Msansspc.dll problem with attached logs

This is the main file that cannot be removed with my antivirus software. After doing the 8 step virus removal instructions, I can now click on search results in google (previously it was being redirected). I noticed my pc is generally operating quicker and more efficiently after running all those scans and updating java. Any help is greatly appreciated.

You have a seriously infected system- Vundo, AntivirusXp 2009 and a Rootkit. Some has been removed, but you will need to turn off the Real Time Monitoring and run the programs again.

Please see this for instructions:
Temporarily Disable Real Time Monitoring Programs:
http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs
* 1 Spybot S&D (Teatimer)
* 2 Ad-Aware Ad-Watch
* 3 Spywareguard
* 4 Windows Defender
* 5 TrojanHunter Guard
* 6 Disable SpySweeper
* 7 WinPatrol
* 8 CounterSpy
* 9 AVG Anti-Spyware (formerly ewido)
* 10 Spyware Doctor
* 11 Prevx
* 12 ProcessGuard
* 13 ZoneAlarm's OS Firewall
* 14 Ad-Aware 2007 Service

Thanks for the reply. I did what you said and got some new logs to post up. What are my options at this point?

The Rootkit TDSServ is still showing in SAS, but Mbam and HijackThis are clean..
Lets follow this to remove:

***NOTE: Path for #7 & #8:
Right click on Start> Explore> Windows > System 32

#9: SD FIX- what it does: http://www.bleepingcomputer.com/forums/topic131299.html

#9: ComboFix:

Rescan with HijackThis and attach logs from SDFix, ComboFix and HijackThis.

I appreciate your continued help to me. Thank you.

I followed your instructions and have new logs. I look forward to your response.

You did very well! Five posts and it looks to me like you're clean as a whistle!

Did you look at the logs to see what was found and removed?

Please give me system status. If running well, we can remove the cleaning tools and restore points.

OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name T42
System Manufacturer IBM
System Model 2374JU4
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 6 GenuineIntel ~1694 Mhz
BIOS Version/Date IBM 1RETDRWW (3.23 ), 6/18/2007
SMBIOS Version 2.33
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
User Name T42\mboatright
Time Zone Pacific Standard Time
Total Physical Memory 768.00 MB
Available Physical Memory 317.16 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.46 GB
Page File C:\pagefile.sys

Please put your System Specs information in your Profile <==

Otherwise you will need to paste them in on every new thread you make!

No, I'm sorry- you misunderstood. When I ask for system status, I want you to tell me how the computer is running and if original problems have been resolved!

No upload needed- just a few words.

Everything seems to be working fine, no problems that I can tell. Thanks a lot for all your help! =)

You're welcome. Please let us know if you need more help.

I have a couple more questions.

When I turned Spybot TeaTimer back on, it prompted me to allow or deny several changes. Is this because of all the scans I ran, and changes those scans made? Also, I ran an Avast virus scan and there are several files that cannot be scanned because access is denied. What can I do here?

This is the issue with Spybots S&D
When a message pops up saying allow or deny from the programs Tea Timer (resident protection) A user must try to learn or search for what the issue is in relation to, on the spot!

In most cases this is highly technical areas, that normal users just can't do
But to confirm which way you should go (allow or deny) you really need to do this on each individual popup. ie Bobbye cannot advise you if it's ok or not, without knowing what the message Allow\Deny single issue is.

Not only that, but you may get tens or hundreds of these popups from Spybots S&D all the time. It would literally take hours, if not days to know them all, and then apply your answer correctly.

Therefore Spybots S&D may not be actually ideal for the standard Windows user
ie They may "Allow" when they should have "Denied"
Personally I say, if you're unsure, just un-install Spybots S&D


As for Antivirus not scanning some files (in use) that's ok

Thanks for the reply.

For a Firewall, would you recommend Comodo or Zone Alarm for me?

Also, when I install either of those, should I turn off my windows firewall?

they automatically turn windows firewall off for you

Zonealarm and comodo are kinda different but work the same

Zonealarm is a application based firewall

Comodo is a rule based firewall

From people, they say comodo is lighter on the system then zonealarm
They also say using comodo is easier once you get the hang of it

It is however up to you

Zonealarm is easier to config

I went with your advice with uninstalling Spybot. When I uninstalled it, however, I noticed I could not connect to someone in a online game I frequent. I re installed spybot and now it works again. Is there any way to completely get rid of spybot and everything that comes with it?

Running Spybot when you need it is okay. I would just leave Tea Timer disabled. Any Real Time alert feature can be very confusing to deal with.

Spybot S&D (Teatimer)

I had the AdAware SE paid for several years. That version had a Registry alert, AdWatch. Every time there was any change to the Registry, it popped up. Just about anything we do makes a change to the registry, so I ended up disabling AdWatch!

just a little update:


i'm doing good now! i feel like everything is secure now, but would it be safe for me to access things like my banking account online? is there a possibility that something is creeping in the background waiting to access my info?

Your system should be clean. If you would like to run one more HijackThis scan I'll check it for you. If clean we can remove the cleaning programs and old restore points.

New HJT attachment.

When I tried removing Spybot s&d it would not let me connect in a certain program so I am weary of removing things, unless I did something wrong. I had to reinstall spybot to connect in this program.