egieprocess.dll

[Stefnmike]

I am trying to help my dad figure out what is wrong with his computer. It started with him trying to get on AOL. It would not let him so he uninstalled and tried to reinstall it. He is not able to reinstall it and cant seem to do anything on the computer. It is giving him error messages. One is that his system cant locate egieprocess.dll (or something like that). It gives a GMT.exe error as well. He cant get on the internet to try to fix any of it. I have went to C:/program files/common files/GMT and I see egieprocess.dll, but I am not sure what to do in order to get his computer working again. Can you help?

Thanks!

 

[Cheeseball81]

GMT.exe is spyware...
Usually related to the GAIN/Gator adware. GMT.exe is located in "C:\Program Files\Common Files\GMT\".

Go to Control Panel - Add/Remove Programs...uninstall Gator

You may want to also download Ad-Aware:
http://www.lavasoftusa.com/software/adaware/

It helps remove Spyware

 

[Cheeseball81]

Gator programs may have found their way onto your system when you downloaded a few program such as eWallet or a number of date/time/clock setting programs. It comes bundled with most P2P file sharing networks, the most common of these being KaZaA.

You'll also want to remove any associated programs like CMESYS.exe, gmt.exe or GAIN_Tickler_*.exe. You can find manual removal instructions at this site: http://www.doxdesk.com/parasite/Gator.html.
If you use the spyware program called Ad-Aware, you may get a message that Gator can't be removed. Simply reboot your system and rerun Ad-Aware prior to opening any web pages.

 

[Stefnmike]

Thank you for your reply. I went to Add/Remove programs already and Gator/Gain was not there. Now what? Is there another location they could be? Or, could they be listed under another name? I cant get on the internet at his house in order to go to the websites you listed. If I remove the entire GMT folder from the C drive as well as anything associated with that folder will it mess other applications up?
Thanks again!

 

[Stefnmike]

I just talked to my dad. He said he downloaded Spy Doctor. He said he thought he uninstalled everything that went with it. Do you know anything about Spy Doctor?

Thanks!

 

[Cheeseball81]

Do you mean Spyware Doctor?

It is a spyware remover
I still recommend Ad-Aware and SpyBot Search & Destory

Gator was not listed? How about Kazaa? Trickler?

Check in Add/Remove
also check in msconfig

Go to START - RUN - type in msconfig
Go to the startup tab
GMT.exe and CMESYS.EXE may be listed in there. If so, uncheck them and reboot

 

[Cheeseball81]

Ad-Aware from www.lavasoft.de
SpyBot Search & Destroy from www.safer-networking.org/
Both have free versions

 

[Cheeseball81]

Also, check out this site:
http://www.inet-mates.com/articles/3_rm_gain.html

It gives you complete instruction of removal

 

[Stefnmike]

Ok. I have done everything and its still not working. I have went to add/remove and there is nothing there, not Gator/Gain, Kazaa or trickler. I have went to the doxdesk.com and walked him through the steps of deleting the CMESsys.exe and also somewhere we saw gator.com and deleted that as well. He has rebooted after each thing and the same error message comes up. The GMT.exe and the .dll. Also, a Javahook API error comes up too. Does this have something to do with any of the above? Is there anything else you know of that I can do to fix this? I have also done the msconfig and unchecked the CMEsys and still...nothing.

Thank you again!

 

[Stefnmike]

Also, he said he tried to reinstall AOL again after doing all of the above and its telling him that the installer cant be found. Do you know what that is?

THANKS!

 

[FinestRanger]

Please go to this site and download HiJackThis by Merijn Bellekom:

***NOTE***Do not FIX anything without a log analyzer's guidance. MOST of what's listed is necessary for your computer to operate normally.

HiJackThis download link

Alternate download links:

http://www.spychecker.com/program/hijackthis.html

http://www.majorgeeks.com/download3155.html



Under "Official Downloads" HiJackThis. It's the 2nd one down.

Download and unzip to a permanent folder of your own creation.

Open HiJackThis. Click "Scan". Then, in the lower left corner, click "Save Log".

Save it to your permanent HiJackThis folder (or floppy disk if necessary).

The log will open in Notepad. Click "Edit" then "Select All".

Copy and paste the log back to this thread.

 

[Cheeseball81]

Gator hides itself very well...
I'd check back in msconfig for "GStartup"
if it's there, uncheck it

Also go into Program Files - Common - delete the folders GMT and CMEII

Is he reinstalling AOL from a disc?

 

[Cheeseball81]

Also...ah yes...what FinestRanger said:

Post a Hijack This log so we can rule out if there are any viruses

 

[Stefnmike]

Yes, he is loading AOL from a disc. He can not get on line. It will not let him. Since he cant get online he cant do the Hijack thing. I went to Msconfig again and unchecked Gstartup. Still errors. I went to C/program files/common files/GMT and deleted the GMT folder as well as the CMEII. Still, nothing. Now when he tries to install AOL its telling him that the installation program is damaged or missing and it will not load. When he reboots its still giving him error messages. Like Javahook API. I guess he is going to have to have someone come out and look at it if there is nothing else I can do. If there is anything else that you can think of, please let me know. Thank you so much for all of your help.

 

[Stefnmike]

Logfile of HijackThis v1.97.7
Scan saved at 11:07:13 AM, on 9/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Date Manager\DateManager.exe
C:\AMERIC~1.0A\aoltray.exe
C:\America Online 5.0a\waol.exe
C:\DOCUME~1\DORISG~1\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://super-spider.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://super-spider.com/sp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://super-spider.com/sp.htm?id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.windowws.cc/hp.htm?id=9
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\yk2u1j30cni.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll (file missing)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Program Files\DashBar\DashBar15.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\istbar\istbar.dll (file missing)
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Real-Tens] "C:\Program Files\Real-Tens\Real-Tens.exe" /H
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [pnpsvc_lock] C:\WINDOWS\System32\30483559.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ftfnkbqgaldpu] C:\WINDOWS\System32\kxrukn.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [odon] C:\WINDOWS\odon.exe
O4 - HKLM\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\rsj7aekdmv.exe
O4 - HKLM\..\Run: [jopa] C:\WINDOWS\System32\sysstartup.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKCU\..\Run: [IM] C:\program files\earthlinkim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - HKCU\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
O4 - HKCU\..\Run: [Rdir] C:\Documents and Settings\Doris Gidley\Application Data\daot.exe
O4 - HKCU\..\Run: [Sbl] C:\WINDOWS\System32\thzrlivc.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [jopa] C:\WINDOWS\System32\sysstartup.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\MSO7FTPS.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\MSO7FTPS.EXE
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0a\aoltray.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: winlogin.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: SideFind (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: DigiChat Applet - http://host16.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.1.28/flinger/flinger-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.com/applet-5.9.1.18/squelchies/squelchies-ob-assets.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - http://files.cometsystems.com/cometcursor/download/comet.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.sexis.com/live-dialer/sexdialer.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/048a8a2496901fbe7819/netzip/RdxIE2.cab
O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http://webpdp.gator.com/v3/download/pdpplugin_4094_hd3ptdm.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://63.166.97.45:1080/activex/AxisCamControl.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://dload.ipbill.com/del/241192.cab
O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} (180SAInstaller Class) - http://180searchassistant.com/180sainstaller.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.mediacharger.com/real-tens.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_4_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B65BF7B-659B-4A8C-A495-762AD3FBF5E6}: NameServer = 205.188.146.146