How to Delete this process/dll causing advertisement

HI,
I have this problem of pop up advertisemnts that does not seem to go away. I have tried HijackThis, Adaware and Spybpt S&D. Whenever my XP boots up the MSCONFIG shows the following processes:
lphhzwd c:\widows\system32\lphhzwd.exe
MhoL9X3 c:\widows\system32\MhoL9W3.exe

I have tried deleting them from the folder but found only lphhzwd.exe
 and lphhzwd.dll. When I try to delete it I get another process might be using file . On seraching for MhoL9X3  I found MHOL9W3.EXE-1A99B6B0.pf in c:\windows\prefetch.  I also tried unchecking them in MSCONFIG but they reappear. I think they are pop advertisement software that is slowing my machine and causing nuisance . I also tried deleting them in registry \software\Micorsoft\windows\CurrenVersion\run but they reappear.

I have a pop up blocker but i want to remove them from the source.
Any help/advice?
sambha03Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CrazyOneCommented:
Uncheck every thing in MSconfig there is sometthing esle you are missing.
0
CrazyOneCommented:
Sart > Run msconfig
Click on the tab marked "Startup"
unckeck all the items.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
war1Commented:
Greetings, sambha03!

A Search site has downloaded something into your computer.  Run the HijackThis from #3 and post it here.

1. If you have Windows Messenger Service, disable it.  The Messenger service is typically not needed for home users.

Right-click My Computer and click Manage.
Fold out the Services and Applications option and click Services.
Right-click the Messenger entry, select Properties, and choose Disable under Startup Type.
Click OK.

You should no longer receive messages sent via the messenger service.

2. Use the following scanners to find and remove the website.

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

Download the latest updates and run the scanner.

3. Some porn websites redirects links to their websites using your HOSTS file. Do a search for the HOSTS (without extension) file and remove the entry.

4. If still no joy, download HijackThis from Spywareinfo download page

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries. Most are OK. Post the log. I will find the problem for you.

5. For future preventive maintenance, make sure programs cannot just download on your computer without your permission.  From the Internet Toolbar, go to Tools > Internet Options > Advanced.  Make sure "Enable Install On Demand (Internet Explorer)" and "Enable Install On Demand (Other)" are unchecked.

Best wishes, war1
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

CrazyOneCommented:
Delete evey thing in the prefetch folder
0
CrazyOneCommented:
open the task manager and click on the processes tab and then click on lphhzwd.exe and the click the End Process button then delete it.

Task Manager
Star > Run taskmgr.exe
0
sramesh2kCommented:
As CO said, the better option is to use MSConfig > Startup tab. Uncheck the items, reboot windows. Delete the files
And, run Ad-Aware scan.
0
sambha03Author Commented:
sramesh2k, CrazyOne: I already tried unchecking all items in strtup->MSconfig. It loads up again.
war1: I already used S&d, adawre etc
CrazyOne: It doesnt show up in task manger

When I try to delete it it says some program is useing it. I tried 3 times closing all processes in task maneger but I always end up rebotting windows by killing some critical process..
Any other idea?
0
CrazyOneCommented:
Did you try deleting it in safe mode?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CrazyOneCommented:
Use this free utility

Note when you open the program go to the menu View and make sure there is a check mark next to View DLL's if there isn't then click on it.

Process Explorer
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

just click each process one at a time and look at the bottom window note if that file is listed of the dll and if it is kill the process that had the files open.
0
war1Commented:
Did you run HijackThis program and analysis the log file?
0
sambha03Author Commented:
CrazyOne : Thanks a lot!!!I cud delete it in  Safe mode ..it was loading with explorer process so when i wud kill the process the entire screen was going blank in regular boot. I have removed it now...will know in a while if those lousy pop ups are still there.....wish i cud sue these guys who harm n cause nuisnace to everyone....kepping fingers crossed that its all well now :-)
0
CrazyOneCommented:
My fingers are crossed :)
0
sambha03Author Commented:
Works fine...came back after full day and had left 1 IE window open..usualyy I wud expect to find atleast 20 pop ups open...but found not one :-) ....wish there was  an A++ to give :-)
0
CrazyOneCommented:
Glad we were able to assist you :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.