Golden Palace Casino

Computing.Net > Forums > Security and Virus > Golden Palace Casino

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Golden Palace Casino

Name: Cobalt543
Date: January 31, 2004 at 09:42:18 Pacific
OS: XP Home
CPU/Ram: P4 and 512Mb PC3200

Comment:

I am having the same problem that everybody else is and I am looking for some help on what I need to do to remove the Golden Palace Casino Program from my computer. I ran hack this and got the following log...
Logfile of HijackThis v1.97.7
Scan saved at 12:48:01 PM, on 1/31/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\DELLMMKB.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\nkfvmstv.exe
C:\QUICKENW\QWDLLS.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r5.attbi.com:8000
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 (obfuscated)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1ADAAE83-DB38-7BBD-42B3-0FADCB38FCEF} - C:\WINDOWS\system32\tenmrrog.dll
O2 - BHO: (no name) - {2FF1E652-78E3-C863-7DAE-66DF7D466EBC} - C:\WINDOWS\system32\psnpmrcm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-big.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-big.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.exe /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\System32\gajwzq.exe
O4 - HKLM\..\Run: [n] C:\WINDOWS\System32\apgnap.exe
O4 - HKLM\..\Run: [a] C:\WINDOWS\System32\apgnap.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\RunOnce: [FinishUninstall] c:\autoexecuted.bat
O4 - HKLM\..\RunOnce: [_UnwiseF1] cmd.exe /c del C:\WINDOWS\System32\Iaicm.dll
O4 - HKLM\..\RunOnce: [_UnwiseF1_] cmd.exe /c del C:\WINDOWS\System32\im64.dll
O4 - HKLM\..\RunOnce: [_UnwiseNPO] cmd.exe /c del C:\WINDOWS\System32\n3tpa1.dll
O4 - HKLM\..\RunOnce: [_UnwiseNPO_] cmd.exe /c del C:\WINDOWS\System32\boot0k.dll
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.ofarevolution.com
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud11.sports.sc5.yahoo.com/java/y/nflgcst1010_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

Sponsored Link

Ads by Google

Response Number 1

Name: michael2
Date: January 31, 2004 at 09:48:03 Pacific

Reply:

Golden Palace Casino
Dialer offering Casino access, violating german law by not telling it will close connection and open it's own. Secretely installs additional code.
Run Spybot....
http://www.safer-networking.org/

Response Number 2

Name: Cobalt543
Date: January 31, 2004 at 09:58:44 Pacific

Reply:

Thanks for the link, but I already have been using spybot and it doesn't find or correct the problem. Anymore Ideas?

Response Number 3

Name: Imp
Date: January 31, 2004 at 10:15:19 Pacific

Reply:

Hello Cobalt,
Just go to start, then "run", type MSconfig, you will see in the last windows, programs on startup, just uncheck this Casino one, and you will be secure.
You should also install into your system a firewall. I suggest Sygate Firewall this is a freeware, in the begining the program will ask you if you give permission to connect to internet, you will say "yes" for all the one you agree to work during a connexion, and bookmark them in order to remember it for ever.
When you will see "Casino" requesting a permission to connect, just say "No" and bookmark it for ever !!! Good Luck....

Response Number 4

Name: mamabear
Date: January 31, 2004 at 10:36:47 Pacific

Reply:

Ad-aware detects Golden Casino.
Download Ad-aware Build 6.181 (free version) from
here
This link will tell you how to update your ref files (which you should do after installation and before each scan because they are updated frequently).
This link will tell you how to configure AAW for a full custom scan. When you click on "scan now", make sure "custom" scan is checked, not "smart" scan.

Response Number 5

Name: tomo
Date: January 31, 2004 at 13:30:49 Pacific

Reply:

http://www.javacoolsoftware.com/spywareblaster.html
Hi Cobalt345, I'd also recommend SpywareBlaster in addition to Adaware and Spybot. I use all three and they work great together. SpywareBlaster will prevent a lot of that crapware from invading your computer. The addy above is the download site for SpywareBlaster, in case you're interested. Good luck!
~Tommyo

net md walkman software comcast.net register remove toolbar mac	golden axe manual DOS menu creator access violation c00005
See More

Response Number 6

Name: ShootinRoc
Date: February 7, 2004 at 07:52:05 Pacific

Reply:

I tried to follow all the advice given and downloaded all that stuff and was deleting Reg. values and what not but it kept coming back so I finally called Golden Palace Casino and complained... the sent me to the following site:
http://remove.monsterserve.com/remove/toolbar/index.html
It gives you directions how to get it off your computer. It acutally gives you the uninstall file. If you don't believe me, call Golden Palace yourself... free call.

Sponsored Link

Ads by Google

Website Quirk - Security ...

Trojan MyDoom B

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Golden Palace Casino

Golden Palace Casino

Summary

www.computing.net/answers/security/golden-palace-casino/9483.html

hijackthis/ golden palace casino

Summary

www.computing.net/answers/security/hijackthis-golden-palace-casino-/9535.html

Removing Golden Palace Casino

Summary

www.computing.net/answers/security/removing-golden-palace-casino/9529.html

From the Geek Dictionary
Crap - Not very good, or very bad. (A slang word for S**t (feces) derived from the...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 3 Days.
Discuss in The Lounge
Poll History

Recent Posts
network timed out after few hours

MYOB Retail Manager

Get tomorrows date in solaris

San storage

Upd8'd iTunes now 2Gen iPod won't sync-Help?

All Awaiting Reply

Tom's News
Man Officially Married Virtual GF, Plans Future

12-inch Netbooks to Go Mainstream in 2010

Man Arrested Robbing RuneScape Characters

Nintendo Sold 1.5 Million Systems Last Week

PS3 Sales Reach All Time High Over Black Friday

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE