Solved

How to Delete this process/dll causing advertisement

Posted on 2003-11-15
14
1,854 Views
Last Modified: 2007-12-19
HI,
I have this problem of pop up advertisemnts that does not seem to go away. I have tried HijackThis, Adaware and Spybpt S&D. Whenever my XP boots up the MSCONFIG shows the following processes:
lphhzwd c:\widows\system32\lphhzwd.exe
MhoL9X3 c:\widows\system32\MhoL9W3.exe

I have tried deleting them from the folder but found only lphhzwd.exe
 and lphhzwd.dll. When I try to delete it I get another process might be using file . On seraching for MhoL9X3  I found MHOL9W3.EXE-1A99B6B0.pf in c:\windows\prefetch.  I also tried unchecking them in MSCONFIG but they reappear. I think they are pop advertisement software that is slowing my machine and causing nuisance . I also tried deleting them in registry \software\Micorsoft\windows\CurrenVersion\run but they reappear.

I have a pop up blocker but i want to remove them from the source.
Any help/advice?
0
Comment
Question by:sambha03
  • 8
  • 3
  • 2
  • +1
14 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757103
Uncheck every thing in MSconfig there is sometthing esle you are missing.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757105
Sart > Run msconfig
Click on the tab marked "Startup"
unckeck all the items.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
 
LVL 97

Expert Comment

by:war1
ID: 9757113
Greetings, sambha03!

A Search site has downloaded something into your computer.  Run the HijackThis from #3 and post it here.

1. If you have Windows Messenger Service, disable it.  The Messenger service is typically not needed for home users.

Right-click My Computer and click Manage.
Fold out the Services and Applications option and click Services.
Right-click the Messenger entry, select Properties, and choose Disable under Startup Type.
Click OK.

You should no longer receive messages sent via the messenger service.

2. Use the following scanners to find and remove the website.

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/

Download the latest updates and run the scanner.

3. Some porn websites redirects links to their websites using your HOSTS file. Do a search for the HOSTS (without extension) file and remove the entry.

4. If still no joy, download HijackThis from Spywareinfo download page

http://www.spywareinfo.com/downloads.php

Run the program and you will find many entries. Most are OK. Post the log. I will find the problem for you.

5. For future preventive maintenance, make sure programs cannot just download on your computer without your permission.  From the Internet Toolbar, go to Tools > Internet Options > Advanced.  Make sure "Enable Install On Demand (Internet Explorer)" and "Enable Install On Demand (Other)" are unchecked.

Best wishes, war1
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757115
Delete evey thing in the prefetch folder
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9757122
open the task manager and click on the processes tab and then click on lphhzwd.exe and the click the End Process button then delete it.

Task Manager
Star > Run taskmgr.exe
0
 
LVL 34

Expert Comment

by:sramesh2k
ID: 9757472
As CO said, the better option is to use MSConfig > Startup tab. Uncheck the items, reboot windows. Delete the files
And, run Ad-Aware scan.
0
 

Author Comment

by:sambha03
ID: 9758412
sramesh2k, CrazyOne: I already tried unchecking all items in strtup->MSconfig. It loads up again.
war1: I already used S&d, adawre etc
CrazyOne: It doesnt show up in task manger

When I try to delete it it says some program is useing it. I tried 3 times closing all processes in task maneger but I always end up rebotting windows by killing some critical process..
Any other idea?
0
 
LVL 44

Accepted Solution

by:
CrazyOne earned 500 total points
ID: 9758465
Did you try deleting it in safe mode?
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9758469
Use this free utility

Note when you open the program go to the menu View and make sure there is a check mark next to View DLL's if there isn't then click on it.

Process Explorer
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

just click each process one at a time and look at the bottom window note if that file is listed of the dll and if it is kill the process that had the files open.
0
 
LVL 97

Expert Comment

by:war1
ID: 9759080
Did you run HijackThis program and analysis the log file?
0
 

Author Comment

by:sambha03
ID: 9759785
CrazyOne : Thanks a lot!!!I cud delete it in  Safe mode ..it was loading with explorer process so when i wud kill the process the entire screen was going blank in regular boot. I have removed it now...will know in a while if those lousy pop ups are still there.....wish i cud sue these guys who harm n cause nuisnace to everyone....kepping fingers crossed that its all well now :-)
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9760576
My fingers are crossed :)
0
 

Author Comment

by:sambha03
ID: 9761707
Works fine...came back after full day and had left 1 IE window open..usualyy I wud expect to find atleast 20 pop ups open...but found not one :-) ....wish there was  an A++ to give :-)
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9761714
Glad we were able to assist you :)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question