• 0
Sign in to follow this  
Joy128

Please help

Question

Hi,

I wound up downloading the lavasoft accidentally actually it came with Samsung Smart Switch app that I was trying to get that I got off of Qik downloads.. once I realized I did not intentionally download this software I try to uninstall it all of a sudden after I clicked uninstall a pop-up window came with two boxes and it asked me to check the boxes I don't remember verbatim something to the effect of do you want everything to stay the same as it was before you download it or something like that I click those boxes because it actually gave a tip and it's suggested that I check those boxes off once I did that everything got un installed however there was a whole row of icons and documents that disappeared from my desktop now this is super weird and I'm freaking out I've been doing so many things trying to retrieve these honestly I shouldn't even have to go through this I don't understand what happened please help me tell me where my files are how can I get my files and documents back please thank you

Share this post


Link to post
Share on other sites

11 answers to this question

Recommended Posts

  • 0

Hi,

I wound up downloading the lavasoft accidentally actually it came with Samsung Smart Switch app that I was trying to get that I got off of Qik downloads.. once I realized I did not intentionally download this software I try to uninstall it all of a sudden after I clicked uninstall a pop-up window came with two boxes and it asked me to check the boxes I don't remember verbatim something to the effect of do you want everything to stay the same as it was before you download it or something like that I click those boxes because it actually gave a tip and it's suggested that I check those boxes off once I did that everything got un installed however there was a whole row of icons and documents that disappeared from my desktop now this is super weird and I'm freaking out I've been doing so many things trying to retrieve these honestly I shouldn't even have to go through this I don't understand what happened please help me tell me where my files are how can I get my files and documents back please thank you

 

Hi Joy128,

 

Was it Web Companion from Lavasoft that was installed?

You can read about that program here: http://www.webcompanion.com/

I wonder since I haven't heard that the antivirusprogram is installed by other programs.

 

But neither of the programs should remove any files from the desktop.

Have you tried to search for the files?

Have you configured Windows Explorer to show hidden files?

 

Let us see if there are any left-overs of the program or any other traces of what program you had, please download Farbar Recovery Scan Tool (FRST) and save it on the desktop:

For 64 bits Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe

For 32 bits Windows: http://download.bleepingcomputer.com/farbar/FRST.exe

 

Start the FRST program.

 

Read the disclaimer and click Yes to accept it.

Click Scan button.

When done, FRST will create two log files, called FRST.txt and Addition.txt, on the desktop.

 

Please, attach them to your reply (press More Reply Options button to see how to attach files).

Share this post


Link to post
Share on other sites
  • 0

hi thanks for your reply Cecilia! i attached like you asked. I already ran this so i had it handy , it was through these logs and others (below) that i actually even realized it was "lavasofttcpservice because it installed so quickly and there were so many i coundnt keep track until i saw all these logs..

 

 

11/08/16 00:33:46, Redirector started (V2.3.4.7)
11/08/16 00:33:46, Licensed to: Lavasoft
11/08/16 00:33:46, Path and params: "C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe"
11/08/16 00:33:46, Current directory is: C:\Windows\system32
11/08/16 00:33:46, Time since boot: -1706765052
11/08/16 00:33:46, PID: 4192
11/08/16 00:33:46, String library passed MT test
11/08/16 00:33:46, OS: Windows 7
11/08/16 00:33:46, UAC is elevated, this is good
11/08/16 00:33:46, Configured to run as a service
11/08/16 00:33:46, Before run
11/08/16 00:43:02, After run

 

and

 

 

11/08/16 00:33:46, LavasoftTcpService.exe started (V2.3.4.7)
11/08/16 00:33:46, Time since boot: -1706764974
11/08/16 00:33:46, OS: Windows 7
11/08/16 00:33:46, Going to load data
11/08/16 00:33:46, Going to save data, caller is: First save
11/08/16 00:33:46, Flag: dlltoload with value:
11/08/16 00:33:46, Data saved successfuly
11/08/16 00:33:46 ** Error **, Failed to load data with error: CDataManager::Load - Failed to open file: C:\Windows\system32\LavasoftTcpService.ini with error: 2
11/08/16 00:33:46, No DLL set to be loaded, will init COM
11/08/16 00:33:46, Trying to start UDP channel
11/08/16 00:33:46, Starting relay on port: 12344
11/08/16 00:33:46, Relay started successfuly
11/08/16 00:33:46, Started as a service
11/08/16 00:33:46, Started main message loop
11/08/16 00:33:46 ** Error **, CWFP::SetPID - Failed to open file: 2
11/08/16 00:33:46 ** Error **, Failed to set PID for WFP: CWFP::SetPID - Failed to open file: 2
11/08/16 00:33:46, KeepAlive thread in standby
11/08/16 00:37:18, Going to clear data (user called method)
11/08/16 00:37:18, Clearing data
11/08/16 00:37:18, Going to get table (user called method)
11/08/16 00:37:18, Going to commit data table (user called method)
11/08/16 00:37:18, Going to get table (user called method)
11/08/16 00:37:18, Going to commit data table (user called method)
11/08/16 00:37:18, Going to get table (user called method)
11/08/16 00:37:18, Going to commit data table (user called method)
11/08/16 00:42:59, Starting shutdown process
11/08/16 00:42:59 ** Error **, CWFP::SetPID - Failed to open file: 2
11/08/16 00:42:59 ** Error **, Failed to set PID on shutdown for WFP: CWFP::SetPID - Failed to open file: 2
11/08/16 00:43:02, Clearing sockets
11/08/16 00:43:02, Sockets cleared
11/08/16 00:43:02, Shutting down SSL and relay
11/08/16 00:43:02, Shutting down Async winsock
11/08/16 00:43:02, Shutting down Winsock
11/08/16 00:43:02, Winsock cleared
11/08/16 00:43:02, Clearing extensions
11/08/16 00:43:02, Shutting down execution threads
11/08/16 00:43:02, Shutting down execution threads (stats)
11/08/16 00:43:02, Shutting down execution threads (saving stats)
11/08/16 00:43:02, LavasoftTcpService.exe by went down (V2.3.4.7)

 

 

 

 

also this is a btw question but why does it show 5 users when theres only supposed to be 3?

 

thanks so much!

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites
  • 0

You're welcome Joy128 :)

 

Since it's about Web Companion I've moved this topic to that forum.

 

Have you tried to do a system restore point to the point called "Installed Samsung Kies3" (created before the installation of Kies)?

 

Have you tried to search for the lost files?

Have you configured Windows Explorer to show hidden files?

Did Recuva find any of the lost files?

 

When you uninstall Web Companion, you're asked if you want to keep the start page and search engines in the browsers or if you want to restore them to the ones used before installing Web Companion.

 

These folders and files are located on the desktop of user "Pro tools" according to the logs:

2016-11-13 01:29 - 2016-11-13 01:29 - 00002386 _____ C:\Users\Pro tools\Desktop\CheckResults.txt
2016-11-08 01:41 - 2015-03-26 23:52 - 00000000 ____D C:\Users\Pro tools\Desktop\misc

2016-11-08 01:37 - 2015-01-16 23:53 - 00000000 ____D C:\Users\Pro tools\Desktop\PIXX
2016-11-08 01:36 - 2015-01-17 02:03 - 00000000 ____D C:\Users\Pro tools\Desktop\Baby
2016-11-08 01:28 - 2015-10-06 19:34 - 00000000 ____D C:\Users\Pro tools\Desktop\samsung and Harmon Kardon backup
2016-11-08 01:28 - 2013-12-05 02:37 - 00000000 ____D C:\Users\Pro tools\Desktop\resumes

 

Can you see them?

 

 

Administrator and Guest are built-in accounts and in your computer they are disabled.

 

 

Since this is a security-oriented forum, you get a list of things to take care of when the main problem is solved.

 

Why isn't an antivirusprogram with real-time protection installed?

If McAfee VirusScan Enterprise has real-time protection, it hasn't registered correctly with Windows and should be reinstalled. It seems to be very old (from 2008) and cannot protect the computer from the threats of today.

 

Java 7 Update 51

That's is an old version with many known vulnerabilities that can be exploited by a web page to infect the computer. If you need Java (few persons do), it's important to always have the latest version (version 8 and update is over 100).

 

QuickTime 7

Since Quicktime is no longer supported by Apple and might also be exploited to infect the computer. https://support.apple.com/kb/DL837?viewlocale=en_US

 

Itibiti RTC

Have you installed it yourself?

It sometimes is installed when you install other programs.

https://www.slimwareutilities.com/community/info.php?id=235057&type=software only read, don't click on anything on that page

 

Search Toolbar

That's adware. Do you want me to help you remove it?

 

You should have UAC (User Access Control) set to recommended level to be able to block some unwanted installations.

Share this post


Link to post
Share on other sites
  • 0

Hi thanks so much for your reply so I don't know exactly how to do a system restore I read how to do it but I'm scared that I will lose stuff if I Dont do it properly. Not sure if I configured Windows Explorer probably not also I believe I did try recuva if it's in my notes I don't remember I tried so many different things it's been a couple of days pardon the delay. I can see those files on my desktop and I'm not sure what the missing files are as it was just a whole row of stuff including icons programs and files that was taken off the desktop. I did have Malwarebytes and all of a sudden it just stopped working I'm actually corresponding with their customer service via email and they asked me to delete certain things from my temp folder I don't want to do this just yet because I believe that the files that I'm missing might actually be in the temp folder so I want to First deal with you guys to recover and then do as they ask. I definitely don't need the Java and the rest of those programs that you said might be suspect I can definitely get those removed need be... most importantly I just want to recover the files that are missing a lot of them are not necessarily programs but folders with my personal stuff please help thank you

Share this post


Link to post
Share on other sites
  • 0

These are the things malwarebites customer support wants me to delete

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

start

C:\Users\JOY\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_vvijb.dll

C:\Users\JOY\AppData\Local\Temp\ffmpeg15.exe

C:\Users\JOY\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\JOY\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe

C:\Users\JOY\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

C:\Users\JOY\AppData\Local\Temp\jre-8u65-windows-au.exe

C:\Users\JOY\AppData\Local\Temp\mp3el.exe

C:\Users\JOY\AppData\Local\Temp\MSETUP4.EXE

C:\Users\JOY\AppData\Local\Temp\qcpdec.exe

C:\Users\JOY\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Pro tools\AppData\Local\Temp\BingBarSetup-Partner.exe

C:\Users\Pro tools\AppData\Local\Temp\BingSvc.exe

C:\Users\Pro tools\AppData\Local\Temp\BSvcProcessor.exe

C:\Users\Pro tools\AppData\Local\Temp\BSvcUpdater.exe

C:\Users\Pro tools\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgfpno2.dll

C:\Users\Pro tools\AppData\Local\Temp\Execute2App.exe

C:\Users\Pro tools\AppData\Local\Temp\GUR7BE5.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-8u111-windows-au.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-8u31-windows-au.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-8u40-windows-au.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-8u51-windows-au.exe

C:\Users\Pro tools\AppData\Local\Temp\jre-8u66-windows-au.exe

C:\Users\Pro tools\AppData\Local\Temp\lowproc.exe

C:\Users\Pro tools\AppData\Local\Temp\msvcp90.dll

C:\Users\Pro tools\AppData\Local\Temp\msvcr90.dll

C:\Users\Pro tools\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Pro tools\AppData\Local\Temp\stubhelper.dll

C:\Users\Pro tools\AppData\Local\Temp\zipsetup.exe

C:\Users\Pro tools\AppData\Local\Temp\{D56E0567-9327-4EBF-B067-FAB0C0116E71}-43.0.2357.81_chrome_installer.exe

C:\Users\test\AppData\Local\Temp\316gugMj-prog.exe

C:\Users\test\AppData\Local\Temp\316gugMj-upd.exe

EmptyTemp:

end

Share this post


Link to post
Share on other sites
  • 0

I don't think that Web Companion deleted anything on your desktop, probably some other program did that, but I'll ask my contact person at Lavasoft to reply to you.

 

You can always copy all files in the Temp folders to folders you have created yourself. I guess Malwarebytes' staff/forum volunteer also will inform you about old Java versions etc. and you should only let one person help you remove malware and adware at the same time, otherwise things will be messed up.

Share this post


Link to post
Share on other sites
  • 0

Thanks, I'm sorry that I can't do much.

 

Lavasoft staff has checked the source code of the uninstallation process again and files not related to Web Companion aren't touched. The only file that is deleted on the desktop is the shortcut to Ad-Aware.

 

Even if there is a strange bug in Web Companion that deleted other files, the only way to get them back is to recreate shortcuts to programs and to use Recuva, and other similar programs, to try to find the other lost files.

 

How to see files that are marked as hidden: http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

When you have done that, it's possible to search for files that are marked as hidden.

 

For the future, please remember to have backups of all important files, a hard disk can crash at any time and then all files on it are lost forever.

 

Please let me know if I can help you in some other way.

Share this post


Link to post
Share on other sites
  • 0

I hear you! You mentioned restoring back to kies?? How do I do that also you mentioned configure windows explorer to show files?? Also you suggested I remove some of the programs that are suseptibale java, QuickTime, itibiti and search tool bar are any of those more complicated than just uninstalling?? Thanks much

Share this post


Link to post
Share on other sites
  • 0

Since many days have gone since you created the FRST log files, I guess that the restore point that was saved before the installation of Kies has been overwritten, but of course you can check.

How to do a system restore: http://www.sevenforums.com/tutorials/700-system-restore.html

 

I had a link to a guide for how to configure Windows Explorer to show all files in my previous post, #10.

 

Java and Quicktime are uninstalled as other programs, but it can be more complicated to get rid of crapware and adware, as Itibiti RTC and Search toolbar. Maybe Malwarebytes already have given you instructions for those two, e.g. by running MBAM, AdwCleaner and/or Junk Removal Tool JRT (I haven't checked if MBAM removes them)?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this