1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

egieprocess.dll

Discussion in 'Windows XP' started by Stefnmike, Sep 2, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Stefnmike

    Stefnmike Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    62
    I am trying to help my dad figure out what is wrong with his computer. It started with him trying to get on AOL. It would not let him so he uninstalled and tried to reinstall it. He is not able to reinstall it and cant seem to do anything on the computer. It is giving him error messages. One is that his system cant locate egieprocess.dll (or something like that). It gives a GMT.exe error as well. He cant get on the internet to try to fix any of it. I have went to C:/program files/common files/GMT and I see egieprocess.dll, but I am not sure what to do in order to get his computer working again. Can you help?

    Thanks! :confused:
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    GMT.exe is spyware...
    Usually related to the GAIN/Gator adware. GMT.exe is located in "C:\Program Files\Common Files\GMT\".

    Go to Control Panel - Add/Remove Programs...uninstall Gator

    You may want to also download Ad-Aware:
    http://www.lavasoftusa.com/software/adaware/

    It helps remove Spyware
     
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Gator programs may have found their way onto your system when you downloaded a few program such as eWallet or a number of date/time/clock setting programs. It comes bundled with most P2P file sharing networks, the most common of these being KaZaA.

    You'll also want to remove any associated programs like CMESYS.exe, gmt.exe or GAIN_Tickler_*.exe. You can find manual removal instructions at this site: http://www.doxdesk.com/parasite/Gator.html.
    If you use the spyware program called Ad-Aware, you may get a message that Gator can't be removed. Simply reboot your system and rerun Ad-Aware prior to opening any web pages.
     
  4. Stefnmike

    Stefnmike Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    62
    Thank you for your reply. I went to Add/Remove programs already and Gator/Gain was not there. Now what? Is there another location they could be? Or, could they be listed under another name? I cant get on the internet at his house in order to go to the websites you listed. If I remove the entire GMT folder from the C drive as well as anything associated with that folder will it mess other applications up?
    Thanks again!
     
  5. Stefnmike

    Stefnmike Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    62
    I just talked to my dad. He said he downloaded Spy Doctor. He said he thought he uninstalled everything that went with it. Do you know anything about Spy Doctor?

    Thanks!
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Do you mean Spyware Doctor?

    It is a spyware remover
    I still recommend Ad-Aware and SpyBot Search & Destory

    Gator was not listed? How about Kazaa? Trickler?

    Check in Add/Remove
    also check in msconfig

    Go to START - RUN - type in msconfig
    Go to the startup tab
    GMT.exe and CMESYS.EXE may be listed in there. If so, uncheck them and reboot
     
  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  9. Stefnmike

    Stefnmike Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    62
    Ok. I have done everything and its still not working. I have went to add/remove and there is nothing there, not Gator/Gain, Kazaa or trickler. I have went to the doxdesk.com and walked him through the steps of deleting the CMESsys.exe and also somewhere we saw gator.com and deleted that as well. He has rebooted after each thing and the same error message comes up. The GMT.exe and the .dll. Also, a Javahook API error comes up too. Does this have something to do with any of the above? Is there anything else you know of that I can do to fix this? I have also done the msconfig and unchecked the CMEsys and still...nothing.

    Thank you again!
     
  10. Stefnmike

    Stefnmike Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    62
    Also, he said he tried to reinstall AOL again after doing all of the above and its telling him that the installer cant be found. Do you know what that is?

    THANKS!
     
  11. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    Please go to this site and download HiJackThis by Merijn Bellekom:

    ***NOTE***Do not FIX anything without a log analyzer's guidance. MOST of what's listed is necessary for your computer to operate normally.

    HiJackThis download link

    Alternate download links:

    http://www.spychecker.com/program/hijackthis.html

    http://www.majorgeeks.com/download3155.html



    Under "Official Downloads" HiJackThis. It's the 2nd one down.

    Download and unzip to a permanent folder of your own creation.

    Open HiJackThis. Click "Scan". Then, in the lower left corner, click "Save Log".

    Save it to your permanent HiJackThis folder (or floppy disk if necessary).

    The log will open in Notepad. Click "Edit" then "Select All".

    Copy and paste the log back to this thread.
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Gator hides itself very well...
    I'd check back in msconfig for "GStartup"
    if it's there, uncheck it

    Also go into Program Files - Common - delete the folders GMT and CMEII

    Is he reinstalling AOL from a disc?
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Also...ah yes...what FinestRanger said:

    Post a Hijack This log so we can rule out if there are any viruses
     
  14. Stefnmike

    Stefnmike Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    62
    Yes, he is loading AOL from a disc. He can not get on line. It will not let him. Since he cant get online he cant do the Hijack thing. I went to Msconfig again and unchecked Gstartup. Still errors. I went to C/program files/common files/GMT and deleted the GMT folder as well as the CMEII. Still, nothing. Now when he tries to install AOL its telling him that the installation program is damaged or missing and it will not load. When he reboots its still giving him error messages. Like Javahook API. I guess he is going to have to have someone come out and look at it if there is nothing else I can do. If there is anything else that you can think of, please let me know. Thank you so much for all of your help. :)
     
  15. Stefnmike

    Stefnmike Thread Starter

    Joined:
    Sep 2, 2004
    Messages:
    62
    Logfile of HijackThis v1.97.7
    Scan saved at 11:07:13 AM, on 9/3/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
    C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
    C:\WINDOWS\System32\lexpps.exe
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\Program Files\Date Manager\DateManager.exe
    C:\AMERIC~1.0A\aoltray.exe
    C:\America Online 5.0a\waol.exe
    C:\DOCUME~1\DORISG~1\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=9
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://super-spider.com/sp.htm?id=9
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://super-spider.com/sp.htm?id=9
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=9
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://super-spider.com/sp.htm?id=9
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.windowws.cc/hp.htm?id=9
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\yk2u1j30cni.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll (file missing)
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Program Files\DashBar\DashBar15.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\istbar\istbar.dll (file missing)
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Real-Tens] "C:\Program Files\Real-Tens\Real-Tens.exe" /H
    O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [pnpsvc_lock] C:\WINDOWS\System32\30483559.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [ftfnkbqgaldpu] C:\WINDOWS\System32\kxrukn.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
    O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
    O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
    O4 - HKLM\..\Run: [odon] C:\WINDOWS\odon.exe
    O4 - HKLM\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\rsj7aekdmv.exe
    O4 - HKLM\..\Run: [jopa] C:\WINDOWS\System32\sysstartup.exe
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
    O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
    O4 - HKCU\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
    O4 - HKCU\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
    O4 - HKCU\..\Run: [Rdir] C:\Documents and Settings\Doris Gidley\Application Data\daot.exe
    O4 - HKCU\..\Run: [Sbl] C:\WINDOWS\System32\thzrlivc.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - HKCU\..\Run: [jopa] C:\WINDOWS\System32\sysstartup.exe
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\MSO7FTPS.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\MSO7FTPS.EXE
    O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0a\aoltray.exe
    O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
    O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: winlogin.exe
    O4 - Global Startup: Real-time Monitor.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: SideFind (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
    O16 - DPF: DigiChat Applet - http://host16.digichat.com/DigiChat/DigiClasses/Client_IE.cab
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.1.28/flinger/flinger-ob-assets.cab
    O16 - DPF: Squelchies by pogo - http://game3.pogo.com/applet-5.9.1.18/squelchies/squelchies-ob-assets.cab
    O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
    O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsystems.com/cometcursor/download/comet.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.sexis.com/live-dialer/sexdialer.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/048a8a2496901fbe7819/netzip/RdxIE2.cab
    O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http://webpdp.gator.com/v3/download/pdpplugin_4094_hd3ptdm.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://63.166.97.45:1080/activex/AxisCamControl.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://dload.ipbill.com/del/241192.cab
    O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} (180SAInstaller Class) - http://180searchassistant.com/180sainstaller.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.mediacharger.com/real-tens.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_4_0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7B65BF7B-659B-4A8C-A495-762AD3FBF5E6}: NameServer = 205.188.146.146
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269396

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice