Sasserfrass
asked on
.exe files are now .lnk files
Wondering if you could help me. My boyfriend is currently running windows 98. His shortcuts on the desktop are now .lnk files instead of .exe files. This computer came loaded with windows 98 so he does not have the disk. I ran a hijack this and this is what it came up with
Logfile of HijackThis v1.99.1
Scan saved at 9:04:57 AM, on 5/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32 .DLL
C:\WINDOWS\SYSTEM\MSGSRV32 .EXE
C:\WINDOWS\SYSTEM\MPREXE.E XE
C:\WINDOWS\SYSTEM\mmtask.t sk
C:\WINDOWS\SYSTEM\MSTASK.E XE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\LXDBOXCP .EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALS CHED.EXE
C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
C:\PROGRAM FILES\WINDOWS ADTOOLS\WINRATCHET.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EX E
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.E XE
C:\WINDOWS\SYSTEM\SPOOL32. EXE
C:\UNZIPPED\HIJACKTHIS[1]\ HIJACKTHIS .EXE
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://my.msn.com/
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = http://files.cc.cometsystems.com/assist/cc/1.0/assist_st.html?src_id=312
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
R1 - HKCU\Software\Microsoft\In ternet Explorer\SearchURL,(Defaul t) = =%3D
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7 960230792F 1} - (no file)
F1 - win.ini: run=LXDBOXCP.EXE
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-6 4B5B4FF55D 0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.0001.1004\EN -US\MSNTB. DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-4 74BF36AF6E 4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en -xu\stmain .dll
O2 - BHO: (no name) - {98FA4DB7-F906-4E2E-A848-F E0A5BE8D50 C} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\SYSTEM\MSDXM.OC X
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [AWMON] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"
O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e start
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMO N.EXE /Consumer
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw rScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa ger.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE /Q
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa ger.exe -quiet
O4 - HKCU\..\RunServices: [Spyware Doctor] C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE /Q
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGI NS\npqtplu gin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugi ns\NPDocBo x.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGI NS\nppdf32 .dll
O16 - DPF: {11311111-1111-1111-1111-1 1111111115 7} - file://C:\Recycled\Q330995 .exe
O16 - DPF: {10003000-1000-0000-1000-0 0000000000 0} - ms-its:mhtml:file://C:\foo .mht!http://195.225.177.13/20647/online.chm::/on-line.exe
O16 - DPF: {6BEA1C48-1850-486C-8F58-C 7354BA3165 E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-0 0C04F9A3B6 1} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5 009F29E09E 1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-9 92EE8E6BAD 6} - http://public.windupdates.com/get_file.php?bt=ie&p=cf3d6d5353c60b9c57a954782f56eb0cd9479ee0ea04b6bc0ce90bac83d24136f9dd061a26c7bee673eca0d57a04fbe728c2ef828f08:089f8d69b8a0dd824129ec8711ffcf53
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2 2031317559 2} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
Hope it helps. My other option is I have my Windows XP disk. Could I just wipe his computer clean with a fresh start? Nothing on there worth saving anyway...tee hee hee...thanks for any help you can be.
Logfile of HijackThis v1.99.1
Scan saved at 9:04:57 AM, on 5/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\MPREXE.E
C:\WINDOWS\SYSTEM\mmtask.t
C:\WINDOWS\SYSTEM\MSTASK.E
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\LXDBOXCP
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALS
C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
C:\PROGRAM FILES\WINDOWS ADTOOLS\WINRATCHET.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EX
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.E
C:\WINDOWS\SYSTEM\SPOOL32.
C:\UNZIPPED\HIJACKTHIS[1]\
R0 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: (no name) - {965A592F-8EFA-4250-8630-7
F1 - win.ini: run=LXDBOXCP.EXE
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-6
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-4
O2 - BHO: (no name) - {98FA4DB7-F906-4E2E-A848-F
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [AWMON] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"
O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMO
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE /Q
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\RunServices: [Spyware Doctor] C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE /Q
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGI
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugi
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGI
O16 - DPF: {11311111-1111-1111-1111-1
O16 - DPF: {10003000-1000-0000-1000-0
O16 - DPF: {6BEA1C48-1850-486C-8F58-C
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-9
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2
Hope it helps. My other option is I have my Windows XP disk. Could I just wipe his computer clean with a fresh start? Nothing on there worth saving anyway...tee hee hee...thanks for any help you can be.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
After the above:
First of all, download NOW this Winsock fix (FREE):
http://downloads.subratam.org/WinsockFix.zip
If you lose internet access after the cleanup, run this tool.
After that, download the fully functional trial version of Spy Sweeper:
http://www.webroot.com/downloads/?WRSID=595f27d74dd2795a56af83b763c321e1
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').
Download Ad-Aware (FREE) from here:
http://lavasoft.element5.com/support/download/
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').
Also excellent is SpyBot Search & Destroy (FREE) available here:
http://www.spychecker.com/download/download_spybot.html
Install, UPDATE and run.
You may need to reboot and run again to clean all the nasties that cannot be deleted at once ('in use').
You should also apply the 'immunize' function, since it blocks roughly 1900 known 'bad' runs/apis/apps.
Even if Ad-Aware and SpyBot S&D are similar, they do clean different things. You should have both of them and use REGULARLY.
You can also install 'preventive' software that will help you control these nasties:
SpywareBlaster (FREE):
http://www.javacoolsoftware.com/spywareblaster.html
Prevents the installation of Active-X based spyware, malware, dialers, etc
Currently protects you against 3500+ nasties.
Advantage: no system resources used!!!
Just download, install and UPDATE.
All of them extremely useful but you must keep them UPDATED.
Suggestion: Make sure you can see all files and folders and run Ad-aware and Spybot S&D in Safe Mode.
Zee
ASKER
Thank you for your help. SS about the HJT log. I did however clean it and emptied the recycle bin and did the updates. I have adaware on the computer but I cannot run it because it just .lnk's it and asks me if I want to save it or open it. I even tried to go to start>programs>adaware but whatever did this to his computer has turn everything including system tools and all other programs into .lnk files instead of .exe. I even did some research and replaced the exefiles on the registry with no success.
Thanks again for the help
Thanks again for the help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You better try the registry patch posted by Burbble.
If you edited the registry (did you backup BEFORE editing?), I fear the problem may be slightly more difficult to solve, but start there.
The other option is a reinstall of Windows, but without the CD it's risky.
You can try booting with a startup floppy, created in Add/Remove Programs > Startup Disk tab.
Select without CD-ROM support and then try reinstalling with one of these commands:
C:\Windows\Options\Cabs\se
or
C:\Windows\Options\Install
Hopefullly one of those will start the reinstall and when or if asked reinstall to the usual folder C:\Windows, don't accept any other alternative that may be presented.
Good luck,
Zee
I can't take credit for the registry file, I found it in this PAQ: https://www.experts-exchange.com/questions/10207937/Shortcut-LNK-files-inoperative.html#2058517
ASKER
You guys are brilliant! the .lnk file worked! I will definetly donate some mola for this! Now I will need to post what is going on with the other computer in Windows XP to see if you guys can help me get that one going again! Thanks so much! Muuuuuaaaaahhhhhhhh!
Great!
Thumbs up for Burbble!
;-)
Zee
Just noticed this was your first question.
See here how to close it:
https://www.experts-exchange.com/help.jsp#hs5
Cheers,
Zee
ASKER
yes thumbs up to you both! I split it between the both of ya since you both helped me and i took both of your suggestions! You guys are the best!
Thank you.
Ah, glad to help :)
Include also this one on the HJT fix:
R1 - HKCU\Software\Microsoft\In
Zee