adobelmsvc.exe, Photoshop, and ~e5d141.tmp

Discussion in 'ProcessGuard' started by LuckMan212, Nov 21, 2004.

Thread Status:
Not open for further replies.
  1. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
    Well the folks at Adobe have really outdone themselves this time. I saw some mention of this dastardly trio before but I only recently got a real licensed copy of Photoshop from my office to see for myself. After activating and launching the app, I am presented with 2 PG3 alerts, that something called "~e5d141.tmp" wants to run out of my Local Settings\Temp folder, after the initial Photoshop splash screen. If I allow this, then shortly thereafter, the "adobelmsvc.exe" tries in rapid succession to install a series of randomly-generated services (I have captured screenshots of 2 of them below)

    first, this appears when launching:
    http://solvent-llc.com/files/adobelm.png

    then, this one pops up after quitting Photoshop:
    http://solvent-llc.com/files/adobelm2.png

    I suppose no harm is being done here, PG seems to block the driver installs with no ill effect, but I am wondering if there is any way to get these two to co-operate a bit more peacefully. Any way to muffle the screams of these adobe "trojans" so they stop trying to do this each time I need to retouch a photo, etc? I have permanently added "~e5d141.tmp" to the "Permit Always" group but I would rather not have temp files in that list as it seems that might be some sort of security risk.

    Any thoughts or comments are appreciated...
     
  2. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    Welcome to the thoroughly annoyed Photoshop CS fan club!

    There really isn't much we can do about this overboard copy protection in the CS version. You have to allow the stupid .tmp file to run or Photoshop won't launch but thankfully you can block those pesky service installations without any ill effect.

    Notice how it tries to install one last one after Photoshop closes right before adobelmsvc.exe turns itself off? It keeps trying right until the very last!

    The only thing I can think of is emailing Adobe and letting them know how very overboard this is. Activation/Copy Protection in software doesn't have to be so aggressive to function.

    PS: I have balloons globally disabled in XP so all I see is PG3 flashing red in the task tray, so it's not so annoying. You can still seee what's up and open PG3 to see the alert, but I absolutely hate those balloons pop ups.
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
  4. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
    Thanks Rick, glad to see I'm not the only one. Hey I've got an idea for Adobe, they they can call the next version: Photoshop "C.S.I. Edition" in honor of the TV series. They could ship it with a special mysterious USB dongle containing a wedge of C4 explosive, triggered to explode via the 5V current from the USB if the user even has a fleeting thought of trying to bypass the activation process ... it would make for an exciting drama!! :blink:
     
  5. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    Don't give them any ideas! I can see the next version wiping out your master boot record and corrupting your HD if you don't activate within a 30 second count down!

    Actually I refuse to upgrade Dreamweaver for this very reason. I say it's time to make a statement with our wallets. I'm personally waiting to see if this type of activation (actually it's the copy protection portion that's worse) becomes mainstream or sends customers looking elsewhere - I know I will.

    Considering how much money I've invested in upgrades to Macromedia and Adobe for years now, I'll be happy to stop the upgrade madness for several versions to see if they back off on this or at least make their protection less obtrusive. I don't mind activation, but processes that stuff your PC with phoney services and write to places on your HD that weren't meant to be abused this way is going too far.

    Kudos to PG3 for being able to stop part of it. And thanks Paranoid2000 for the interesting links.
     
  6. Gat

    Gat Guest

    The worst thing about it is it doesn't protect from piracy anyway as I have come across it with pirate versions of photoshop.
     
  7. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    So it's only really annoying legitimate users? :rolleyes:
     
  8. ericolsen

    ericolsen Guest

    Can I join the club?

    every time I put in or take out a pci card I have to activate again :(
    It also happens if I make recovery to earlier date.

    ericolsen
     
  9. earth1

    earth1 Registered Member

    Joined:
    Oct 17, 2004
    Posts:
    177
    Location:
    Kansas, USA
    You might want to forward a link to this thread to Photoshop forums and support desk. Maybe even warn Acrobat users that they could be next. Rock the vote a bit. I'm sure glad I didn't bust my budget to pay for this kind of abuse and potential treachery.
     
  10. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    Actually I did note some interesting similarities in the approach that the new Acrobat Reader 7 uses.

    When you launch Reader 7, it loads a secondary program called acrord32info.exe in the background, while acrord32.exe, the actual program itself is running. I have set permissions for acrord32info.exe to deny always. It doesn't affect the ability to launch and view PDFs in the program itself. I do not know what this secondary hidden in the background executable does, and I do not really care since it can't execute on my system with ProcessGuard and denying it's launch doesn't interfere with the programs ability to function so far as I can tell.

    They did really speed things up with version 7 of Reader, so it's a worthwhile upgrade. Of course the startup icon it tossed into my Start Up folder got tossed into the recycle bin. And I use a trick I learned to remove everything in the plug_ins folder except the search.api to really speed up launching. I noticed Adobe included an "optional" folder with a readme to put unwanted plugins in there, so they must be aware people are doing this.

    But you have to be careful with version 7, if you play with it too much, it is autorepairing and it will reinstall itself and put it all back!

    And with as many bots that crawl/index the web, some that specifically look for statements about their clients, I'm quite sure Adobe has already read this. :p
     
  11. jcsammy68

    jcsammy68 Registered Member

    Joined:
    Mar 8, 2005
    Posts:
    1
  12. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    Hmm I have Photoshop CS and plan on getting PG soon, so I am bound to run into this same issue. Are these drivers it is trying to install a bad thing? Should I have PG block them or does PS need then to run correctly? I just want to be ready and know what I should have PG do so it does not annoy me constantly but also allows PS to run correctly. Maybe if I just run Photoshop while PG is in learning mode?
     
  13. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    Matt_Smi,

    I personally do not know what the intent of these service installations are. They may be non-functional markers or actual snoopy little protection apps. I don't know and that's the problem. Blocking their installation does not interfere with the legal activation process or the ability of Photoshop CS to stay legally activated or run. You can certainly give the adobelmsvc.exe process the right it wants to install these random services if you desire.

    The only reason I block them and object to them is that they are purposely misleading. I started noticing random name services being installed on my system and assumed I was compromised. Looking at their registry entries, they have intentionally misleading description values like "boot bus extender" sometimes something that looks like a "videocodec". They can only be deleted by changing the permission of the registry entry, so they won't just delete if you tell them to. Plus they started accumulating as adobelmsvc.exe abandoned them and created new ones over time.

    When I open my services console to see what's running, what's been added, what's legit and what's harmful, I do not want a bunch of misleading abandoned entries with deceptive registry values to weed through. But that's just me.

    It's your choice on how to handle them... it is YOUR desktop after all. Something I think Adobe is forgetting.
     
  14. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    I hear you about having more to check and go though to make sure there is nothing bad on your system. If PS will run fine without them I will probably just block them from installing. I wonder if just disabling the adobelmsvc service would prevent this from happining while still letting the program run.
     
  15. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    Photoshop will not launch completely and ask to be reinstalled if this service is prevented from launching.

    It'll try to load 5-7 different randomly named services at first launch of photoshop, then stop and leave you in peace, but it'll try a couple times more after you quit Photoshop.

    Then it unloads itself after a couple minutes. So it's only running while Photoshop is running. It's not on all the time.

    I personally never tried terminating adobelmsvc.exe after CS itself if up and running. I figure as long as it's corralled and getting it's hands slapped from messing with my registry, I'm happy. :)
     
  16. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
  17. Hexaguano

    Hexaguano Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    100
    Another "benefit" of these randomly named services that get installed by PS CS...

    Try this in WinXP:

    Open "Help and Support"
    then "Use Tools to view your computer information and diagnose problems"
    Select "Advanced System Information" in the left pane
    Select "View Running Services"

    At this point, my machine would "hang" showing "100% (Collecting Services information)" with an error indicating unable to find the install file. No running services would ever be displayed.

    After removing the random service (I used Hijackthis!), the above would again work properly. Process Guard has been blocking these service installations since with no ill effects to date.

    Anyone else have this issue? Granted, it is probably a seldomly encountered bug, yet...
     
  18. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    Not the same exact thing but I did encounter a similar type issue with these allowing these "service" installations and viewing them.

    I hadn't figured out what these things were yet and whether I should remove them or not. My firewall popped up everytime PS CS was launched that PS wanted to make a DNS request with them installed. I always blocked them since PS CS was activated and working fine. Once I noticed and figured out how to remove these anonymous services, PS CS no longer asked for DNS connections when executed unless it needed to be reactivated, like when I restore my partition, when I temporarily allow it to DNS and make an activation connection. Photoshop seemed a little "chatty" with these "services" installed. I didn't think anything of it, because heck, I remember back in the days when Adobe Pagemaker for Mac broadcast it's serial number over Appletalk to prevent duplicate copies of itself from running on the same network.

    At this point I did suspect it was PS CS though so I would open the services console to check for new services appearing after the launch of PS CS. The Services console would appear, but the Description column for ALL SERVICES would be blank, so you couldn't sort for new services without a description, like the phoney PS CS ones. The descriptions would not appear for other services until rebooted, but it didn't out right crash - just no service descriptions for anything.

    I was trialing the unregistered version of PG then. Verifying the source of the service installations was one of my primary reasons for purchasing and registering PG.

    Adobelmsvc.exe was busted and "handcuffed" with limited rights within minutes of purchasing and registering PG. :)

    Since not allowing these services to get installed, I never encounterd this missing description column issue again in the Services console and Photoshop never tries to make DNS requests on every launch, only when it requires reactivation.

    I never thought of using Hijackthis to remove these things - kind of a creepy thought. I had to change permissions on the entry to manually delete them with regedit.

    If it all wasn't so sneaky, suspicious and undocumented I probably wouldn't care. So thank Adobe for causing me to purchase and register PG. If legit products I spend volumes on are doing this sort of thing, imagine what the outside nasty ones trying to get in are doing!
     
  19. Hexaguano

    Hexaguano Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    100
    Chasing down these random services and preventing their installation was the main driver for initially purchasing PG for me as well. In a way I'm glad, PG has been a very welcome addition!

    Under the circumstances, I think the use of HighjackThis! was a fitting way to remove these "services" provided by Adobe, ;^}.
     
  20. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    Touche! If copy protection is going to start lurking around in the background and acting like trojans...

    it's going to get treated like one.
     
  21. matholomew

    matholomew Guest

    um, i dont have either photoshop or adobelmsvc.exe, yet i found this running on my comp. at the same time, my computer was running very slowly, icons, title bars, and the like were becoming garbled, and everything was screwed up. i restarted and everthing worked, and it was not running. i searched for it and found it in the local settings folder. another site said it was noticed with fs2004 which i was using at the time of the "attack".
     
  22. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    The .tmp file mentioned is actually made by Macrovision as part of it's Safecast copy protection mechanism. If you have this temp file, it simply means you have another application or game that uses Macrovision's copy protection. You mentioned fs2004?

    If you want to find the app that uses it delete the entry to ~e5d141.tmp in the Security section of PG or right click on it there and change it to permit once and launch fs2004, if it prompts to allow ~e5d141.tmp during launch, click allow, but don't check the always do this button. Launch other games, apps etc and see if you get prompted to allow ~e5d141.tmp.

    As far as the screen garbling, slowdowns, etc., while running fs2004 (MS Flight Simulator?) it could be the game itself. Maybe a video driver conflict, it really could be anything. It is after all a Microsoft product. ;)
     
  23. Photoshop

    Photoshop Guest

  24. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    It can still be viewed, thanks to the Wayback Machine: Photoshop CS Failure & Fix
     
  25. noob

    noob Guest

    i get like two processes called adobelm_cleanup.0001
    i dont know but my copy of ps cs2 part of the creative suite cs2, turns the color to 8bit which makes the screen look like crap.
    does anyone know how to fix this its annoying ...
     
Thread Status:
Not open for further replies.