Solved

How to Delete this process/dll causing advertisement

Posted on 2003-11-15
14
1,851 Views
Last Modified: 2007-12-19
HI,
I have this problem of pop up advertisemnts that does not seem to go away. I have tried HijackThis, Adaware and Spybpt S&D. Whenever my XP boots up the MSCONFIG shows the following processes:
lphhzwd c:\widows\system32\lphhzwd.exe
MhoL9X3 c:\widows\system32\MhoL9W3.exe

I have tried deleting them from the folder but found only lphhzwd.exe
 and lphhzwd.dll. When I try to delete it I get another process might be using file . On seraching for MhoL9X3  I found MHOL9W3.EXE-1A99B6B0.pf in c:\windows\prefetch.  I also tried unchecking them in MSCONFIG but they reappear. I think they are pop advertisement software that is slowing my machine and causing nuisance . I also tried deleting them in registry \software\Micorsoft\windows\CurrenVersion\run but they reappear.

I have a pop up blocker but i want to remove them from the source.
Any help/advice?
0
Comment
Question by:sambha03
  • 8
  • 3
  • 2
  • +1
14 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757103
Uncheck every thing in MSconfig there is sometthing esle you are missing.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757105
Sart > Run msconfig
Click on the tab marked "Startup"
unckeck all the items.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
 
LVL 97

Expert Comment

by:war1
ID: 9757113
Greetings, sambha03!

A Search site has downloaded something into your computer.  Run the HijackThis from #3 and post it here.

1. If you have Windows Messenger Service, disable it.  The Messenger service is typically not needed for home users.

Right-click My Computer and click Manage.
Fold out the Services and Applications option and click Services.
Right-click the Messenger entry, select Properties, and choose Disable under Startup Type.
Click OK.

You should no longer receive messages sent via the messenger service.

2. Use the following scanners to find and remove the website.

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

Download the latest updates and run the scanner.

3. Some porn websites redirects links to their websites using your HOSTS file. Do a search for the HOSTS (without extension) file and remove the entry.

4. If still no joy, download HijackThis from Spywareinfo download page

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries. Most are OK. Post the log. I will find the problem for you.

5. For future preventive maintenance, make sure programs cannot just download on your computer without your permission.  From the Internet Toolbar, go to Tools > Internet Options > Advanced.  Make sure "Enable Install On Demand (Internet Explorer)" and "Enable Install On Demand (Other)" are unchecked.

Best wishes, war1
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757115
Delete evey thing in the prefetch folder
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757122
open the task manager and click on the processes tab and then click on lphhzwd.exe and the click the End Process button then delete it.

Task Manager
Star > Run taskmgr.exe
0
 
LVL 34

Expert Comment

by:sramesh2k
ID: 9757472
As CO said, the better option is to use MSConfig > Startup tab. Uncheck the items, reboot windows. Delete the files
And, run Ad-Aware scan.
0
 

Author Comment

by:sambha03
ID: 9758412
sramesh2k, CrazyOne: I already tried unchecking all items in strtup->MSconfig. It loads up again.
war1: I already used S&d, adawre etc
CrazyOne: It doesnt show up in task manger

When I try to delete it it says some program is useing it. I tried 3 times closing all processes in task maneger but I always end up rebotting windows by killing some critical process..
Any other idea?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 44

Accepted Solution

by:
CrazyOne earned 500 total points
ID: 9758465
Did you try deleting it in safe mode?
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9758469
Use this free utility

Note when you open the program go to the menu View and make sure there is a check mark next to View DLL's if there isn't then click on it.

Process Explorer
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

just click each process one at a time and look at the bottom window note if that file is listed of the dll and if it is kill the process that had the files open.
0
 
LVL 97

Expert Comment

by:war1
ID: 9759080
Did you run HijackThis program and analysis the log file?
0
 

Author Comment

by:sambha03
ID: 9759785
CrazyOne : Thanks a lot!!!I cud delete it in  Safe mode ..it was loading with explorer process so when i wud kill the process the entire screen was going blank in regular boot. I have removed it now...will know in a while if those lousy pop ups are still there.....wish i cud sue these guys who harm n cause nuisnace to everyone....kepping fingers crossed that its all well now :-)
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9760576
My fingers are crossed :)
0
 

Author Comment

by:sambha03
ID: 9761707
Works fine...came back after full day and had left 1 IE window open..usualyy I wud expect to find atleast 20 pop ups open...but found not one :-) ....wish there was  an A++ to give :-)
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9761714
Glad we were able to assist you :)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now