[mrdear]

I'm sure there are lots of posts for this, but if you can please help me out. I don't have much experience getting rid of these things. I have Win2000 SP4 and IE keeps popping up websites with ads- some of them pretty lewd. I wouldn't want the kids to have to see it. I have Avast and it can't seem to get rid of this Trojan. Here is the info from Avast virus alert:

file name: C:\WINNT\system32\fcyxw.dll
malware name: Win32:TratBHO [Trj]
malware type: Trojan Horse
vps version: 080127-1, 01/27/2008

how can I get rid of this???

I'm posting my Hijack log below- thanks in advance.
By the way what if I just delete IE and only use firefox?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:13 AM, on 1/28/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\MacOpener\FORMATM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\mqsvc.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\WINNT\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {51ACB68D-2C03-4062-AF4F-522F8F9F2F22} -

C:\WINNT\system32\wvuts.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper -

{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program

Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} -

C:\WINNT\system32\pmnolmm.dll
O2 - BHO: (no name) - {D929C51A-951F-41AF-9FFD-F6E829FC4E89} -

C:\Program Files\Common

Files\hokerC:\WINNT\system32\wnis6\enamd83122.exe.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -

{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C}

- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EPSON Stylus C86 Series]

C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON

Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [MaxtorOneTouch]

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MacLicense] "C:\Program

Files\MacOpener\MacLic.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program

Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [runner1] C:\WINNT\mrofinu572.exe

61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491

39
O4 - HKCU\..\Run: [Creative Detector] C:\Program

Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program

Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

(User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony

Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MSOFFICE\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -

res://C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -

res://C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -

res://C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a}

- C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes

Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -

http://mediaplayer.w...ler/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -

http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir

TreeView Control 2.1) - file://F:\CDVIEWER\CdViewer.cab
O20 - Winlogon Notify: pmnolmm - C:\WINNT\SYSTEM32\pmnolmm.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL

Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative

Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin)

- VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: MacFormatService - DataViz Inc. - C:\Program

Files\MacOpener\FORMATM.EXE
O23 - Service: SolidWorks Licensing Service - SolidWorks -

C:\Program Files\Common Files\SolidWorks

Shared\Service\SolidWorksLicensing.exe

--
End of file - 7045 bytes