Just wondering who has been advising you!
Your PC is just so riddled with adware and spyware!
Go to this post here first, and follow the instructions
EXACTLY.
How to remove Begin2Search/Coolwebsearch and Other Nasties
When you have done your homework, continue here.
Boot in Safe Mode
Stop the System Restore
Press Ctrl/alt/del and in Taskmanager try to STOP these processes:
RKillSrv.exe
desktop.exe
gaestvyg.exe
sysmonnt.exe
winupdtl.exe
3x2keg8x.exe
dxjlnd.exe
ezwcrc.exe
zvdwrc.exe
ffisearch.exe
ieroader.exe
icax32.exe
msupd5.exe
r_server.exe
gcasServ.exe
Next, try to UNinstall anything to do with this:
C:\WINDOWS\isrvs\desktop.exe and ffisearch.exe
C:\Program Files\3x2keg8x\3x2keg8x.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar\
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Next, run Hijackthis on its own and let it 'fix' (if still there):
C:\WINDOWS\system32\
RKillSrv.exe
C:\WINDOWS\
isrvs\desktop.exe ==>> may be read-only to delete<<==
C:\WINDOWS\System32\
gaestvyg.exe
C:\WINDOWS\System32\
sysmonnt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.popupsearches.com/sidesearch.html
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {3D4A1F12-FFE6-CB82-D44D-EB285951B8FA} - C:\WINDOWS\System32\
tvzymozy.dll
O2 - BHO: (no name) - {AE16861A-DDBF-D46A-4F8A-6418402AFF3D} - C:\WINDOWS\System32\
ijffgybz.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\
WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\
winupdtl.exe
O4 - HKLM\..\Run: [3x2keg8x] C:\Program Files\
3x2keg8x\3x2keg8x.exe
O4 - HKLM\..\Run: [dxjlnd] c:\windows\system32\
dxjlnd.exe
O4 - HKLM\..\Run: [ezwcrc] C:\WINDOWS\System32\
ezwcrc.exe
O4 - HKLM\..\Run: [zvdwrc] C:\WINDOWS\System32\
zvdwrc.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [sFFg35j]
ieroader.exe
O4 - HKLM\..\Run: [gaestvyg] C:\WINDOWS\System32\gaestvyg.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\
Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [dowmRRH9V]
icax32.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\
Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
ALL lines with
O16 - DPF:
ALL lines with
O17 - HKLM
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: Miscrosoft Updates Service 5 - Unknown - C:\WINDOWS\System32\
msupd5.exe
O23 - Service: Remote Process Killer - Unknown - C:\WINDOWS\system32\RKillSrv.exe
O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\System32\
r_server.exe
When done, delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.
You should have fixed this already(from my 'big' post mentioned at the start)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
Now post a NEW HJT-log, not 100% sure if I got them all.