Probassfishing-dm.exe cannot be removed

By herringt
Jul 5, 2005
Topic Status:
Not open for further replies.
  1. I've tried deleting this in safemode and it still says there is a process running it. My hijack log is attached.
  2. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

  3. herringt

    herringt Newcomer, in training Topic Starter

    This is not what I have or it's under a different name because I can't find this process or registry keys anywhere
  4. IronDuke

    IronDuke Newcomer, in training Posts: 1,267

    Give Trend a chance to find it for you.
  5. herringt

    herringt Newcomer, in training Topic Starter

    Can't get trend to work for me
  6. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Let's try it the 'hard' way:

    Boot in Safe Mode.
    Switch System restore OFF, see how here.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    LTMSG.exe
    msnmsgr.exe
    run.exe
    updmgr.exe
    wupdater.exe
    sysupd.exe
    tpjhcc.exe

    Next, try to UNinstall anything to do with (not delete yet!):
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common files\updmgr\updmgr.exe
    C:\Program Files\Common files\updater\wupdater.exe

    Next, click Start/Run and type services.msc and click OK. Look for the service:
    run.exe (could be there twice!)
    Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    ...................................................................................................
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - blank (file missing)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
    O4 - HKLM\..\Run: [LSA] run.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <<== only FIX
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [aosdmnki] C:\WINDOWS\System32\tpjhcc.exe
    O4 - HKLM\..\RunServices: [LSA] run.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LSA] run.exe
    O4 - HKCU\..\Run: [PRIVANAL] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunServices: [LSA] run.exe
    O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?

    Fix ALL those O16 - DPF: entries
    Unless thes IPs are from your ISP, fix this O17:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D664147A-525D-4605-B6D4-2A4EC3575F0B}: NameServer = 216.166.216.20,64.40.72.21
    ...................................................................................................
    Now click on the Fix Checked button in HJT.

    When done, from between the dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal. When all OK, switch System Restore back on.

    ONLY after you have done the above, to delete that fish-program,
    try DrDelete from http://www.dslreports.com/forum/rem...sware~mode=flat

    or KillBox from http://www.bleepingcomputer.com/files/killbox.php
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.