Memory Meter!

Discussion in 'other security issues & news' started by MsDSizz, Jul 14, 2003.

Thread Status:
Not open for further replies.
  1. MsDSizz

    MsDSizz Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    15
    Location:
    Long Island, NY
    Hello all! :D I am a newbie and this is my first post. This is an incredible website. I have been reading through many of the message boards and am gaining quite an education. Thanks to all who contribute by sharing your knowledge and experience. :-*
    I am wondering if anyone has dealt with Memory Meter. o_O Is it harmless? It has somehow found it's way into my system. :mad: It appears on my lower right taskbar as a little meter which gauges the real time memory currently available in my system(?) This means it is constantly running. I want this out of my system but there is no uninstall and do no know of a way to get rid of it. Right mouse clicking shows 3 options. The first is .. Upgrade to Memory Blaster; the second is About and the third is Close. Their website is http://www. memorymeter.com/ and gives no information on removal. They have a site noted for support but will not give you any until you have filled out their form...(me thinks somethings amiss and smells like old fish!)I have Spybot S&D and Spyware Blaster. I am a little uneasy about using the advanced mode in this removal. I have found it in under Tools<ActiveX in the advanced mode of Spybot S&D. I am unsure about how to dispose of this garbage. I would appreciate any feedback! Thanks ;)
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi MsDSizz,

    Welcome at Wilders. :)

    MemoryMeter is part of TotalVelocity spyware.
    If you like I could help you remove it.
    Could you post your HijackThis log
    Download, Unzip and run HijackThis, Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
    Don´t fix anything yet. Most of what it finds is harmless.

    Regards,

    Pieter
     
  3. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    If the usual spyware programs do not do the job maybe DRDelete is worth trying;

    http://www.dslreports.com/forum/remark,7374516~root=winme~mode=flat

    A quick search over at google suggested that Memory Meter is a nuisance to many!!!!!

    For Example, Check out this one;

    http://www.computing.net/windowsxp/wwwboard/forum/69250.html
     
  4. MsDSizz

    MsDSizz Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    15
    Location:
    Long Island, NY
    Thank you both for your response!
    Ok - Pieter
    I did a Hijack This scLogfile of HijackThis v1.95.0
    Scan saved at 1:23:41 PM, on 7/14/03
    Platform: Windows 98 Gold (Win9x 4.10.199:cool:
    MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\TELEPATH.101\tpexe.exe
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\MCAFEE\VIRUSSCAN95\VSHWIN32.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\DMI\WIN16\BIN\WINSL.EXE
    C:\DMI\SIA\BIN\CSERVICE.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    c:\dmi\sia\bin\os_ac.exe
    c:\dmi\sia\bin\pnp_ac.exe
    C:\WINDOWS\SYSTEM\ATIKEY32.EXE
    c:\dmi\sia\bin\swi_ac.exe
    c:\dmi\sia\bin\dmib_ac.exe
    c:\dmi\sia\bin\logic_ac.exe
    C:\VOYETRA\AS2\AS2TRAY.EXE
    c:\dmi\sia\bin\sprof_ac.exe
    C:\WINDOWS\SYSTEM\ATIICON.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\MEMORYMETER\MEMORYMETER.EXE
    C:\WINDOWS\TVTMD.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\CABS\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Juno Online Services, Inc.
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
    F1 - win.ini: run=winsl.exe cservice.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLL
    O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\HOST.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_1_5_0.DLL
    O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [AtiKey] Atikey32.exe
    O4 - HKLM\..\Run: [TIPS] C:\MSINPUT\tips\mouse\tips.exe
    O4 - HKLM\..\Run: [POINTER] C:\MSINPUT\point32.exe
    O4 - HKLM\..\Run: [VoyetraAudioStation2] C:\VOYETRA\AS2\AS2TRAY.EXE
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\McAfee\VirusScan95\VSHWIN32.EXE
    O4 - HKLM\..\Run: [MemoryMeter] C:\PROGRAM FILES\MEMORYMETER\MEMORYMETER.EXE
    O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.EXE
    O4 - HKLM\..\RunServices: [telepath] TELEPATH.101\tpexe.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\McAfee\VirusScan95\VSHWIN32.EXE
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Juno (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.juno.com/
    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_2_0.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: Yahoo! Pool 2 (YInstStarter Class) - http://download.games.yahoo.com/games/clients/y/potb_x.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://bannerfarm.ace.advertising.com/bannerfarm/42833/VbouncerOuter1123030505.exe
    O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.net/download/Object/DialerHTML/EGHTMLDialer.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37781.3772916667
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab
    O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8105/turbo.cab
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CABan and this is what I got - I hope this is what you were asking for! :doubt:
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi MsDSizz,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
    O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\HOST.DLL
    O3 - Toolbar: (no name) - {8E4C16F3-45C8-4B24-99E6-F55082B7C4F1} - (no file)
    O4 - HKLM\..\Run: [MemoryMeter] C:\PROGRAM FILES\MEMORYMETER\MEMORYMETER.EXE
    O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.EXE
    O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://bannerfarm.ace.advertising.com/bannerfarm/42833/VbouncerOuter1123030505.exe
    O16 - DPF: {B843DA96-2B2D-447E-90AB-B92929AA11AF} (HTMLDialer Class) - http://usa-download.nocreditcard.net/download/Object/DialerHTML/EGHTMLDialer.cab
    O16 - DPF: {AFDBB6D0-6B96-419C-8BC6-FF0B99368C0B} - http://www.memorymeter.com/MemoryMeter.cab
    O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8105/turbo.cab

    Reboot after doing so, preferably into safe mode and delete:
    C:\PROGRAM FILES\MEMORYMETER <= entire folder
    C:\WINDOWS\TVTMD.EXE

    Regards,

    Pieter
     
  6. MsDSizz

    MsDSizz Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    15
    Location:
    Long Island, NY
    Thank you again Pieter. :-* The operation was a success! and the patient made it!!! :D No more Memory Meter here!

    Blackcat - I have made a note of DrDelete in case I may ever need it. Thanks for your help!!! ;)
     
  7. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hi MsDSizz.

    If you're looking for a free program to monitor and display memory take a look at WinBar.
    It doesn't have spyware.
    It's customisable and seems to be accurate.
    Some of the options are; a clock,CPU usage,running up-time,RAM available(free)or RAM used.
    The clock can display time,day,and date.
    It also has an uninstaller.



    http://www.winbar.nl/
     
  8. MsDSizz

    MsDSizz Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    15
    Location:
    Long Island, NY
    Thanks the Tester!;) I'll check it out!
     
  9. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hey Testy, that's cool. Thanks for the tip. :D
     
  10. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    One of those great moments of Wilderssecurity :D
     
  11. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Hi Root,MsDSizz.

    No Problem.
    I've benefitted from a lot of tips on software myself,especially in this forum. :)

    Hope you like the program.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.