Link to home
Start Free TrialLog in
Avatar of Sasserfrass
Sasserfrass

asked on

.exe files are now .lnk files

Wondering if you could help me.  My boyfriend is currently running windows 98.  His shortcuts on the desktop are now .lnk files instead of .exe files.  This computer came loaded with windows 98 so he does not have the disk.  I ran a hijack this and this is what it came up with
Logfile of HijackThis v1.99.1
Scan saved at 9:04:57 AM, on 5/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
C:\PROGRAM FILES\WINDOWS ADTOOLS\WINRATCHET.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://files.cc.cometsystems.com/assist/cc/1.0/assist_st.html?src_id=312
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = =%3D
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7960230792F1} - (no file)
F1 - win.ini: run=LXDBOXCP.EXE
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0001.1004\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll
O2 - BHO: (no name) - {98FA4DB7-F906-4E2E-A848-FE0A5BE8D50C} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AWMON] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"
O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE /Q
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [Spyware Doctor] C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE /Q
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/20647/online.chm::/on-line.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=cf3d6d5353c60b9c57a954782f56eb0cd9479ee0ea04b6bc0ce90bac83d24136f9dd061a26c7bee673eca0d57a04fbe728c2ef828f08:089f8d69b8a0dd824129ec8711ffcf53
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab

 Hope it helps.  My other option is I have my Windows XP disk.  Could I just wipe his computer clean with a fresh start? Nothing on there worth saving anyway...tee hee hee...thanks for any help you can be.
SOLUTION
Avatar of blue_zee
blue_zee
Flag of Portugal image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of blue_zee
blue_zee
Flag of Portugal image

Include also this one on the HJT fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = =%3D

Zee
Avatar of blue_zee
blue_zee
Flag of Portugal image

After the above:

First of all, download NOW this Winsock fix (FREE):
http://downloads.subratam.org/WinsockFix.zip
If you lose internet access after the cleanup, run this tool.

After that, download the fully functional trial version of Spy Sweeper:
http://www.webroot.com/downloads/?WRSID=595f27d74dd2795a56af83b763c321e1
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').

Download Ad-Aware (FREE) from here:
http://lavasoft.element5.com/support/download/
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').

Also excellent is SpyBot Search & Destroy (FREE) available here:
http://www.spychecker.com/download/download_spybot.html
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').
You should also apply the 'immunize' function, since it blocks roughly 1900 known 'bad' runs/apis/apps.

Even if Ad-Aware and SpyBot S&D are similar, they do clean different things. You should have both of them and use REGULARLY.

You can also install 'preventive' software that will help you control these nasties:

SpywareBlaster (FREE):
http://www.javacoolsoftware.com/spywareblaster.html
Prevents the installation of Active-X based spyware, malware, dialers, etc
Currently protects you against 3500+ nasties.
Advantage: no system resources used!!!
Just download, install and UPDATE.

All of them extremely useful but you must keep them UPDATED.

Suggestion: Make sure you can see all files and folders and run Ad-aware and Spybot S&D in Safe Mode.

Zee
Avatar of Sasserfrass
Sasserfrass

ASKER

Thank you for your help.  SS about the HJT log.  I did however clean it and emptied the recycle bin and did the updates.  I have adaware on the computer but I cannot run it because it just .lnk's it and asks me if I want to save it or open it.  I even tried to go to start>programs>adaware but whatever did this to his computer has turn everything including system tools and all other programs into .lnk files instead of .exe.  I even did some research and replaced the exefiles on the registry with no success.  
Thanks again for the help
ASKER CERTIFIED SOLUTION
Avatar of Burbble
Burbble
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of blue_zee
blue_zee
Flag of Portugal image

You better try the registry patch posted by Burbble.

If you edited the registry (did you backup BEFORE editing?), I fear the problem may be slightly more difficult to solve, but start there.

The other option is a reinstall of Windows, but without the CD it's risky.

You can try booting with a startup floppy, created in Add/Remove Programs > Startup Disk tab.

Select without CD-ROM support and then try reinstalling with one of these commands:

C:\Windows\Options\Cabs\setup.exe

or

C:\Windows\Options\Install\setup.exe

Hopefullly one of those will start the reinstall and when or if asked reinstall to the usual folder C:\Windows, don't accept any other alternative that may be presented.

Good luck,

Zee
Avatar of Burbble
Burbble
Flag of United States of America image
I can't take credit for the registry file, I found it in this PAQ: https://www.experts-exchange.com/questions/10207937/Shortcut-LNK-files-inoperative.html#2058517
Avatar of Sasserfrass
Sasserfrass

ASKER

You guys are brilliant! the .lnk file worked! I will definetly donate some mola for this! Now I will need to post what is going on with the other computer in Windows XP to see if you guys can help me get that one going again!  Thanks so much! Muuuuuaaaaahhhhhhhh!
Avatar of blue_zee
blue_zee
Flag of Portugal image

Great!

Thumbs up for Burbble!
;-)

Zee
Avatar of blue_zee
blue_zee
Flag of Portugal image

Just noticed this was your first question.

See here how to close it:

https://www.experts-exchange.com/help.jsp#hs5

Cheers,

Zee
Avatar of Sasserfrass
Sasserfrass

ASKER

yes thumbs up to you both! I split it between the both of ya since you both helped me and i took both of your suggestions! You guys are the best!
Avatar of blue_zee
blue_zee
Flag of Portugal image

Thank you.
Avatar of Burbble
Burbble
Flag of United States of America image
Ah, glad to help :)