Please help. res://getuo.dll/index.html#96676 HijackThis log

I'm getting res://getuo.dll/index.html#96676 on my homepage and "Only the best" pop ups. Thank you.

Logfile of HijackThis v1.98.0
Scan saved at 1:55:22 PM, on 7/17/2004
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\mqpnqb.exe
C:\WINNT\system32\crrs.exe
C:\WINNT\system32\syszz.exe
C:\WINNT\mqpnqb.exe
C:\PROGRA~1\Real\REALJU~1\tsystray.exe
C:\PROGRA~1\Real\REALPL~1\RealPlay.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\PROGRA~1\Real\REALJU~1\tsystray.exe
C:\PROGRA~1\QUICKT~1\qttask.exe
C:\PROGRA~1\SPRINT~1\DOWNLO~1\DLMgr.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\getuo.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://getuo.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://getuo.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\getuo.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = URL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\getuo.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://getuo.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = URL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = URL
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = URL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = res://getuo.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = URL
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {2E5C1987-AC8B-9CB3-4B2A-EB9E5DFB0898} - C:\WINNT\system32\ielm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [RealJukeboxSystray] C:\Program Files\Real\RealJukebox\tsystray.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [syszz.exe] C:\WINNT\system32\syszz.exe
O4 - HKCU\..\Run: [RealJukeboxSystray] C:\Program Files\Real\RealJukebox\tsystray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O4 - Global Startup: Sprint PCS Download Manager.lnk = C:\Program Files\Sprint PCS\Download Manager\DLMgr.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - URL
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - URL
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - URL
O17 - HKLM\System\CCS\Services\Tcpip\..\{514D17EF-AE21-485B-B436-C595D0A30BD7}: NameServer = 166.90.244.250,166.90.244.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{62E65FD6-3C27-47F2-BBFB-E916BCF97DF3}: NameServer = 205.188.146.146
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINNT\msopt.dll
O21 - SSODL: Web Event Logger - {79FB9088-19CE-715E-D900-216290C5B738} - C:\WINNT\System32\Ofopnaea.dll

hi,
i had something very similar, but i did not use hijackthis.
first, you should get a copy of lavasoft ad-aware, and update all the definations, and an antivrus program. i used trend micro pc-cillin.
when you use ad-aware, it should tell you that you have coolwebsearch, coolwww or something similar. (they are all the same thing).
i have had this, but in my case the home page changed to res://tydni.dll/...etc.
i searched in c:/winxp on my computer, which by the looks of your hijackthis report, you have winnt instead, rof tydni.dll. when i found it, i opened it in notepad, highlighted all of the code, deleted it, and saved it again. i expect you will have a similar file getuo.dll . then have a clean up with ad-aware an scan for anything left in your system.
This fixed mine, and i expect it will do the same for you. obviously, i had windows xp pro, and hav a different computer set up differnt;y to yours, so i cant garuntee it will work, so i am not responsible if anything goes wrong.

another program you could try is cwshredder (cool web shredder). it didnt work for me, because it couldnt find anything, but its worth a try.
reply back for more help, questions, results etc..

Thanks for replying ritchx but could you or anyone else help me with the highjackthis log? I'm not very good with computers and have no idea what to do. Thanks again.

Hi

I see HijackThis is running from a Temp folder. Please open My Computer > double-click your C:\ drive > right-click > New > Folder > name it HJT and put the program (HijackThis) into that folder.

Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called "Network Security Service". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.Please follow these instructions carefully!

Boot into Safe Mode (restart your computer, tap F8 when computer first starts booting, select safe mode)

Run HijackThis again and place a check beside each of the following items. Once done click the fix checked button.

O2 - BHO: (no name) - {2E5C1987-AC8B-9CB3-4B2A-EB9E5DFB0898} - C:\WINNT\system32\ielm.dll
O4 - HKLM\..\Run: [syszz.exe] C:\WINNT\system32\syszz.exe


Download about:Buster from either of the following locations.

http://www.atribune.org/downloads/AboutBuster.zip
or
http://tools.zerosrealm.com/AboutBuster.zip

Make sure you have printed this page and close ALL Internet Explorer windows. This is a very important step!!

Run AboutBuster.exe, click ok, then start, then OK. Make a copy of the log once it finishes. Then run aboutbuster.exe again. Make a copy of that log.

Reboot and post a new HijackThis log along with the two reports from about:Buster.

Tom