Desktop taken over with new icons

I am now the proud owner of a redecorated desktop with 1"x1" colorful icons/shortcuts for 'gambling', 'dating', 'pharmacy', 'XXX', 'spyware', 'insurance', and at the bottom is a small 'close' box. I dare not click any of them. I have done everything on the read and run me first page, including running many, many scans with all sorts of recommended programs, including Avast!, CCleaner, Panda, and the usual favorites from SpyBot, AdAware, etc.
I have run HiJack This and saved a file, and I also have the Active Scan log. I also took a screen shot of the desktop. Any ideas? I've spent the better part of two days on this s...

 

Re: Desktop taken over. Here is HijackThis log

Here is the HijackThis logfile:

 

Do you know what this progrom is?
HotKeyPlus.exe

 

Hotkey is something I found a month or so ago that allows you to use the Windows key on your keyboard in conjunction with another key to give you a shortcut. I use it for quick access to my email. I haven't had any reason to distrust it. The url is www.brianapps.net.

 

OK, I'm not familiar with the program, and the path was strange for an executable.

Scan with HijackThis and fix the following:

Download
- Pocket Killbox
- ExplorerXP

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Follow the directions for Running Spy Sweeper.

Post the Spy Sweeper log along with a fresh HijackTHis log.

 

Well, that certainly killed it! I was able to delete the svhost file with the kill program, but when I went to delete it in C/Windows/, it said "access denied".
Now, the computer freezes up right when the desktop icons load. All that is displayed are the generic Windows icons, not the specific ones. It is impossible to go beyond that point or reboot without a 'hard' reboot. I have rebooted it in safe mode and now await further instructions. I wasn't able to run Spy Sweeper.

 

Open Pocket Killbox, click-on File in the Menu select Open !Killbox Backups. Copy and Past the svohost.exe into C:\Windows\System32.

Reboot. What happens.

 

Well, I tried everything a second time with better results. And, apparently Spy Sweeper found some things everyone else had missed! Now, when you look at the Hijack This logfile, you'll see the two 'trusted zone' things are still there. I've had those things in there for months and NOTHING will remove them!
(The svohost.exe file stayed away, by the way)
See if these logs look any better...

 

To clear Trusted Zones:

Download DelDomains and unzip it to your desktop.

Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.

Afterwards run Spybot and make sure you re-Immunize immediately. Then run a full system scan. If you get any reported problems, attach the log from Spybot.

Lets take a deeper look at your system to make sure we didn't miss anything:

Please run Panda Online Scan. After the scan attach the log to your next post.

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

Also post a fresh HijackThis log. (You'll need 2 posts for all 3 logs)

 

A belated thanks for all your assistance! Everything seems ok now.
Merry Christmas, etc.

 

You are wlecome.

Merry Christmas