Memory Meter!

Discussion in 'other security issues & news' started by MsDSizz, Jul 14, 2003.

Thread Status:
Not open for further replies.
  1. MsDSizz

    MsDSizz Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    15
    Location:
    Long Island, NY
    Hello all! :D I am a newbie and this is my first post. This is an incredible website. I have been reading through many of the message boards and am gaining quite an education. Thanks to all who contribute by sharing your knowledge and experience. :-*
    I am wondering if anyone has dealt with Memory Meter. o_O Is it harmless? It has somehow found it's way into my system. :mad: It appears on my lower right taskbar as a little meter which gauges the real time memory currently available in my system(?) This means it is constantly running. I want this out of my system but there is no uninstall and do no know of a way to get rid of it. Right mouse clicking shows 3 options. The first is .. Upgrade to Memory Blaster; the second is About and the third is Close. Their website is http://www. memorymeter.com/ and gives no information on removal. They have a site noted for support but will not give you any until you have filled out their form...(me thinks somethings amiss and smells like old fish!)I have Spybot S&D and Spyware Blaster. I am a little uneasy about using the advanced mode in this removal. I have found it in under Tools<ActiveX in the advanced mode of Spybot S&D. I am unsure about how to dispose of this garbage. I would appreciate any feedback! Thanks ;)
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi MsDSizz,

    Welcome at Wilders. :)

    MemoryMeter is part of TotalVelocity spyware.
    If you like I could help you remove it.
    Could you post your HijackThis log
    Download, Unzip and run HijackThis, Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
    Don´t fix anything yet. Most of what it finds is harmless.

    Regards,

    Pieter
     
  3. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    If the usual spyware programs do not do the job maybe DRDelete is worth trying;

    http://www.dslreports.com/forum/remark,7374516~root=winme~mode=flat

    A quick search over at google suggested that Memory Meter is a nuisance to many!!!!!

    For Example, Check out this one;

    http://www.computing.net/windowsxp/wwwboard/forum/69250.html
     
  4. MsDSizz

    MsDSizz Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    15
    Location:
    Long Island, NY
    Thank you both for your response!
    Ok - Pieter
    I did a Hijack This scLogfile of HijackThis v1.95.0
    Scan saved at 1:23:41 PM, on 7/14/03
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\TELEPATH.101\tpexe.exe
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\MCAFEE\VIRUSSCAN95\VSHWIN32.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\DMI\WIN16\BIN\WINSL.EXE
    C:\DMI\SIA\BIN\CSERVICE.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    c:\dmi\sia\bin\os_ac.exe
    c:\dmi\sia\bin\pnp_ac.exe
    C:\WINDOWS\SYSTEM\ATIKEY32.EXE
    c:\dmi\sia\bin\swi_ac.exe
    c:\dmi\sia\bin\dmib_ac.exe
    c:\dmi\sia\bin\logic_ac.exe
    C:\VOYETRA\AS2\AS2TRAY.EXE
    c:\dmi\sia\bin\sprof_ac.exe
    C:\WINDOWS\SYSTEM\ATIICON.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\MEMORYMETER\MEMORYMETER.EXE
    C:\WINDOWS\TVTMD.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\CABS\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Juno Online Services, Inc.
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
    F1 - win.ini: run=winsl.exe cservice.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLL
    O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\HOST.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLL
    O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AtiKey] Atikey32.exe
    O4 - HKLM\..\Run: [TIPS] C:\MSINPUT\tips\mouse\tips.exe
    O4 - HKLM\..\Run: [POINTER] C:\MSINPUT\point32.exe
    O4 - HKLM\..\Run: [VoyetraAudioStation2] C:\VOYETRA\AS2\AS2TRAY.EXE
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\McAfee\VirusScan95\VSHWIN32.EXE
    O4 - HKLM\..\Run: [MemoryMeter] C:\PROGRAM FILES\MEMORYMETER\MEMORYMETER.EXE
    O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.EXE
    O4 - HKLM\..\RunServices: [telepath] TELEPATH.101\tpexe.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\McAfee\VirusScan95\VSHWIN32.EXE
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Juno (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.juno.com/
    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_2_0.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: Yahoo! Pool 2 (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://bannerfarm.ace.advertising.com/bannerfarm/42833/VbouncerOuter1123030505.exe
    O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.net/download/Object/DialerHTML/EGHTMLDialer.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37781.3772916667
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab
    O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8105/turbo.cab
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CABan and this is what I got - I hope this is what you were asking for! :doubt:
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi MsDSizz,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
    O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\HOST.DLL
    O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)
    O4 - HKLM\..\Run: [MemoryMeter] C:\PROGRAM FILES\MEMORYMETER\MEMORYMETER.EXE
    O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.EXE
    O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://bannerfarm.ace.advertising.com/bannerfarm/42833/VbouncerOuter1123030505.exe
    O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.net/download/Object/DialerHTML/EGHTMLDialer.cab
    O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab
    O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8105/turbo.cab

    Reboot after doing so, preferably into safe mode and delete:
    C:\PROGRAM FILES\MEMORYMETER <= entire folder
    C:\WINDOWS\TVTMD.EXE

    Regards,

    Pieter
     
  6. MsDSizz

    MsDSizz Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    15
    Location:
    Long Island, NY
    Thank you again Pieter. :-* The operation was a success! and the patient made it!!! :D No more Memory Meter here!

    Blackcat - I have made a note of DrDelete in case I may ever need it. Thanks for your help!!! ;)
     
  7. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hi MsDSizz.

    If you're looking for a free program to monitor and display memory take a look at WinBar.
    It doesn't have spyware.
    It's customisable and seems to be accurate.
    Some of the options are; a clock,CPU usage,running up-time,RAM available(free)or RAM used.
    The clock can display time,day,and date.
    It also has an uninstaller.



    http://www.winbar.nl/
     
  8. MsDSizz

    MsDSizz Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    15
    Location:
    Long Island, NY
    Thanks the Tester!;) I'll check it out!
     
  9. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hey Testy, that's cool. Thanks for the tip. :D
     
  10. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    One of those great moments of Wilderssecurity :D
     
  11. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hi Root,MsDSizz.

    No Problem.
    I've benefitted from a lot of tips on software myself,especially in this forum. :)

    Hope you like the program.
     
Loading...
Thread Status:
Not open for further replies.