• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       

72 posts in this topic

:) We have had 4 various customer PC's lose the .exe and .lnk file associations on their PC's recently. (actually, I am not sure that every shortcut on a users desktop is in fact a .lnk file type, but I THINK it is!) I have read 2 posts to this forum describing similiar problems, that were fortunately solved by running system restore. System restore has not been a successful fix for us in our situations.

 

On the most recently damaged system, I was looking at a Norton internet worm protection log file that indicates "c:\program files\lavasoft\ad-aware se plus\ad-watch.exe is trying to access \registry\machine\software\classes\exefile\shell\open\command". Norton gives a "reaction" of "unauthorized access stopped". However these were all logged immediately before the file associations were lost.

 

Is it possible that ad-aware could somehow be changing (or attempting to change) the registry settings for these file types? I realize Norton logged that the above attempts were blocked, but I would imagine it would only take one successful registry change to break the PC. If this is a known problem, is there any fix? I have searched the web and the Lavasoft web site and have not been able to find anything. Thanks in advance for any help.

Share this post


Link to post
Share on other sites

I am also experiencing this problem with a computer I am currently servicing. It was brought in with no executable files able to run, all icons were default Microsoft images, and the links did not work. I found that the registry was missing the .exe, .lnk, and .ico file associations (plus others). I was able to correct the file associations, but when Ad-Watch is turned on again - the registry is re-written with invalid data. This seems very similar to the W32/MyDoom.B Virus which also rewrote the registry and removed file associations. I did confirm that it was the Ad-Watch program that was changing these registry items.

Share this post


Link to post
Share on other sites

Hi

 

It looks like Ad-watch has remembered a certain registry setting and is returning to these settings after you have corrected them. Two steps we have to do:

 

1) Correct the registry values

2) Learn ad-watch to accept these new settings.

 

First download the appropriate registry file fixes from Doug Knox's web site at

 

http://www.dougknox.com/xp/file_assoc.htm

 

As a minimum download these and unzip them into a folder.

 

COM File Association Fix (Restore the default associations for COM files)

EXE File Association Fix (Restore default association for EXE files)

LNK (Shortcut) File Association Fix (Restores Default Shortcut Behavior)

 

 

Next start ad-watch, right click on the icon in the system tray, and select Ad-watch settings. Make sure the selection has a red cross against Automatic. If it is a green tick click on it to deselect automatic.

 

The hardest part is to restore the exe association. Follow the instructions at the top of DOug Knox's web site on how to start Regedit from within Task Manager. Follow these instructions exactly and Regedit should start.

 

Now inport the reg files you downloaded above in turn. In regedit select file then select import and browse to each reg file in turn. If prompted to confirm merge select yes to accept. Ad-watch will pop an alert for each merge as well. Ensure you accept the changes in ad-watch.

 

Once all the reg files have been merged the file associations should now work OK.

Share this post


Link to post
Share on other sites

Simple explanation -- "Lock executable file associations" is turned on and Ad-Watch is set to automatic.

 

Make sure the selection has a red cross against Automatic. If it is a green tick click on it to deselect automatic.

 

Indeed!

Share this post


Link to post
Share on other sites

Thanks Ad Astra I appreciate your reply. I am now very familiar with Doug Knox' website and have used his utilities to fix the last couple of failed PC's (the first two I re-installed XP, so I am very grateful to Doug!!)

 

I have read both your and Corrine's replies and while they are appreciated, they do not address the possible root of the problem. Is adwatch or adaware actually breaking these file associations and if so, how do I stop it from doing so?

 

We have been installing Ad-watch and Ad-Aware on all of our customer PC's for over a year now. This adds up to at least 50 machines. I really do not look forward to eventually running Doug Knox utilities on all of these machines. I would rather know how to stop it from happenning at all. Any help from the support groups or Lavasoft themselves would be greatly appreciated.

 

Hi

 

It looks like Ad-watch has remembered a certain registry setting and is returning to these settings after you have corrected them. Two steps we have to do:

 

1) Correct the registry values

2) Learn ad-watch to accept these new settings.

 

First download the appropriate registry file fixes from Doug Knox's web site at

 

http://www.dougknox.com/xp/file_assoc.htm

 

As a minimum download these and unzip them into a folder.

 

COM File Association Fix (Restore the default associations for COM files)

EXE File Association Fix (Restore default association for EXE files)

LNK (Shortcut) File Association Fix (Restores Default Shortcut Behavior)

Next start ad-watch, right click on the icon in the system tray, and select Ad-watch settings. Make sure the selection has a red cross against Automatic. If it is a green tick click on it to deselect automatic.

 

The hardest part is to restore the exe association. Follow the instructions at the top of DOug Knox's web site on how to start Regedit from within Task Manager. Follow these instructions exactly and Regedit should start.

 

Now inport the reg files you downloaded above in turn. In regedit select file then select import and browse to each reg file in turn. If prompted to confirm merge select yes to accept. Ad-watch will pop an alert for each merge as well. Ensure you accept the changes in ad-watch.

 

Once all the reg files have been merged the file associations should now work OK.

Share this post


Link to post
Share on other sites
Thanks Ad Astra I appreciate your reply. I am now very familiar with Doug Knox' website and have used his utilities to fix the last couple of failed PC's (the first two I re-installed XP, so I am very grateful to Doug!!)

 

I have read both your and Corrine's replies and while they are appreciated, they do not address the possible root of the problem. Is adwatch or adaware actually breaking these file associations and if so, how do I stop it from doing so?

 

We have been installing Ad-watch and Ad-Aware on all of our customer PC's for over a year now. This adds up to at least 50 machines. I really do not look forward to eventually running Doug Knox utilities on all of these machines. I would rather know how to stop it from happenning at all. Any help from the support groups or Lavasoft themselves would be greatly appreciated.

 

It would be down to Lavasoft to provide a definitive answer as to the cause. It cannot simply be that automatic is set to on in Ad-watch as by definition this would prevent registry changes not cause one like this to happen. Setting Ad-watch to manual would give users prompts and this would probably cause more issues than leaving Ad-watch on automatic. Do you use fast user switching on the PCs? I have not had an issue with Ad-watch personally but other IDS tools I have tried have really failed big time on my PC with fast user switching and have caused the same reg key values to be corrupted. It would be interesting to know if you do use this.

 

There is a new version of Ad-Aware under development (see the forums on Ad-Aware 2006) so Lavasoft R&D need to fix this problem in the next release.

Share this post


Link to post
Share on other sites

Again Ad Astra, I appreciate your reply. We do not use fast user switching. Most of our installs are single user on small networks. Hopefully, someone from Lavasoft will be willing to give me an answer. Thanks again!!

 

It would be down to Lavasoft to provide a definitive answer as to the cause. It cannot simply be that automatic is set to on in Ad-watch as by definition this would prevent registry changes not cause one like this to happen. Setting Ad-watch to manual would give users prompts and this would probably cause more issues than leaving Ad-watch on automatic. Do you use fast user switching on the PCs? I have not had an issue with Ad-watch personally but other IDS tools I have tried have really failed big time on my PC with fast user switching and have caused the same reg key values to be corrupted. It would be interesting to know if you do use this.

 

There is a new version of Ad-Aware under development (see the forums on Ad-Aware 2006) so Lavasoft R&D need to fix this problem in the next release.

Share this post


Link to post
Share on other sites
Hi

 

It looks like Ad-watch has remembered a certain registry setting and is returning to these settings after you have corrected them. Two steps we have to do:

 

1) Correct the registry values

2) Learn ad-watch to accept these new settings.

 

First download the appropriate registry file fixes from Doug Knox's web site at

 

http://www.dougknox.com/xp/file_assoc.htm

 

As a minimum download these and unzip them into a folder.

 

COM File Association Fix (Restore the default associations for COM files)

EXE File Association Fix (Restore default association for EXE files)

LNK (Shortcut) File Association Fix (Restores Default Shortcut Behavior)

Next start ad-watch, right click on the icon in the system tray, and select Ad-watch settings. Make sure the selection has a red cross against Automatic. If it is a green tick click on it to deselect automatic.

 

The hardest part is to restore the exe association. Follow the instructions at the top of DOug Knox's web site on how to start Regedit from within Task Manager. Follow these instructions exactly and Regedit should start.

 

Now inport the reg files you downloaded above in turn. In regedit select file then select import and browse to each reg file in turn. If prompted to confirm merge select yes to accept. Ad-watch will pop an alert for each merge as well. Ensure you accept the changes in ad-watch.

 

Once all the reg files have been merged the file associations should now work OK.

 

I have the same problem but the exe file association fix isn't opening...can anyone help me please?

Share this post


Link to post
Share on other sites
Hi

 

It looks like Ad-watch has remembered a certain registry setting and is returning to these settings after you have corrected them. Two steps we have to do:

 

1) Correct the registry values

2) Learn ad-watch to accept these new settings.

 

First download the appropriate registry file fixes from Doug Knox's web site at

 

http://www.dougknox.com/xp/file_assoc.htm

 

As a minimum download these and unzip them into a folder.

 

COM File Association Fix (Restore the default associations for COM files)

EXE File Association Fix (Restore default association for EXE files)

LNK (Shortcut) File Association Fix (Restores Default Shortcut Behavior)

Next start ad-watch, right click on the icon in the system tray, and select Ad-watch settings. Make sure the selection has a red cross against Automatic. If it is a green tick click on it to deselect automatic.

 

The hardest part is to restore the exe association. Follow the instructions at the top of DOug Knox's web site on how to start Regedit from within Task Manager. Follow these instructions exactly and Regedit should start.

 

Now inport the reg files you downloaded above in turn. In regedit select file then select import and browse to each reg file in turn. If prompted to confirm merge select yes to accept. Ad-watch will pop an alert for each merge as well. Ensure you accept the changes in ad-watch.

 

Once all the reg files have been merged the file associations should now work OK.

 

 

Ad Astra you are a genius! I have been trying to fix this problem for a week and your information had me up and running within 5 minutes!

 

I do have one other lingering issue, and thought you may know the fix to this as well. Since Ad Aware created the problem of the icons, etc. I have also had a message box pop-up before I get to the desktop which is filled with garbled characters on 1 line with the name of a dll file at the end. I am given an OK button at the bottom of the message box and, when I press this, I go into Windows (and now all the icons work!).

 

Anyway, what are your thoughts on this message box problem?

 

Again, thanks!

 

Mike

Share this post


Link to post
Share on other sites

Same problem here: one moment ad-watch (on automatic) reported a series of registry changes ... minutes later all desktop-icons turn into default windows ("i'm not associated with any program") type of icons and don't work anymore...

 

I fiddled with the PC a little in an attempt to resolve this. System restore did work, but as soon as ad-watch kicked in, all file associations were gone.

 

What i found is that when i right-clicked a program, the OPEN-command was replaced with "Bulk Rename". This is just one of the many utiltilies on my system and i'm sure on other systems OPEN, if absent, will be replaced by something else, but: why is the OPEN-command gone? This also prevents you from decendly opening up other tools like web-browsers and regedit as you're trying to combat this.

 

As others in this thread have stated: what still is unclear is what the cause is :unsure: . Is it ad-watch? Should i remove ad-watch? Or is ad-watch just unable to prevent some virus/worm or whatever from screwing up the system?

 

I am currently trying to solve this, going back to the latest restore point and will try to de-active automatic ad-watch mode in an attempt to prevent the registry-changes...

Share this post


Link to post
Share on other sites

Could somebody give me some advice, I may bein the smae boat as kimmy707 as when I download the fixes from Doug Knox's web site they wont run/Execute as the files are missing, I manage to get them up in notepad via WINrar so it all shows up in there but then when I extract them to my C: drive I double click the file and it can't find the file extension just like any other program. I can't evem open regedit.. Could somebody help me?

Share this post


Link to post
Share on other sites
Could somebody give me some advice, I may bein the smae boat as kimmy707 as when I download the fixes from Doug Knox's web site they wont run/Execute as the files are missing, I manage to get them up in notepad via WINrar so it all shows up in there but then when I extract them to my C: drive I double click the file and it can't find the file extension just like any other program. I can't evem open regedit.. Could somebody help me?

 

 

 

Go to safe mode (F8) with command prompt and type in: %systemroot%\system32\restore\rstrui.exe

 

That will give you the restore page and go back to when it worked.

 

Turn off adwatch AND allow all the new files to be put on from Microsoft as they are part of auto updates, more than likely.

Share this post


Link to post
Share on other sites

This is sorta the problem I had exect if I didnt fix it in a couple of seconds to minutes,the computer would lock up and booting into safe mode would be the only way to save it.

Share this post


Link to post
Share on other sites

Same problem here!!!

 

I did everything that was mentioned including restore. I disable automatic and run all the .exe .lnk and icon fixes succesfully. Then I reboot and this is my log as the system is starting up:

 

Ad-Watch Logfile, exported on 9/25/2006

Total number of events:58

===============================================

9/25/2006 5:28:50 AM - Definitions file SE1R124 19.09.2006 loaded successfully.

Build:SE1R124 19.09.2006

Total Signatures :66929

Target Families :983

Target Categories :6

CSI data Size :264112

 

File Size :2559852

 

===============================================

9/25/2006 5:28:50 AM - User preferences file loaded.

Ad-Watch preference file loaded.

Applying user settings

C:\Documents and Settings\Main\Application Data\Lavasoft\Ad-Aware\awsettings.awc

Initialization complete.

 

 

 

 

===============================================

9/25/2006 5:29:02 AM - Sites file loaded.

Sites file loaded successfully.

C:\Program Files\Lavasoft\Ad-Aware SE Plus\sites.txt

Total entries : 3223

 

 

 

 

 

===============================================

9/25/2006 5:29:10 AM - DefinitionFile SE1R124 19.09.2006 loaded successfully.

Build:SE1R124 19.09.2006

Total Signatures :66929

Target Families :983

Target Categories :6

Blocked Sites :3223

 

File Size :2559852

 

===============================================

9/25/2006 5:29:47 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:SOFTWARE\Classes\regfile\shell\open\command

Value:

Data:

New Data:regedit.exe "%1"

 

 

 

===============================================

9/25/2006 5:29:52 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Classes\.com

Value:

Data:

New Data:comfile

 

 

 

===============================================

9/25/2006 5:30:01 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Classes\.scr

Value:

Data:

New Data:scrfile

 

 

 

===============================================

9/25/2006 5:30:03 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Classes\.bat

Value:

Data:

New Data:batfile

 

 

 

===============================================

9/25/2006 5:30:13 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Classes\.pif

Value:

Data:

New Data:piffile

 

 

 

===============================================

9/25/2006 5:30:18 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Classes\.reg

Value:

Data:

New Data:regfile

 

 

 

===============================================

9/25/2006 5:30:21 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Classes\.exe

Value:

Data:

New Data:exefile

 

 

 

===============================================

9/25/2006 5:30:30 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value:PostBootReminder

Data:

New Data:{7849596a-48ea-486e-8937-a2a3009f31a9}

 

 

 

===============================================

9/25/2006 5:30:43 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Policies\System

Value:dontdisplaylastusername

Data:

New Data:0

 

 

 

===============================================

9/25/2006 5:30:53 AM - Registry modification detected

Root:HKEY_CURRENT_USER

Key:Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value:NoDriveTypeAutoRun

Data:

New Data:145

 

 

 

===============================================

9/25/2006 5:30:58 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value:NoCDBurning

Data:

New Data:0

 

 

 

===============================================

9/25/2006 5:31:01 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Value:AppInit_DLLs

Data:

New Data:

 

 

 

===============================================

9/25/2006 5:31:03 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\RunOnce

Value:*Restore

Data:C:\WINDOWS\system32\restore\rstrui.exe -i

New Data:

 

 

 

===============================================

9/25/2006 5:31:05 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:IgfxTray

Data:

New Data:C:\WINDOWS\system32\igfxtray.exe

 

 

 

===============================================

9/25/2006 5:31:10 AM - Registry modification detected

Root:HKEY_CURRENT_USER

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:Sonic RecordNow!

Data:

New Data:

 

 

 

===============================================

9/25/2006 5:31:13 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Internet Explorer\SearchUrl

Value:

Data:

New Data:http://home.microsoft.com/access/autosearch.asp?p=%s

 

 

 

===============================================

9/25/2006 5:31:23 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Internet Explorer\Search

Value:SearchAssistant

Data:

New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

 

===============================================

9/25/2006 5:31:25 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Internet Explorer\Main

Value:Default_Page_URL

Data:

New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

 

 

 

===============================================

9/25/2006 5:31:26 AM - Registry modification detected

Root:HKEY_CURRENT_USER

Key:Software\Microsoft\Internet Explorer\SearchUrl

Value:provider

Data:

New Data:MSN

 

 

 

===============================================

9/25/2006 5:31:28 AM - Registry modification detected

Root:HKEY_CURRENT_USER

Key:Software\Microsoft\Internet Explorer\Search

Value:SearchAssistant

Data:

New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

 

===============================================

9/25/2006 5:31:29 AM - Registry modification detected

Root:HKEY_CURRENT_USER

Key:Software\Microsoft\Internet Explorer\Main

Value:Local Page

Data:

New Data:C:\WINDOWS\system32\blank.htm

 

 

 

===============================================

9/25/2006 5:32:24 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Classes\.exe

Value:Content Type

Data:

New Data:application/x-msdownload

 

 

 

===============================================

9/25/2006 5:32:26 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value:CDBurn

Data:

New Data:{fbeb8a05-beee-4442-804e-409d6c4515e9}

 

 

 

===============================================

9/25/2006 5:32:28 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Policies\System

Value:legalnoticecaption

Data:

New Data:

 

 

 

===============================================

9/25/2006 5:32:30 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:HotKeysCmds

Data:

New Data:C:\WINDOWS\system32\hkcmd.exe

 

 

 

===============================================

9/25/2006 5:32:31 AM - Registry modification detected

Root:HKEY_CURRENT_USER

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:DellSupport

Data:

New Data:"C:\Program Files\Dell Support\DSAgnt.exe" /startup

 

 

 

===============================================

9/25/2006 5:32:33 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Internet Explorer\Search

Value:CustomizeSearch

Data:

New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

 

 

 

===============================================

9/25/2006 5:32:36 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Internet Explorer\Main

Value:Default_Search_URL

Data:

New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

 

 

 

===============================================

9/25/2006 5:32:37 AM - Registry modification detected

Root:HKEY_CURRENT_USER

Key:Software\Microsoft\Internet Explorer\SearchUrl

Value:

Data:

New Data:http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

 

 

 

===============================================

9/25/2006 5:32:38 AM - Registry modification detected

Root:HKEY_CURRENT_USER

Key:Software\Microsoft\Internet Explorer\Search

Value:CustomizeSearch

Data:

New Data:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

 

 

 

===============================================

9/25/2006 5:32:43 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Internet Explorer\Main

Value:Search Page

Data:

New Data:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

 

 

 

===============================================

9/25/2006 5:32:44 AM - Registry modification detected

Root:HKEY_CURRENT_USER

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:Yahoo! Pager

Data:

New Data:"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

 

 

 

===============================================

9/25/2006 5:32:45 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:IntelMeM

Data:

New Data:C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

 

 

 

===============================================

9/25/2006 5:32:46 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Policies\System

Value:legalnoticetext

Data:

New Data:

 

 

 

===============================================

9/25/2006 5:32:51 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value:WebCheck

Data:

New Data:{E6FB5E20-DE35-11CF-9C87-00AA005127ED}

 

 

 

===============================================

9/25/2006 5:32:52 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value:SysTray

Data:

New Data:{35CEC8A3-2BE6-11D2-8773-92E220524153}

 

 

 

===============================================

9/25/2006 5:32:57 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Policies\System

Value:shutdownwithoutlogon

Data:

New Data:1

 

 

 

===============================================

9/25/2006 5:32:58 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:dla

Data:

New Data:C:\WINDOWS\system32\dla\tfswctrl.exe

 

 

 

===============================================

9/25/2006 5:32:58 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Internet Explorer\Main

Value:Local Page

Data:

New Data:C:\WINDOWS\system32\blank.htm

 

 

 

===============================================

9/25/2006 5:33:02 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:DVDSentry

Data:

New Data:C:\WINDOWS\System32\DSentry.exe

 

 

 

===============================================

9/25/2006 5:33:03 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Policies\System

Value:undockwithoutlogon

Data:

New Data:1

 

 

 

===============================================

9/25/2006 5:33:04 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value:UPnPMonitor

Data:

New Data:{e57ce738-33e8-4c51-8354-bb4de9d215d1}

 

 

 

===============================================

9/25/2006 5:33:04 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:PCMService

Data:

New Data:"C:\Program Files\Dell\Media Experience\PCMService.exe"

 

 

 

===============================================

9/25/2006 5:33:05 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Internet Explorer\Main

Value:Start Page

Data:

New Data:http://www.msn.com/

 

 

 

===============================================

9/25/2006 5:33:06 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:QuickTime Task

Data:

New Data:"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

 

 

===============================================

9/25/2006 5:33:07 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:UpdateManager

Data:

New Data:"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

 

 

 

===============================================

9/25/2006 5:33:08 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:Symantec NetDriver Monitor

Data:

New Data:C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

 

 

 

===============================================

9/25/2006 5:33:08 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:ccApp

Data:

New Data:"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

 

 

 

===============================================

9/25/2006 5:33:09 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:HP Software Update

Data:

New Data:C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

 

 

===============================================

9/25/2006 5:33:10 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:Windows Defender

Data:

New Data:"C:\Program Files\Windows Defender\MSASCui.exe" -hide

 

 

 

===============================================

9/25/2006 5:33:11 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\Run

Value:TkBellExe

Data:

New Data:"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

 

 

===============================================

9/25/2006 5:33:11 AM - Registry modification detected

Root:HKEY_CURRENT_USER

Key:Software\Microsoft\Internet Explorer\Main

Value:Start Page

Data:

New Data:http://www.msn.com/

 

 

 

===============================================

9/25/2006 5:33:12 AM - Registry modification detected

Root:HKEY_CURRENT_USER

Key:Software\Microsoft\Internet Explorer\Main

Value:Search Page

Data:

New Data:http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

 

 

 

===============================================

9/25/2006 5:33:12 AM - Registry modification detected

Root:HKEY_CURRENT_USER

Key:Software\Microsoft\Internet Explorer\Main

Value:Default_Page_URL

Data:

New Data:http://www.dell4me.com/myway

 

 

===============================================

+++++++++++++++++++++++++++++++++++++++++++++++

===============================================

 

 

Here is my HIJACKTHIS log if it helps.

 

===============================================

+++++++++++++++++++++++++++++++++++++++++++++++

===============================================

Logfile of HijackThis v1.99.1

Scan saved at 4:50:25 AM, on 9/25/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\hijack_this\HijackThis.exe

C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe

C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll

O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c

O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?de36ca0a62e44339ef19551aaf7ef

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?de36ca0a62e44339ef19551aaf7ef

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2238C54A-F2E9-461D-9737-00C72E67BA41}: NameServer = 209.210.176.8,209.210.176.9

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

 

===============================================

+++++++++++++++++++++++++++++++++++++++++++++++

===============================================

 

 

I have followed the given instructions very carefully. I am computer literate. I can't seem to get rid of this problem!!!!

 

Any additional suggestions?

 

Cause of problem would be nice to know?

 

Is it in fact Adwatch that is re-writing these? If not can we detect what is changing these registries?

Share this post


Link to post
Share on other sites

Hi blinxpro,

 

I do not think Ad-Watch is changing anything - all it is doing, is alerting you to changes being made.

 

I will ask Ad Astra to have a look and see if he can answer your question (however, he has been absent from the board for a day or two, so I can't promise an immediate response).

 

Regards,

 

Spike

Share this post


Link to post
Share on other sites
Go to safe mode (F8) with command prompt and type in: %systemroot%\system32\restore\rstrui.exe

 

That will give you the restore page and go back to when it worked.

 

Turn off adwatch AND allow all the new files to be put on from Microsoft as they are part of auto updates, more than likely.

Thank you so much Capedad - this seems to be the only remedy for this malfunction in AdWatch. Any way it helped me. - It´s of course impossible to try and start "taskmanager.exe" or "regedit.exe" (as Dougknox advises) when this problem occures because the missing file extension associations (thanks to AdWatch) aren´t there to start any program at all. The only way to get around this is to follow the advice given by Capedad.

-

Why doesn´t anyone from the Lavasoft staff pay any interest or attention to this serious problem with their application - after all we payed them money for their product so I believe it´s their responsibility to make corrections.

-

Now I´ve removed AdAware from my computer and I won´t install it ever again until possibly the Lavasoft Company gives us information of how they solved the problem with AdAware/AdWatch.

Share this post


Link to post
Share on other sites
Hi blinxpro,

 

I do not think Ad-Watch is changing anything - all it is doing, is alerting you to changes being made.

 

I will ask Ad Astra to have a look and see if he can answer your question (however, he has been absent from the board for a day or two, so I can't promise an immediate response).

 

Regards,

 

Spike

How do you KNOW there´s not an AdWatch problem here? What you are doing it is guessing and that doesn´t help any of us experiencing these severe problems with the application AdAware. We all are waiting for Lavasoft Company to give us explanation of how their AdAware can behave as it apparently does.

-

I can believe (eg my personal guess is....) that the problems has something to do with Windows update and AdAware in combination. But it is really not my job to investigate this. It is the responsibility of the company Lavasoft and its support personel. And in the mean time I´ve removed the AdAware and AdWatch from my computer. I don´t want to crash my computer anymore because of malfunctioning application such as AdWatch.

Share this post


Link to post
Share on other sites

I am having the same problem with the computers that I repair. I can fix the actual exe problem. However, when the computers first boot up there is a pop up screen that displayes a weird character, the boot will not continue until you hit enter, and also no system tray icons will show. Does anyone have a fix for this? thanks in advance

Share this post


Link to post
Share on other sites
Hi

 

It looks like Ad-watch has remembered a certain registry setting and is returning to these settings after you have corrected them. Two steps we have to do:

 

1) Correct the registry values

2) Learn ad-watch to accept these new settings.

 

Thanks for this, I had this problem and it is now sorted. Thanks again

Share this post


Link to post
Share on other sites

Hi blinxpro,

 

Did you do a System Restore, just before all those alerts came up from Ad-Watch?

 

This item shows system restore turning its self off:

 

9/25/2006 5:31:03 AM - Registry modification detected

Root:HKEY_LOCAL_MACHINE

Key:Software\Microsoft\Windows\CurrentVersion\RunOnce

Value:*Restore

Data:C:\WINDOWS\system32\restore\rstrui.exe -i

New Data:

 

Once you re-booted (which you will have done by now), did you accept the new values after the Restore? If so,the Ad-Watch alerts should no longer be appearing.

 

Regards,

 

Spike

Share this post


Link to post
Share on other sites

majos,

Ad-Watch is a real-time monitor which looks for changes to your system, particularly the registry. If it is set to "Automatic", it will automatically block all changes - not much help if you are trying to install/upgrade a program, for example.

 

If it is set to Active, then it pops up an alert to the registry change being made. If you have just installed/removed a program, done a System Restore etc, it will ask you if you want to accept the changes - if you initiated them, then of course you should accept them (but always look at what the alert says, as a precaution).

 

It can not act on it's own - it simply is not designed that way and never has been.

 

If you have not personally changed anything on your system and an alert comes up, look very closely at what the alert says, as it could be a sign of malware/spyware trying to insert itself into your OS.

 

If that is the case, start your own topic in the HijackThis section, with both Ad-Aware and HijackThis logs. Given a little time, an expert log-reader will come and analyse your particular problem. Occasionally it is something as simple as a conflict with another program, but we usually hear about those situations very quickly from a lot of users (there are over 200 million Ad-Aware users worldwide) and from posts in other forums.

 

If you have a problem, as I said earlier, start your own topic, with the required logs (if your system will allow you to run the programs) and state exactly what your own problem is in detail (not something generic like "Same as his").

 

Then we can try and help you in your own thread.

 

Regards,

 

Spike

Share this post


Link to post
Share on other sites

Also if you are trying to restore your file associations and/or system restore, turn off *Automatic* and make sure that you have unblocked the settings in *Blocking Options* to lock executable file associations.

 

See Corrine's post here:

http://www.lavasoftsupport.com/index.php?s...post&p=3133

 

When you have those blocks turned on - it will block any changes, even the good ones you are trying to make.post-65-1159894046.gif

Share this post


Link to post
Share on other sites

I posted this same problem earlier but need help since I haven't heard anything on that post and my system is useless thanks to Lavasoft .

 

Why does Lavasoft direct me to someone's website (doug knox?)?

 

It's your software that is causing my computer problems. I can't log on to Explorer, I can't operate any programs, and I can't even get into safe mode.

Then there is all this log files and crap. I'm not that friggen talented to figure out registry edits and all this other BS.

 

What the f is up and what is the fix...should lavasoft have a patch for their own gd software. This is seriously pissing me off.

Share this post


Link to post
Share on other sites

pucknuts,

since I haven't heard anything on that post
Why does Lavasoft direct me to someone's website (doug knox?)?

Since you have seen my reply, with a link to the Doug Knox site, from where you can restore your missing links, then you "have heard something on that post".

 

You were directed there, in an attempt to fix your situation. You must have access to a pc to post here, so you can get to the Doug Knox site for the suggested remedy.

 

Please note that all but one of the responders here are volunteers - including myself.

 

Whether or not you choose to use the advice given to you, is entirely up to you.

 

Spike

Share this post


Link to post
Share on other sites

Volunteer? I appreciate the response then.... I didn't know that since this is a Lavasoft support.

 

However, it is the software that caused this problem and I am not happy at all about this. I purchased this software to protect my system not to have it be the main issue that's wreaking havoc.

I am not computer savvy and trying to work these issues is more than frustrating.

 

and I have been looking on line and posting questions about this problem and continue to hear about this other Doug website with the fix for Lavasoft's error, not just here.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0