

Seems like we're down to just figuring out the mystery box. syrk

 

One more look in the registry.

Open regedit, navagate to:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\policies\system

In the right pane again look for "legalnoticecaption" and "legalnoticetext". Nothing should be in "Data". (blank)

The last time I had you look in the WindowNT key, this is the Windows key.

Does this box change the text content each time you boot? Something different at each boot?

Can you post a screenshot of this box?

Have you checked Event Viewer to see if there may be some kind of error at the times you have booted?

This one's got me baffeled. May have to call in the Calvary!

 

Kniht,

In the right pane there is no sign of "legalnoticecaption" and "legalnoticetext".

The text content of the box does indeed change each time I boot. And in most cases this is the form:

鷐èЉЉVƷČ

I do have a screenshot utility gadget and I have taken a couple of screenshots of the mystery box but I'm unable to upload them to my message. Apparently the upload is too large.

My next step is to keep my eyes on Event Viewer to see if there may be some kind of error at the times of my boots?

Piluski rides again! syrk

 

Kniht,

A mug shot. I could not get the screenshot utility to work so I took a picture of the pc screen with my digital canon. I hope it's big enough. syrk

 

syrk

Download this program "Print Screen"

Here: http://www.gadwin.com/printscreen/

Install and read the help file to get a good screenshot. Be sure in "Image" tab to save the screenshot as .gif.

You should be able to upload this image.

I think you'll like the program. I use it quite often.

 

Kniht,

Great toy! Thanx. But I was not able to use it because when the box comes on windows has not yet completed its boot. For an indication of what the mystery box looks like refer to my attachment in message #39. syrk

 

WOOPS, I'll check out 39.

 

Are you able to use System Restore. In a previous post you said it didn't work.

Try a System Restore to a time just before the box began appearing.

 

Kniht,

No good. My oldest restore point is November 29. By that time I already had the mystery box. According to this thread I first sighted the box on the 26th. The more ancient restore points got sweapt away when I was looking at the possibility of a virus/spyware as the cause of the box. syrk

 

OK, haven't run out of options yet. On the 25-26 November (refresh my memory) did you install any kind of software, hardware, or what action did you take just before you noticed the "baffleing box of mystery" (got tired of calling it the mystery box ). Did you have any problems with a shutdown and noticed the box on the next boot?

 

syrk

Open regedit, navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

The items in the right pane start each time you boot. Your antivirus may be listed so may your antispyware. Does any listing look like it shouldn't be there or your not quite sure what the heck it is?

Open msconfig (Start>>Run>>type msconfig).

Look in the Startup and see if anything starts that maybe shouldn't.

 

This is cool. I like the "Note"

abri

 

All the time I've been watching this thread, I thought it was about .lnk (as in the word link). After reading your post, I wondered if it was about .ink as in painting tools. Does it matter?
abri

 

abri
no you were right in the first place ,my icons and some in all programmes have changed to .lnk it has not as far as i am aware so far ,affected my ability to select and use any programme. i just wondered as Kniht suggested earlier if it ain't broke ,don't fix it,unless it will affect me later on .i have looked at some of the fixes being suggested but i don.t quite understand them as it requires registry keys ,i don't think i could do this unless spelt out in Janet and John fashion. regards
dogsbody

 

Do these Desktop icons targeting an .exe file also have an .ink extension?

Example: SyncBack.exe.ink

To see this you may have to go to Control Panel >> Folder Options >> View tab. Uncheck "Hide extensions for known file types".