# Msln program not found



## octa21 (Aug 18, 2009)

HP Presario running XP

Machine was running a little slow so thought it might be a good idea to 
check for malware and ran Spybot after downloading and installing the lastest files. 

Now, when machine boots, I get light blue screen with message:
MSLN PROGRAM NOT FOUND- SKIPPING AUTOCHECK

Machine continues to boot and desktop starts loading. When almost 
entire desktop loads, machine reboots automatically--- this cycle will continue by itself. 

Tried Skybot restore with no luck. 

I can boot machine in safe mode.

Any suggestions on cure?


----------



## JSntgRvr (Jul 1, 2003)

Hi, *octa21* 

Welcome.

Download the enclosed folder. Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, *Regfix.reg* . Once extracted, open the folder and double click on the *Fix.reg* file and select *Yes* when prompted to merge it into the registry.


----------



## octa21 (Aug 18, 2009)

Downloaded & ran-

No longer get "msln" message, but system still reboots right before the entire desktop finishes coming up


----------



## JSntgRvr (Jul 1, 2003)

Can you boot in Safe Mode with Networking? This is how:

Please reboot your computer in *Safe Mode with Networking* by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the option, to run Windows in Safe Mode with Networking, then press *Enter*.
Choose your usual account.
.
If you are able to do so, you should be able to connect to the internet. If successful, follow these steps (You can run the program in Safe Mode for the time being)

Please read and follow all these instructions very carefully.








Please download Malwarebytes' Anti-Malware from *Here*.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*

=====================================================================​
Please download ComboFix from *Here* or *Here* to your Desktop.

***Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop***

If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

During the download, rename *Combofix* to *Combo-Fix* as follows:



















It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------​
*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_.
_Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask._
-----------------------------------------------------------​

Close any open browsers. 
*WARNING: Combofix will disconnect your machine from the Internet as soon as it starts*
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------​
Double click on *combo-Fix.exe* & follow the prompts.
When finished, it will produce a report for you. 
Please post the *"C:\Combo-Fix.txt" *.
***Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall***

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


----------



## octa21 (Aug 18, 2009)

Malwarebytes' Anti-Malware 1.40
Database version: 2653
Windows 5.1.2600 Service Pack 3 (Safe Mode)

8/19/2009 7:51:15 AM
mbam-log-2009-08-19 (07-51-15).txt

Scan type: Quick Scan
Objects scanned: 106635
Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00ae7a9 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)


----------



## JSntgRvr (Jul 1, 2003)

Were you able to run Combofix?


----------

