I need help removing Golden Palace Casino New PERMANENTLY! I downloaded hijack this and below is the logfile: Logfile of HijackThis v1.97.7 Scan saved at 7:33:46 PM, on 2/6/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\Winamp3\winampa.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\NavNT\vptray.exe C:\WINDOWS\System32\hpiygjvr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\MsnMsgr.exe C:\Program Files\PowerPanel\Program\PcfMgr.exe D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.exe c:\progra~1\Support.com\client\bin\tgcmd.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe C:\WINDOWS\System32\MsgSys.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Sony\SonicStage\Omgjbox.exe C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe C:\Documents and Settings\Jennifer\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.nyu.edu/wpad.dat R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy.nyu.edu/wpad.dat:8000 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {57FAA438-26DD-CE6A-A89A-C3E923BA8FA4} - C:\WINDOWS\system32\olejiuia.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\\winampa.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [ilhfgckj] C:\WINDOWS\leqrngsw.exe O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe O4 - HKLM\..\Run: [y] C:\WINDOWS\System32\efxbnq.exe O4 - HKLM\..\Run: [j] C:\WINDOWS\System32\rmiett.exe O4 - HKLM\..\Run: [lrldzkoc] C:\WINDOWS\System32\hpiygjvr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ld] C:\WINDOWS\ld.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: PowerPanel.lnk = ? O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.exe O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.exe O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM) O9 - Extra button: Copernic Agent (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: MoneySide (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.accessoveloce.com/mar/x/igmpx1.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37858.9071180556 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4305/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F5D297BF-D29D-42F9-A696-A2F2BA5DAED0}: NameServer = 128.122.253.92,128.122.253.37 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nyu.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = nyu.edu O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nyu.edu

http://www.computing.net/security/wwwboard/forum/9345.html Hi Jen; check out the above for another post very similar to yours, and helpful replies. I'm still learning here, so I'm not able to decipher HijackThis logs, but take a look at the above thread, and I think you'll get some helpful info. Hope this helps! ~Tommyo

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php O2 - BHO: (no name) - {57FAA438-26DD-CE6A-A89A-C3E923BA8FA4} - C:\WINDOWS\system32\olejiuia.dll O4 - HKLM\..\Run: [y] C:\WINDOWS\System32\efxbnq.exe O4 - HKLM\..\Run: [j] C:\WINDOWS\System32\rmiett.exe O4 - HKLM\..\Run: [ilhfgckj] C:\WINDOWS\leqrngsw.exe O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\av.exe O4 - HKLM\..\Run: [lrldzkoc] C:\WINDOWS\System32\hpiygjvr.exe O4 - HKCU\..\Run: [ld] C:\WINDOWS\ld.exe O4 - Global Startup: PowerPanel.lnk = ? O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM) O9 - Extra button: Copernic Agent (HKLM) check and fix all of the above. Think yuo could leave the last couple for copernic if you actually use them, but they don't seem too good to me

Also remove these: O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.accessoveloce.com/mar/x/igmpx1.exe To be safe you should move HijackThis to it's own folder instead of a temp folder. That's in case something that something that gets removed needs to be restored. You can't do that from a temp folder.

I finally got fed up with Golden Palace Casino, actually went to their web site, called their customer service number and they emailed me a link to uninstall and it worked! How simple was that! Here are the contents of the email they sent. Dear Customer, When you sign-up with different websites and download various programs from the Internet, it is possible you may also be downloading other programs or applications at the same time as part of their installation bundle. Our company is affiliated with many different websites and it is possible you may have received our software in one of their bundles. All of our affiliates require their customers to agree to their Terms and Conditions before downloading any of their products and any software included with their products. If you download software from the Internet, we highly recommend that you fully read all Terms and Conditions and/or licensing agreements before installing anything. Removing our software from your computer is a simple process. However, you can only do so after it has been completely downloaded to your computer. The full download is just over 60 megabytes. Removing the Software There are three ways of removing the software, try each one in order. If the first doesnt work, try the second; if the second is not successful, try the third. 1. Click the following link for instruction on how to remove the software: http://remove.monsterserve.com/remove/toolbar/index.html 2. Go to http://www.jraun.com and click the uninstall download at the bottom. 3. In some cases, you may also have to remove the software from your computer index directory. This is easy if you follow these steps: 1. Double click the My Computericon on your desktop to open it. 2. Double click the Local Disk (C)icon to open it. 3. Find the folder named Casinothen right-click ONCE on it this will open a drop-down menu. 4. Hold down the SHIFT Key and click DELETE in the drop-down menu simultaneously. 5. Be sure to wait for the final Delete message - you must click YES, then the software will be deleted from your index directory. Keep in mind that our software is not spy-ware, and removing our software will not remove any spy-ware that may have been installed on your computer. We recommend that you download an application called "Ad-Aware" from http://www.lavasoftusa.com and run in periodically to remove annoying spy-ware from your computer. Should you need contact us for further assistance with the removal of the software, our toll free number is 1-888-217-5648.