Spyware possible sophosrrotkit

Welcome to Major Geeks!

If you have a rootkit of any type, it is not going to show in HJT. We need a lot more than a HJT log and yours shows no malware anyway so it is of no value. If your system is low on resources, you should shutdown some applications while running the steps. Perhaps your Panda software is bringing your system to its knees.

Do you know what the below file is listed in your HJT log? I assyme it is part of C:\Program Files\Kaseya\Agent\KaUsrTsk.exe But what exactly is this too.

O10 - Broken Internet access because of LSP provider 'kaseyasp.dll' missing

Is it really missing? Check for it in c:\windows\system32

Between Panda and the below software, perhaps you are just hogging all of your system resources:
O4 - HKLM\..\Run: [Client Access Service] "e:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "e:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "e:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "e:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [OurTech Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
O4 - HKLM\..\Run: [EasySync Pro - MSWinCE2] C:\Program Files\Common Files\XCPCSync\Translators\MSWinCE2\AutoDetect.exe
O4 - HKLM\..\Run: [EasySync Pro] C:\Program Files\Common Files\XCPCMenu.exe

 

If they run at startup as shown, they are using some amout of resources. Some even showed running in your process list of your HJT log.

You said you disabled Panda! How and what did you disable?

Well I need to know about that file in the O10 line.

Then you can run the below to check for rootkits.

Now please download F-Secure's BlacklightBeta

• Download fsbl.exe and save it to the Desktop.
• Once saved... double click fsbl.exe to install the program.
• Click accept agreement and Click scan
• This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please attach the BlackLight log.

If Blacklight does not find anything (which I suspect will be the case) continue onto the below.


Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - only for Windows XP, 2K, & NT users
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!