MemoryWatcher.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

xthebadsonx

Thread Starter
Joined
Jun 7, 2003
Messages
67
anyone see what doesnt belong?
Logfile of HijackThis v1.97.2
Scan saved at 4:38:18 PM, on 9/14/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\LVCOMS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\AStart.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Adelphia eSupport Assistant\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\JhvX.exe
C:\WINDOWS\System32\Vkra9SG.exe
C:\Documents and Settings\Todd Kinser\Local Settings\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AStart] C:\WINDOWS\system32\AStart
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\Tovr.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adelphia eSupport Assistant.lnk = C:\Program Files\Adelphia eSupport Assistant\bin\matcli.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/01a985f2a44510f0e219/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37862.7067476852
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
 

xthebadsonx

Thread Starter
Joined
Jun 7, 2003
Messages
67
can anyone tell me what this is? I found it on my computer created Sept 1. This is not something i installed! Should i remove it right away?
 
Joined
Mar 25, 2001
Messages
3,334
Well if you don't know what it is, that's not good. If it's in your Add/Remove, you may want to remove it. If it's some sort of foistware, you may have other stuff too. You may want to go here and download Hijack This:

http://www.tomcoyote.org/hjt/

Follow the instructions and post your log here. Folks can then take a look and see what's going on with your pc.

:)
 
Joined
May 28, 2003
Messages
2,366
I've not heard of it, but it sure sounds like spyware to me. Can you check it's properties? Is it running in your Task Manager? Is it in your Start up List?

Now you've got my curiosity cooking! :)
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Merged both posts, the hijack log is on the top ;)
 

xthebadsonx

Thread Starter
Joined
Jun 7, 2003
Messages
67
sorry..i considered this 2 separate things...ads on my computer and this Memory Watcher thing.
 

xthebadsonx

Thread Starter
Joined
Jun 7, 2003
Messages
67
ok i removed Memory Watcher. Bill..i didnt know it was even on my computer until i brought up my Program Files folder and found its folder there. Then i found it in Add/Remove too. It wasnt in my start list or anything like that...no icons etc.
 
Joined
Mar 25, 2001
Messages
3,334
xthebadsonx, just curious, did you already remove memory watcher before posting your HJT log?

On your log, you can remove the following items. Close your browser, check the items in HJT, click Fix and reboot afterwards.

..these first two, assuming you don't want to use Excite as your home page. If you want Excite, then leave them.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1


...these two items I don't recognize at all, do you? If they're legit, then leave them. If not, you can have HJT remove them. An alternative is to disable them from your startup folder to see what they do or don't do.

O4 - HKLM\..\Run: [AStart] C:\WINDOWS\system32\AStart

O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\Tovr.exe


Finally, these can go:

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/01a985f2a44510...ip/RdxIE601.cab


Also a good idea to download Spybot:

http://security.kolla.de/index.php?lang=en&page=download

...after installing, have it go online and download all updates. Then scan your PC for any problems. Whatever it finds in RED is safe to fix.

:)
 
Joined
May 28, 2003
Messages
2,366
OK. I was really curious as to what it was. I noticed on another post, it looked like this: O4 - HKLM\..\Run: [Memory Watcher] C:\Program Files\MemoryWatcher\MemoryWatcher.exe but no information about it. If anyone knows, I hope they will share their knowledge with us.

BillC
 

xthebadsonx

Thread Starter
Joined
Jun 7, 2003
Messages
67
ok i got rid of those u said to..and rebooted and have a new log. As for Memory Watcher..i posted the log before i removed it.
Bill...you can find any info u need about Memory Watcher cause they have a website..i did a yahoo search and found it
 

xthebadsonx

Thread Starter
Joined
Jun 7, 2003
Messages
67
new log
Logfile of HijackThis v1.97.2
Scan saved at 7:17:05 PM, on 9/14/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\LVCOMS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Adelphia eSupport Assistant\bin\mpbtn.exe
C:\Documents and Settings\Todd Kinser\Local Settings\Temp\Temporary Directory 11 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape 6\Netscp.exe" -turbo
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adelphia eSupport Assistant.lnk = C:\Program Files\Adelphia eSupport Assistant\bin\matcli.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37862.7067476852
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
 
Joined
May 28, 2003
Messages
2,366
I did find it....thanks. I first searched MemoryWatcher.exe and not Memory Watcher. DUH!
 

xthebadsonx

Thread Starter
Joined
Jun 7, 2003
Messages
67
yea im sure i got it from DL sumthing that had it in it since im the only one that uses my computer. All my ad problems came from DL Grokster..that was a MAJOR mistake. It seems they have slowed waaay down tho and now im gettin ALOT of junk e-mail so ill prolly change my addy.
I just need to get this damn connection problem taken care of..its insane to have to constantly unplug and plug in the modem just to be online
 

xthebadsonx

Thread Starter
Joined
Jun 7, 2003
Messages
67
while im thinking of it would you Bill or whomever happen to know what a run-time 62 error is?
I get this sometimes and cant get online because of it.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top