Deal Helper and Time Sync

I've been fighting with this all day long. I've searched for solutions across the net with no luck and hope that someone here has some experience with a couple of nasty parasites that seem to be related. Specifically,
Deal Helper and Timesync
I first noticed these last night. I took my firewall down for 2 minutes to debug an issue with skype and before I knew it I was getting messages from all over the place with a new icon for "Time Sync" in the system tray.
Immediately, I turned the firewall back on and ran Adaware. The result was the discovery of numerous malware items called Deal Helper and Time Sync. I went to google and found data on Time Sync which supposedly can be uninstalled via Add/Remove and I did this but it still pops up in the system tray. I ran adaware and removed the pesky little creatures and then ran hijack this. I noticed an executable running out of c:\programfiles\commonfiles\tsa called tsl.exe. Hence, I checked the little bugger and removed it. I then restarted the sytsem and found that deal helper and timesync were still being found by adaware. I went back to hjt and also found tsl.exe was back again. Hm? Must be something that reconnects to the internet after starting back up again and then reinstalls itself. Within a minute, or so an installation window pops up with a warning that "Windows cannot find tsl.exe". So, I got rid of the executable I didn't get rid of whatever it is that is trying to connect behind the scenes. I even spent another 29 bucks for "NoAdware". It seemed to find more crap, including Deal Helper but every time I remove it, it is back again in a matter of minutes. So, normally, I have been able to fix these things myself but I am rather stumped at this time. If anyone can help me identify what it is that is connecting and installing while I have my back turned, I'd appreciate it. I also emailed dealhelper.com and asked for removal instructions. I suspect I will have to go into the registry, but don't know where to look. If you can help, then I will put you on my permanent Christmas card list. Please advise.
Dan

 

Well, after getting spanked for not following proper procedures (thank you sire may I have another) I followed all instructions to the letter and here are the results so far.
1. On line virus scan using Trend Micro found no infections.
2. Symantec Security Check found 2 trojans; 1)Trojan Dropper and 2) Download Trojan.
3. Stinger did not recognize, or acknowledge Trojan removal.
4. Ran all Adware removal tools.
5. Ran HJT (latest version) and proceeded as directed with the following exceptions; 1) Nskey.dll-This seems to be a valid windows dll as reported by a number of website I visited, 2)http://www.Ventana-Ranch.Org is a SharePoint Web I manage and is valid, 3) http://jazz, is my own SharePoint site on my box I use to keep the family busines humming, 4) http://tools.ebaying.com is a valid Ebay resource. All other recommended HJT corrections were implemented.
6. As far as Dealmaker is concerned, I went to Sysinternals.com and downloaded the Process Browser and proceeded to do the following;
a. Reboot in safe mode.
b. Find dealmaker.exe and delete it.
c. Rebooted normally.
d. Started process browser and waited for Dealmaker to start (which it did again in about 5 minutes).
e. Started Process Browser and noted that one of the programs you recommended be deleted was the parent of the process. The parent was c:\WINNT\System32\kbnaauw.exe.
f. Killed the dealmaker process.
g. Deleted kbnaauw.exe and dealmaker has not reappeared.
So, it appears as if everything is running ok and the only thing left to do is to go back to Symantec to see if those two trojans have persisted and if so deal with it some manner.
I have McAfee Enterprise V7 and am surprised it didn't catch these two little critters.
So, Chaslang, thanks for the help
Oh, by the way, I never did get a message back from Dealmaker.com regarding removal instructions. Surprise, surprise!
Oh and 1 last thing, I sent the NoAdware folks a request for a refund.

 

About the Trojans.
After doing a bit of research it seemed people were reporting good results with the AVG product, so I downloaded the free version, ran it and got rid of those pesky little bugs. The url for anyone elses reference is
http://free.grisoft.com/freeweb.php/doc/2/.
A couple of things stopped working after running through all the procedures.
1. msconfig from "start/run" no longer works.
2. The help center from strart/help no longer works. Is this common? Any ideas about how to get this back?

Regards,

Dan

 

Chaslang, (or should it just be Chas)
I'll check out your suggested references and hope I can repair msconfiga and help center. Regedit and task manager work without error. I had actually just updated to XP SP2 the day before, should that make any difference.
I'll keep you posted.

Dan