I recently noticed that my computer is extremely slow even with DSL. I use Spybot, AdAware, CWShredder, and AVG frequently and I still get swamped with trojans (last week my web home page kept switching to 'about:blank'). I was looking through my ADD/Remove feature on my windows XP to see if I could erase any unused programs and I found a strange program called "DEAL BREAKER". It uses 156400 MB and I have no idea what it is. I tried to remove it and a window came up saying "GHOST UNINSTALLER- Installation Log File Not Found". Does anybody know how I can get this unknown program off of my computer? I am about ready to throw this computer out. Can anyone help. -Serena

This is all I could find relating to your problem and Deal Breaker maybe a varient of Deal Helper, a stab in the dark really but has to be worth a try: http://www.netrn.net/archives2/000513.html "I still get swamped with trojans" may sound daft but are you using a firewall? M

hi serena, post your hijackthis log here, lets take a look. all the best, murve

Thanks so much! Here is my Hyjack this list: Logfile of HijackThis v1.98.2 Scan saved at 10:18:37 PM, on 8/18/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\System32\ScsiAccess.exe C:\Program Files\QuickTime\qttask.exe C:\documents and settings\admin\local settings\temp\NhWjian.exe C:\documents and settings\admin\local settings\temp\b4HqnI.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Magical Gatherings\Magical Gatherings.exe C:\Documents and Settings\Admin\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\WinZip\WZQKPICK.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Admin\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computing.net/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file) O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Admin\Local Settings\Temp\Ebtr.dll O3 - Toolbar: (no name) - {5E66DA43-DD10-4A4E-BFC9-060748C0A00B} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [26XG5B62PRPD7P] C:\WINDOWS\System32\Wryv.exe O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.exe O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe O4 - HKLM\..\Run: [6IS] C:\windows\temp\6IS.exe O4 - HKLM\..\Run: [qgBvcM] C:\windows\temp\qgBvcM.exe O4 - HKLM\..\Run: [ow0oV] C:\windows\temp\ow0oV.exe O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKLM\..\Run: [apiperft] C:\WINDOWS\System32\apiperft.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avclntd] C:\WINDOWS\System32\avclntd.exe O4 - HKLM\..\Run: [NhWjian] C:\documents and settings\admin\local settings\temp\NhWjian.exe O4 - HKLM\..\Run: [b4HqnI] C:\documents and settings\admin\local settings\temp\b4HqnI.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Magical Gatherings] C:\Program Files\Magical Gatherings\Magical Gatherings.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Documents and Settings\Admin\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983/vsigns/0003C00/setup.exe Serena P

hi serena, you have a lot of nasties in your machine. first off lets do this: disable your system restore to flush out your restore folder, then get your latest defs for you anti-virus, spybot and adaware, and cwshredder, if you have an anti-trojan do the same, if you don't go to www.thepublicworks.com, go to payware and download free 30 trial of trojan hunter, get the latest defs. next reboot to safe mode and scan your machine with all these scanners, and delete all the files they come up with. next, clean your cache, temp files, history and cookie folders, and recycle bin. next, put a check next to these if they appear in a new scan with hijackthis and hit the fix checked button: R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file) O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file) O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file) O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Admin\Local Settings\Temp\Ebtr.dll O3 - Toolbar: (no name) - {5E66DA43-DD10-4A4E-BFC9-060748C0A00B} - (no file) O4 - HKLM\..\Run: [26XG5B62PRPD7P] C:\WINDOWS\System32\Wryv.exe O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.exe O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\SysUpd.exe O4 - HKLM\..\Run: [6IS] C:\windows\temp\6IS.exe O4 - HKLM\..\Run: [qgBvcM] C:\windows\temp\qgBvcM.exe O4 - HKLM\..\Run: [ow0oV] C:\windows\temp\ow0oV.exe O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load O4 - HKLM\..\Run: [apiperft] C:\WINDOWS\System32\apiperft.exe O4 - HKLM\..\Run: [avclntd] C:\WINDOWS\System32\avclntd.exe O4 - HKLM\..\Run: [NhWjian] C:\documents and settings\admin\local settings\temp\NhWjian.exe O4 - HKLM\..\Run: [b4HqnI] C:\documents and settings\admin\local settings\temp\b4HqnI.exe O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983/vsigns/0003C00/setup.exe next you are going to have to unload these files from your process list so go to this address: http://www.diamondcs.com.au/index.php?page=products, and download this: APM unload these files if you find them: Ebtr.dll Wryv.exe AUTOUP~1.EXE SysUpd.exe 6IS.exe qgBvcM.exe ow0oV.exe Tvm.exe bridge.dll apiperft.exe avclntd.exe NhWjian.exe b4HqnI.exe next do a search for these same files in your windows and windows32 system directory and if found delete them also delete the folder if they are found in a folder. here is where you can find them: C:\Documents and Settings\Admin\Local Settings\Temp\Ebtr.dll C:\WINDOWS\System32\Wryv.exe C:\PROGRA~1\AUTOUP~1\AUTOUP~1.exe C:\WINDOWS\SysUpd.exe C:\windows\temp\6IS.exe C:\windows\temp\qgBvcM.exe C:\windows\temp\ow0oV.exe C:\Program Files\TV Media\Tvm.exe C:\WINDOWS\System32\bridge.dll C:\WINDOWS\System32\apiperft.exe C:\WINDOWS\System32\avclntd.exe C:\documents and settings\admin\local settings\temp\NhWjian.exe C:\documents and settings\admin\local settings\temp\b4HqnI.exe next re boot to normal mode, do a search for these files and delete them if found, clean your recycle bin, re enable your system restore all the best, murve

hi serena, this is a follow up and should be done when you reboot to safe mode: if you find tvmedia in your control panel in the add and remove program list remove it from there also. also do a search for tvmedia in your registry and if found delete the value. all the best, murve

Say murve Could you take a look at my hijackthis report too???