Unable to delete unknown files in winsock lsp found by hijack this.

Posted on 2004-11-16
Last Modified: 2013-11-16
After running Hijack This and deleting found nasty processes I am unable to delete 4 unknown files in Winsock lsp.  I am fighting a browser hijacker called search 200.  When Internet Explorer loads and you check the allowed sites in the pop up blocker settings it always lists and as allowed.  following is the hijackthis log.
Logfile of HijackThis v1.98.2
Scan saved at 12:20:56 PM, on 11/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GP Motor Sports\Desktop\hijackthis\HijackThis.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll

Question by:rider164
    LVL 65

    Expert Comment

    Hello rider164 =)

    Use LSPFix to delete those O10 files >>

    Author Comment

    Thanks for the quick reply.
    I ran LSPFix and it did not identify any problem lsp files.
    It listed mswsock, winmr.dll, aplsp.dll and rsvpsp.dll but did not recomend removal of any of these.
    LVL 65

    Expert Comment

    hmmmmm aplsp.dll is really Nasty one, so we are sure that we have to remove it, and so you can Manually remove it using LSPFix :)

    Author Comment

    I removed aplsp.dll.  Now and do not show up in allowed sites in the pop up blocker.  I am still getting a search toolbar across the bottom of the internet explorer page which I thought was from search200 but I am not sure.
    LVL 65

    Accepted Solution

    hmmmm try Using ToolbarCop to remove the unwanted Toolband, Toolbar Icons and BHO:

    Also make sure that you have these tools on your system,
    AdAware ==>
    SpyBot  ==>
    CoolWebShredder ==>
    Stinger ==>

    Turn off ur System Restore before cleaning the system if its WinME\XP >>
    Then Run all of them one by one in safemode and delete everything they detect.
    Then delete the temporary internet files and history of IE
    and run Disk Cleanup on ur hard drive to delete those temp and junk files.
    Restart back in Normal Mode to check for the problems now ?? :)

    Author Comment

    It appears that I am hijacker free.  I am running windows XP, Norton Internet Security, Adaware, Spybot, CoolWebShredder and Stinger.  I ran these in safe mode and cleaned the hard drive per your instructions.  It looks like all is well at this time.
    Thanks, Rider164
    LVL 65

    Expert Comment

    Excellent.... Good Job!! ^_^

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now