Go to my post here and follow it EXACTLY
How to remove Begin2Search / Coolwebsearch
Then reboot in Safe Mode and
UNinstall anything to do with this adware-riddled crap:
C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
I can't find enough info on this stuff:
C:\PROGRA~1\D5 Streaming Media Server\ImmsService.exe
You will have to decide if you trust it.
Then run and let HJT "fix":
C:\WINDOWS\
SOUNDMAN.EXE
C:\Program Files\
NetPumper\NetPumperIEProxy.exe
C:\Program Files\
PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gatewaybiz.com
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\
SM1BG.EXE
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105501225984
Delete the
bold files. When a
directory is also
bold, delete everything in it, including that directory itself.