HELP!!...New here...Raze Spyware Remove;Win64.exe/Mswinb32.exe

Couple problems, heres the links to repair as well as items in question from your log. Let us know.

Raleka is a worm-virus that spreads through the Internet by exploiting a vulnerability in the DCOM RPC service in Microsoft Windows. This vulnerability is detailed in Microsoft Security Bulletin MSO3-026 .

http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
http://www.sophos.com/virusinfo/analyses/trojspyrea.html

C:\WINDOWS\System32\service.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O23 - Service: Windows Service Manager (WSCM) - Unknown owner - C:\WINDOWS\System32\service.exe

 

Please complete step 6 of the READ & RUN ME and attach the two requested logs. Also disable Spybot's Teatimer as requested in the READ & RUN ME.

Are your copies of Ewido and Pest Patrol paid versions or free trials?

As Major Attitude pointed out, you have a bad service running that you must stop and disable. Do the below:

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Windows Service Manager ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

WSCM

If you receive any error messages just ignore them and continue.

Now exit HJT and reboot

After reboot attach the two online scanner logs and a new HJT log.
Also delete the below file:
C:\WINDOWS\System32\service.exe <--- only delete service.exe DO NOT delete services.exe which is valid.

 

Why are you editing your old messages and deleting logs? We cannot help you if you delete the history of what we have been doing! You are not supposed to be able to edit messages after 5 minutes for just this reason, however there is a bug in the vB code used by the forums.

Start over! And run the below and attach ALL logs and do not edit them.

Start by running this procedure: SpywareQuake Removal Procedure attach the smitfiles.txt log.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis

.

 

Also since you have a paid version of Pest Patrol, you should uninstall Ewido (which you said was clean anyway) and also uninstall Windows Defender. Leaving all of these installed will waste resources, slow your PC down, and could cause conflicts. If you do re-run the READ ME as suggested, you do not need to run Windows Defender again. If fact, all I really need to see are the two logs from step 6 and then a new HJT log after the other steps have been run.

By the way if Pest Patrol is detecting problems here:
C:\Program Files\CA\eTrust PestPatrol\Quarantine\reg1.tmp

Then it is detecting problems in its own Quarantine folder which would be totally stupid since it save the info there.

 

No problem! I now understand why you delete them, however, it was not necessary. It was not the total amount of data that you uploaded that was causing a problem. Sometimes the buttons just don't work (vB bug) and sometimes it is because the logs have the same exact data as a previous log which then gets refused. Any individual .log, .zip, or .txt file must be less than 250k and you can upload 4 logs into any single message. But there is no restriction on total size on multiple logs.

Just attach a new BitDefender, Panda, and HijackThis log. You do not need to run ALL the other steps in the READ ME.

Also tell me if you see the below files! And if you do, see if you can delete them. Let me know what happens.
C:\windows\system32\keylogger32.exe
c:\windows\system32\shellgui32.dll
c:\windows\system32\txfdb32.dll
c:\windows\dlmax.dll

 

Try running the below for the Alexa Toolbar registry entry that Panda is not given any info on.

Alexa Toolbar Removal Tool 1.0.2

Before running the below steps with HijackThis make sure you shut down any active protection from Norton, Pest Patrol, or similar programs.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {12872A48-35BA-4A13-A5A5-B8047717564C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

After clicking Fix, exit HJT.

Did you install any tools like the below? Sometimes restart.exe comes with tools like Look2Me Fix or others.
C:\WINDOWS\system32\Tools\Restart.exe

If you did not make this folder and install this file there then delete it.

Now reboot in normal mode and post a new HJT log. Do not allow Spybot to fix the problem with Task Manager again if it shows up. In fact do not run a scan with Spybot.

Also run the below procedure and attach the runkeys.txt log. I want to see if there is any indication of why Task Manager is getting disable.

Using GetRunKey

Make sure you tell me how things are working now. Itemize any remaining problems

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You're welcome!

Shut down Pest Patrol and any active protection from Symantec before doing the below or they could block the changes.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Attach a new runkeys.txt log now and also tell me how things are looking! Is Task Manager okay now?

 

Nothing was found! All you are seeing is the section headings where info would be reported if malware was found.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

Well I don't get down that way too often. Last time was a very long time ago, but I typically keep out of trouble. Thanks! And you're welcome again!