Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to Delete this process/dll causing advertisement

Posted on 2003-11-15
14
Medium Priority
?
1,868 Views
Last Modified: 2007-12-19
HI,
I have this problem of pop up advertisemnts that does not seem to go away. I have tried HijackThis, Adaware and Spybpt S&D. Whenever my XP boots up the MSCONFIG shows the following processes:
lphhzwd c:\widows\system32\lphhzwd.exe
MhoL9X3 c:\widows\system32\MhoL9W3.exe

I have tried deleting them from the folder but found only lphhzwd.exe
 and lphhzwd.dll. When I try to delete it I get another process might be using file . On seraching for MhoL9X3  I found MHOL9W3.EXE-1A99B6B0.pf in c:\windows\prefetch.  I also tried unchecking them in MSCONFIG but they reappear. I think they are pop advertisement software that is slowing my machine and causing nuisance . I also tried deleting them in registry \software\Micorsoft\windows\CurrenVersion\run but they reappear.

I have a pop up blocker but i want to remove them from the source.
Any help/advice?
0
Comment
Question by:sambha03
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
  • 2
  • +1
14 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757103
Uncheck every thing in MSconfig there is sometthing esle you are missing.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757105
Sart > Run msconfig
Click on the tab marked "Startup"
unckeck all the items.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
 
LVL 97

Expert Comment

by:war1
ID: 9757113
Greetings, sambha03!

A Search site has downloaded something into your computer.  Run the HijackThis from #3 and post it here.

1. If you have Windows Messenger Service, disable it.  The Messenger service is typically not needed for home users.

Right-click My Computer and click Manage.
Fold out the Services and Applications option and click Services.
Right-click the Messenger entry, select Properties, and choose Disable under Startup Type.
Click OK.

You should no longer receive messages sent via the messenger service.

2. Use the following scanners to find and remove the website.

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

Download the latest updates and run the scanner.

3. Some porn websites redirects links to their websites using your HOSTS file. Do a search for the HOSTS (without extension) file and remove the entry.

4. If still no joy, download HijackThis from Spywareinfo download page

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries. Most are OK. Post the log. I will find the problem for you.

5. For future preventive maintenance, make sure programs cannot just download on your computer without your permission.  From the Internet Toolbar, go to Tools > Internet Options > Advanced.  Make sure "Enable Install On Demand (Internet Explorer)" and "Enable Install On Demand (Other)" are unchecked.

Best wishes, war1
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757115
Delete evey thing in the prefetch folder
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757122
open the task manager and click on the processes tab and then click on lphhzwd.exe and the click the End Process button then delete it.

Task Manager
Star > Run taskmgr.exe
0
 
LVL 34

Expert Comment

by:sramesh2k
ID: 9757472
As CO said, the better option is to use MSConfig > Startup tab. Uncheck the items, reboot windows. Delete the files
And, run Ad-Aware scan.
0
 

Author Comment

by:sambha03
ID: 9758412
sramesh2k, CrazyOne: I already tried unchecking all items in strtup->MSconfig. It loads up again.
war1: I already used S&d, adawre etc
CrazyOne: It doesnt show up in task manger

When I try to delete it it says some program is useing it. I tried 3 times closing all processes in task maneger but I always end up rebotting windows by killing some critical process..
Any other idea?
0
 
LVL 44

Accepted Solution

by:
CrazyOne earned 2000 total points
ID: 9758465
Did you try deleting it in safe mode?
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9758469
Use this free utility

Note when you open the program go to the menu View and make sure there is a check mark next to View DLL's if there isn't then click on it.

Process Explorer
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

just click each process one at a time and look at the bottom window note if that file is listed of the dll and if it is kill the process that had the files open.
0
 
LVL 97

Expert Comment

by:war1
ID: 9759080
Did you run HijackThis program and analysis the log file?
0
 

Author Comment

by:sambha03
ID: 9759785
CrazyOne : Thanks a lot!!!I cud delete it in  Safe mode ..it was loading with explorer process so when i wud kill the process the entire screen was going blank in regular boot. I have removed it now...will know in a while if those lousy pop ups are still there.....wish i cud sue these guys who harm n cause nuisnace to everyone....kepping fingers crossed that its all well now :-)
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9760576
My fingers are crossed :)
0
 

Author Comment

by:sambha03
ID: 9761707
Works fine...came back after full day and had left 1 IE window open..usualyy I wud expect to find atleast 20 pop ups open...but found not one :-) ....wish there was  an A++ to give :-)
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9761714
Glad we were able to assist you :)
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question