i can not get rid of golden palace casino i read some posts and they suggested hijackthis but i need to know what to fix after my scan here is my hijackthis log Logfile of HijackThis v1.97.7 Scan saved at 1:25:29 AM, on 2/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\HP\KBD\KBD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\WildTangent\Apps\GameChannel.exe C:\WINDOWS\ALCXMNTR.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.exe C:\WINDOWS\wt\updater\wcmdmgr.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe C:\Program Files\Media\Media\UpdateStats.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\IEDriver\IEDriver.exe C:\PROGRA~1\Save\Save.exe C:\WINDOWS\uptodate.exe C:\Program Files\SuperBar\sbhc.exe C:\WINDOWS\System32\ahijwppg.exe C:\Program Files\Common files\updater\wupdater.exe C:\WINDOWS\System32\a.exe C:\WINDOWS\System32\wjview.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\AIM\aim.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\ClockSync\Sync.exe C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe C:\Program Files\Ulead Systems\Ulead PhotoImpact 4.2\ABMTSR.exe C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe C:\WINDOWS\System32\PfjL0.exe C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe C:\Documents and Settings\Owner\Application Data\DownloadPlus.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\WINDOWS\System32\Xho5z.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\couponsandoffers\couponsandoffers.exe C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radford.edu/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchalot.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchalot.com/search.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=132986 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchalot.com/search.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchalot.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchalot.com/search.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchalot.com/search.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchalot.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchalot.com/search.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dev.ntcor.com/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.sqwire.com/homepage.php?aid=975 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://us8.hpwis.com/ O1 - Hosts: 216.177.73.139 auto.search.msn.com O1 - Hosts: 216.177.73.139 search.netscape.com O1 - Hosts: 216.177.73.139 ieautosearch O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\ADDRES~1\cnbabe.dll O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1311.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SuperBar\SuperBar.Dll O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SuperBar - {F9314D06-6B4B-45FA-B71A-836F7A839C49} - C:\Program Files\SuperBar\SuperBar.Dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [USSShReg] C:\PROGRA~1\ULEADS~1\ULEADP~1.2\SSaver\Ussshreg.exe /r O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [EanthologyApp] C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.exe /b Startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.exe -b O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [wztbxiek] C:\WINDOWS\qbnsrajb.exe O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1 O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe O4 - HKLM\..\Run: [SQUpdatesChecker] C:\Program Files\Sqwire\uc.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Stop-the-Pop-Up Lite\stopthepop.exe" -minimized O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe O4 - HKLM\..\Run: [couponsandoffers] wjview /cp:p "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers" O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Dfmc1bV0.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q O4 - HKCU\..\Run: [HXDL.EXE] C:\Program Files\Alset\HelpExpress\Owner\HXDL.exe -silent O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Owner\Application Data\DownloadPlus.exe O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 4.2\ABMTSR.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Scanner Detector.lnk = C:\Program Files\ScanSuite\SDetect.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm O9 - Extra button: Sidesearch (HKLM) O9 - Extra 'Tools' menuitem: Turbo Download (HKLM) O9 - Extra 'Tools' menuitem: Block This Page (HKLM) O9 - Extra 'Tools' menuitem: Search the Internet (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra 'Tools' menuitem: Free Software Downloads (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O10 - Hijacked Internet access by New.Net O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing O11 - Options group: [CommonName] CommonName O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} (AxOOdlz Class) - http://www.stop-sign.com/pub/download/stop-sign_pop.cab O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_27/QDow.cab O16 - DPF: {9F32B991-C2C3-883B-5A6F-2CF622E5C95B} (DownloadUL Class) - http://public.searchbarcash.com/cab/364/zkkaywin.cab O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} - http://www.spyblast.com/download/SBFS.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F7ADCFE3-AA28-F99E-E665-B13AC332D249} (DownloadUL Class) - http://public.searchbarcash.com/cab/351/atrwzpca.cab

Hello Jlandes, You are harassed by cookies spywares and pop-ups, which use your internet connexion to disturb you when "online". I suggest you download theses two freewares into your system: 1)AdAware 6.0/181 2)SpywareBlaster 2.61 As soon as you installed it, download from the two programs the most recent signatures definitions .... Good luck....

You are also afflicted with the peper virus O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Dfmc1bV0.exe go to Peper Removal and uninstall peper first. Then download and run CWShredder using 'fix' Then go to A Good Place To Start and do EVERYTHING it says there before posting new HJT log HTH Dog

I finally got fed up with Golden Palace Casino, actually went to their web site, called their customer service number and they emailed me a link to uninstall and it worked! How simple was that! Here are the contents of the email they sent. Dear Customer, When you sign-up with different websites and download various programs from the Internet, it is possible you may also be downloading other programs or applications at the same time as part of their installation bundle. Our company is affiliated with many different websites and it is possible you may have received our software in one of their bundles. All of our affiliates require their customers to agree to their Terms and Conditions before downloading any of their products and any software included with their products. If you download software from the Internet, we highly recommend that you fully read all Terms and Conditions and/or licensing agreements before installing anything. Removing our software from your computer is a simple process. However, you can only do so after it has been completely downloaded to your computer. The full download is just over 60 megabytes. Removing the Software There are three ways of removing the software, try each one in order. If the first doesnt work, try the second; if the second is not successful, try the third. 1. Click the following link for instruction on how to remove the software: http://remove.monsterserve.com/remove/toolbar/index.html 2. Go to http://www.jraun.com and click the uninstall download at the bottom. 3. In some cases, you may also have to remove the software from your computer index directory. This is easy if you follow these steps: 1. Double click the My Computericon on your desktop to open it. 2. Double click the Local Disk (C)icon to open it. 3. Find the folder named Casinothen right-click ONCE on it this will open a drop-down menu. 4. Hold down the SHIFT Key and click DELETE in the drop-down menu simultaneously. 5. Be sure to wait for the final Delete message - you must click YES, then the software will be deleted from your index directory. Keep in mind that our software is not spy-ware, and removing our software will not remove any spy-ware that may have been installed on your computer. We recommend that you download an application called "Ad-Aware" from http://www.lavasoftusa.com and run in periodically to remove annoying spy-ware from your computer. Should you need contact us for further assistance with the removal of the software, our toll free number is 1-888-217-5648.