• 0
Sign in to follow this  
dlawrencehome

Remove Lavasofttcpservice.exe

Question

I run a number of servers and one in particular had an issue that i installed ad aware to help resolve. The issue was resolved ultimately by a driver update and I removed lavasoft.

Or so I thought.

 

My server has crashed every 5 minutes for 2 weeks and Lavasofttcpservice.exe is the culprit.

 

I have unsintalled the web companion and the anti virus via Programs and Features

I then ran Revo Force Uninstaller to clean up everything else

After continued crashes I went through the registry and deleted the remaining registry keys in services

 

Crashing continues, Dmp files continue to indicate lavasofttcpservice.exe is in the memory.

 

Im about 2 seoncds from formatting the whole thing just to get rid of your software! Tell me where it could be hiding!

Share this post


Link to post
Share on other sites

10 answers to this question

Recommended Posts

  • 0

If you have any problems with Lavasofttcpservice.exe after uninstallation of Web Companion, please follow http://www.lavasoftsupport.com/index.php?/topic/34376-solution-for-lavasofttcpservice-problem-after-uninstallation/and if that doesn't solve the problem, please start a new topic here: http://www.lavasoftsupport.com/index.php?/forum/191-ad-aware-web-companion/

  • Like 1

Share this post


Link to post
Share on other sites
  • 0

Hi dlawrencehome,

I think it's best to use FRST to show all processes, drivers and services in the computer to know what's going on.

Please, download Farbar Recovery Scan Tool (FRST) and save it on the desktop:
For 64 bits Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe
For 32 bits Windows: http://download.bleepingcomputer.com/farbar/FRST.exe

Start the FRST program.

Read the disclaimer and click Yes to accept it.
Click Scan button.
When done, FRST will create two log files, called FRST.txt and Addition.txt, on the desktop.

Please, attach the two files to your reply (press More Reply Options button to see how to attach files).

Share this post


Link to post
Share on other sites
  • 0

1. Please, create a system restore point that you can restore to, if you lose internet connection or get another issue after the fix with FRST.

 

 

2. Please, start Notepad.

Copy all text that is in the box:

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [303728] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [303728] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [303728] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [303728] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [303728] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [346976] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [346976] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [346976] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [346976] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [346976] (Lavasoft Limited)
2015-01-07 18:52 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\Lavasoft
2015-01-07 18:49 - 2015-01-07 18:58 - 00000000 ____D () C:\ProgramData\Lavasoft
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

Restart the computer.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

Share this post


Link to post
Share on other sites
  • 0
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-01-2015

Ran by Sharon at 2015-01-11 00:17:33 Run:1

Running from C:\Users\Sharon\Downloads

Loaded Profile: Sharon (Available profiles: Sharon)

Boot Mode: Normal

==============================================


Content of fixlist:

*****************

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [303728] (Lavasoft Limited)

Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [303728] (Lavasoft Limited)

Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [303728] (Lavasoft Limited)

Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [303728] (Lavasoft Limited)

Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [303728] (Lavasoft Limited)

Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [346976] (Lavasoft Limited)

Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [346976] (Lavasoft Limited)

Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [346976] (Lavasoft Limited)

Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [346976] (Lavasoft Limited)

Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [346976] (Lavasoft Limited)

2015-01-07 18:52 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\Lavasoft

2015-01-07 18:49 - 2015-01-07 18:58 - 00000000 ____D () C:\ProgramData\Lavasoft

*****************


Winsock: Catalog entry 000000000001 => Deleted successfully.

Winsock: Catalog entry 000000000002 => Deleted successfully.

Winsock: Catalog entry 000000000003 => Deleted successfully.

Winsock: Catalog entry 000000000004 => Deleted successfully.

Winsock: Catalog entry 000000000016 => Deleted successfully.

Winsock: Catalog entry 000000000001 => Deleted successfully.

Winsock: Catalog entry 000000000002 => Deleted successfully.

Winsock: Catalog entry 000000000003 => Deleted successfully.

Winsock: Catalog entry 000000000004 => Deleted successfully.

Winsock: Catalog entry 000000000016 => Deleted successfully.

C:\Users\Sharon\AppData\Roaming\Lavasoft => Moved successfully.

C:\ProgramData\Lavasoft => Moved successfully.


==== End of Fixlog 00:17:35 ====

Share this post


Link to post
Share on other sites
  • 0

Please, scan with FRST again and attach the new FRST.txt.

Share this post


Link to post
Share on other sites
  • 0

Hi jeffrayrobles,

1. There are signs of malware or adware in the computer. Do you want that I investigate that?


2. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1280112553-3755736893-347646853-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-16] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-16] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-16] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-16] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-16] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-16] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-16] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-16] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-16] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-16] (Lavasoft Limited)
C:\Windows\system32\LavasoftTcpService64.dll
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
Reboot:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.


3. For your safety, I recommend that you uninstall:
Java 7 Update 60 (64-bit)
Java SE Development Kit 7 Update 60
Since those are old versions with known vulnerabilities that can be exploited by a web page to infect the computer. Most people don't need to have Java installed, but if you must it's very important to always have the latest version.
RegCure Pro isn't a recommended program.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this