Hi, I was advised to come here and ask for help.

Dammit. I stupidly downloaded a program from a forum and as soon as I opened it it said there was a .DLL missing. This spooked me and I panicked and deleted every part of it I could find of it on my computer, including the files in unzipped. Now when I boot up I get a error message "'Looneytune' Blah blah blah mcinit.ocx(or something like that) is missing." Now the file that is missing I noticed was in the zip file, this makes me think that its a hack and its put a logger or something in my registry.
I have asked other people and they think it could be a trojan/keylogger or god knows what. I ran The norten online scan and it didnt pick up anything but I'm not sure if I scanned correctly. I also ran adware and It came up with nothing. Finally I ran hijackthis and this is the logfile.

Logfile of HijackThis v1.99.1
Scan saved at 10:43:46, on 15/06/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\BT VOYAGER 105 ADSL MODEM\DSLSTAT.EXE
C:\PROGRAM FILES\BT VOYAGER 105 ADSL MODEM\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\CDA\GAMEDRVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL
O4 - HKLM\..\Run: [iupdate] C:\WINDOWS\System32\fontog.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/msnmessengersetupdownloader.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - [url]http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab[/url]



What should I do now? Is there anything dodgy in my registry? Please any advice and help you can give!

Welcome to http://www.pcguide.com/ubb/pcgubb.gif
Your log appears to be clean and it is not clear what the program was or what you did to fix it from your comments... Try running an Ewido scan and then post back with more detail....

http://www.ewido.net/en/

Sorry I wasn't clear enough, I'm not too sure myself. I deleted the zip file it came in, then deleted it from the unzipped folder then searched my computer for it and it came up with nothing. I ran the scans I posted in the first post and they all came up with nothing. And still I get the error upon start up. I couldnt use the scanner you suggested because it said I needed windows xp or above and Im running ME. However I did the trendmicro housecall scan and that came up with nothing aswell. I'm just worried that this is a trojan and can't get rid of this start up error. Do you need a screenshot of the error? Am I being too vague?

Sorry, I didn't pay enough attention to the fact that you are running WinME...

Try this instead... Download and run the trial version of TrojanHunter or TDS3... Be sure to update them as you install since you have to do a manual update later if you don't do it right away...

http://www.trojanhunter.com/

http://tds.diamondcs.com.au/

And a screenshot of the error message would probably be a good idea...

Loukas,

It's sounds like you tried to delete the "Looneytune" program instead of uninstalling it. Look in the Control Panel in "Add/Remove Programs" and see it it is listed there. If it is, see if will finish uninstalling that way.

Another thing to check is whether it's listed in the startup section of msconfig. Go to Start > Run> type in msconfig and hit enter. See if the program is listed there. If it is, uncheck it. That should stop the error message.

Win ME also has a System Restore function that you might want to try. Go to Start > Accessories > System Tools and check out the restore function. If you have a restore point listed from before you downloaded the program, you should be able to return your computer to that point.

I ran trojan hunter and again nothing was found. Here is the screenshot:

http://img.photobucket.com/albums/v219/Loukas/looneytune.jpg


Steve, I checked add/remove and msconfig and there was nothing abnormal to my knowledge and no sign of 'Looneytune' or 'MSINET'. I will perform system restore soon, I just wanna see if there's any other answers.

That is an MS file and here is more info on it:

http://support.microsoft.com/?kbid=873254

Backing up to the beginning... What was the program you were trying to download and run?? What forum did you get it from?? Do you know what DLL was said to be missing?? There may never have been anything wrong and removing the program in bits and pieces may have caused the problem...

The file was a equipment simulator for an online game i play. This is the the thread where I originally found it: Hidden Street (http://www.hidden-street.net/boards/msglist.php?board=4&topic=1801675279) Theres some other people's comments on there that may or may not be of any use. I'm not sure whether its specific to the game or whether it's key logging everything else. Also I'm not sure how long the thread will be up for because people are talking about it being taken down. This is the link from the thread where I downloaded www.freewebs.com/mssimulator (http://www.freewebs.com/mssimulator) It's late for me now so I won't be able to post again for about 10 hours.

::EDIT::
Turns out the site where I downloaded it from has been taken down =/

A quick search indicates that it is not a malware program... It is possible that it could be infected if you downloaded it from a site that hacked it... Right now, the WildTangent and BackWeb programs on your system are the only suspect programs that show up in your log, so it is unlikely that you have a trojan or keylogger...

WildTangent is considered foistware since it tends to push itself on people and may push other products or open the door for bad stuff...

BackWeb is used by a number of legit companies to do updates and exchanges data about you in the process, so some consider it to be spyware...

Also, are you running any protection programs?? I don't see evidence of a firewall or antivirus...

SpywareBlaster or SpywareGuard wanted an .ocx file to properly install and it turned out to be a MBVBM file similar to this issue.

MS had the fix. End of that story.

I don't see any malware protection though either. Hopefully all this is done behind one darn good isp or network... :eek:

At this point, Loukas, I would suggest that you go back and download and install the program again. I can't find anything that would indicate that it's a malicious program. At that point, you can decide whether or not to keep it. If you decide to get rid of it, check to see if it has an uninstall function. If not, you should be able to remove it in "Add/Remove Programs" in the Control Panel. That should complete the uninstall. I think your problem stems from your attempt to improperly uninstall it.

Thanks everyone. The wildtangent and backweb I'll let be. I went and got myself ZoneAlarms as It's the best firewall I've ever used in the past and have heard only good about it. I will run system restore to a week ago, create a new back up point then install the program again. I'll post the results. Thanks again.

::EDIT::
Tried to run system restore but it didn't work because 'nothing has changed'. I also tried to find the file to download again and couldn't anywhere. No sign of any such file through google searches and the site I originally downloaded it from is still frozen. Thus as there seems to be no threat I think I'll just leave it be and out up with the annoying error message at the start. Is that advisable? Otherwise I dunno what to do short or reformatting the whole computer, which I don't wanna do.

A firewall is a good start, but you need more than that for security... Here is my prevention speech:

This is a good time to set up protection against further
attacks. Read the article linked below about "How did I
get infected". You need an antivirus that is updated, a
good firewall (a router firewall is not enough) and a
spyware blocker like SpywareBlaster and also IE-Spyads.
All of these have good free versions available... be very
cautious about any security software that advertises in
popups or other intrusive ways, they are not only usually
useless, but also often have malware in them....

http://www.computercops.biz/postlite7736-.html

Thanks very much, I'll go get myself some more protection then!