I am having the same problem, and I dont have 2 instances of lsass running. Antivirus is popping up the rdrive.sys has been deleted because of the Trojan.cachecachekit.
Any help on this issue?
Thanks Mike
Logfile of HijackThis v1.99.1
Scan saved at 6:28:36 PM, on 7/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
c:\winnt\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
D:\Micros\RES\POS\Bin\3700d.exe
E:\Panera\Util\AutoTask.exe
E:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\Explorer.exe
D:\MICROS\RES\GSS\Bin\CIService.exe
D:\Micros\RES\POS\Bin\DbUpdateServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\MICROS\COMMON\Bin\CALSrv.exe
D:\MICROS\res\pos\Bin\resdbs.exe
D:\MICROS\COMMON\Bin\RunDBMS.exe
D:\Micros\COMMON\Bin\DSM.exe
D:\MICROS\COMMON\Bin\MicrosDsk.exe
C:\WINNT\system32\MSTask.exe
D:\MICROS\res\pos\Bin\ConnAdvisor.exe
D:\MICROS\res\pos\Bin\MDSHTTPService.exe
D:\MICROS\COMMON\Bin\CMS.exe
D:\MICROS\COMMON\Bin\ComScheduler.exe
C:\WINNT\System32\SVSw32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
D:\MICROS\COMMON\Bin\CMSC.exe
D:\MICROS\DATABASE\SYBASE\Adaptive Server Anywhere 6.0\Win32\dbsrv6.exe
D:\Micros\Res\Pos\bin\OPS.exe
D:\Micros\Res\Pos\bin\IFS.exe
D:\Micros\Res\Pos\bin\PControl.exe
D:\MICROS\COMMON\Bin\AutoSeqServ.exe
D:\Micros\Res\Pos\bin\CCS.exe
C:\kp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://63.165.2.34:8383/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=D:\MICROS\COMMON\BIN\MicrosExplorer.exe
O1 - Hosts: 204.95.114.131 euro
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {aa44da02-7f61-11d4-a3e1-00c04fa32518} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AE5603F-1BCE-4D9B-A83B-A7C6C839D0CB}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: MICROS 3700 System (3700d) - MICROS Systems, Inc. - D:\Micros\RES\POS\Bin\3700d.exe
O23 - Service: Auto Task (AutoTask) - Panera, LLC - E:\Panera\Util\AutoTask.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - E:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: MICROS Caller ID Service (CISERVICE) - MICROS Systems, Inc. - D:\MICROS\RES\GSS\Bin\CIService.exe
O23 - Service: MICROS DB Update Service (DbUpdateServer) - MICROS Systems, Inc. - D:\Micros\RES\POS\Bin\DbUpdateServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MICROS Backup Server - MICROS Systems, Inc. - D:\MICROS\res\pos\Bin\resbsm.exe
O23 - Service: MICROS CAL Service - Unknown owner - D:\MICROS\COMMON\Bin\CALSrv.exe
O23 - Service: MICROS Database Service - MICROS Systems, Inc. - D:\MICROS\res\pos\Bin\resdbs.exe
O23 - Service: MICROS Distributed Service Manager - MICROS Systems, Inc. - D:\Micros\COMMON\Bin\DSM.exe
O23 - Service: MICROS Cash Management COM Server (MicrosCashManagementComServer) - MICROS Systems, Inc. - D:\MICROS\COMMON\Bin\CMSC.exe
O23 - Service: MICROS Secure Desktop (MicrosDesk) - MICROS Systems, Inc. - D:\MICROS\COMMON\Bin\MicrosDsk.exe
O23 - Service: OracleClientCache80 - Unknown owner - E:\orant\BIN\ONRSD80.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: sqlCAFEXXX (SQLANYs_sqlCAFEXXX) - Sybase, Inc. - D:\MICROS\DATABASE\SYBASE\Adaptive Server Anywhere 6.0\Win32\dbsrv6.exe
O23 - Service: sqlNTSERVER4325 (SQLANYs_sqlNTSERVER4325) - Sybase, Inc. - D:\MICROS\DATABASE\SYBASE\Adaptive Server Anywhere 6.0\Win32\dbsrv6.exe
O23 - Service: MICROS Connection Advisor (srvConnAdvisor) - MICROS Systems, Inc. - D:\MICROS\res\pos\Bin\ConnAdvisor.exe
O23 - Service: MICROS MDS HTTP Service (srvMDSHTTPService) - MICROS Systems, Inc. - D:\MICROS\res\pos\Bin\MDSHTTPService.exe
O23 - Service: MICROS Cash Management (svcCashManager) - MICROS Systems, Inc. - D:\MICROS\COMMON\Bin\CMS.exe
O23 - Service: MICROS LM COM Scheduler (svcCOMScheduler) - MICROS Systems, Inc. - D:\MICROS\COMMON\Bin\ComScheduler.exe
O23 - Service: svsw32 - MICROS Systems, Inc. - C:\WINNT\System32\SVSw32.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ati Management (Winconfig32) - Unknown owner - C:\WINNT\scvhost.exe