We have found a Shylock botnet on one of our servers and one of the symptoms is it replaces all files in a share with identically named shortcuts and then hiding the original files.
I need to be able to run a script to see which directories have these shortcuts in.
So there will be a logmein.exe and logmein shortcut in the same location.
You could use Get-ChildItem to get a Recursive listing of all of your files, excluding those with the .lnk extension. Then use ForEach-Object on the returned list to loop though all the returned files and replace the extension on the FullName property with .lnk and check for the existance of that file. If found. Out-Default that object.