rundll error notice and others

[labman]

Help me please!!!
I'm getting a rundllerror notice on after booting as follows:
error loading c:\programfiles\FBMsoftware\zerospyware\zss scheduler.dll - the specified module could not be found

I am running AVG anti-virus (full program), and Spyware Doctor, Ad-Aware and XoftSpy spyware programs, oh and an evaluation version of CounterSpy. Nothing is picked up with these.
So I bought PC Tools' Registry Mechanic and this has identified it as a problem along with quite a few others! However, although it says that it has fixed the problems, when I rerun the scan, the same problems come up again. Same thing with a trial version of System Mechanic 6. I have also tried manually deleting with HJT with no success.
Below is a log file from RM and HJT


----------------------------------------------------------------------------------------------------
Registry Mechanic 5.2.0.310
----------------------------------------------------------------------------------------------------
Start of Scan
8/25/2006 10:44:24
Your System Information :
CPU: Intel Pentium
IE: Internet Explorer 6.0.2900
MEMORY FREE: 507704
MEMORY TOTAL: 1048048
VIRTUAL FREE: 2013992
VIRTUAL TOTAL: 2097024
WINDOWS VER: Windows XP 5.1 (Build 2600)

----------------------------------------------------------------------------------------------------
Running processes: Process ID
----------------------------------------------------------------------------------------------------
[System Process] 0
System 4
smss.exe 336
csrss.exe 400
winlogon.exe 424
services.exe 468
lsass.exe 480
ati2evxx.exe 624
svchost.exe 636
svchost.exe 708
svchost.exe 748
svchost.exe 788
svchost.exe 816
spoolsv.exe 1032
PhotoshopElementsFileAgent.exe 1212
avgamsvr.exe 1256
avgupsvc.exe 1268
IoloSGCtrl.exe 1336
MDM.EXE 1416
ati2evxx.exe 1456
PhotoshopElementsDeviceConnect.exe 1520
RichVideo.exe 1632
sdhelp.exe 1804
explorer.exe 1816
svchost.exe 1892
ULCDRSvr.exe 168
wdfmgr.exe 164
MsPMSPSv.exe 300
dragdiag.exe 1668
avgcc.exe 1676
avgemc.exe 1684
CTHELPER.EXE 1692
drst.exe 1708
ctfmon.exe 1720
MiniOddie.exe 1872
Ad-Watch.exe 1912
alg.exe 2052
HPWGTBX.exe 3816
SunServer.exe 2000
RegMech.exe 3708
----------------------------------------------------------------------------------------------------
Sections Scanned:
----------------------------------------------------------------------------------------------------

SUP - 2
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
Value : UpdReg = C:\WINNT\Updreg.exe
Parsed : C:\WINNT\Updreg.exe

SUP - 3
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
Value : iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
Parsed : C:\Program Files\iTunes\iTunesHelper.exe

SUP - 4
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
Value : QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Parsed : C:\Program Files\QuickTime\qttask.exe

SUP - 5
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices
Value : SchedulingAgent = C:\WINNT\system32\mstask.exe
Parsed : C:\WINNT\system32\mstask.exe

DEEP - 6
Location: HKEY_CURRENT_USER\Software\PC MightyMax\Startup\ZSScheduler.5
Value : = C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll, runScheduler
Parsed : C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll

DEEP - 7
Location: HKEY_CURRENT_USER\Software\PC MightyMax\Startup\ZSScheduler.5
Value : = C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll, runScheduler
Parsed : C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll

DEEP - 8
Location: HKEY_CURRENT_USER\Software\PC MightyMax\StartupCur\ZSScheduler.5
Value : = C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll, runScheduler
Parsed : C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll

DEEP - 9
Location: HKEY_CURRENT_USER\Software\PC MightyMax\StartupCur\ZSScheduler.5
Value : = C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll, runScheduler
Parsed : C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll

DEEP - 10
Location: HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\Startup\QuickTime Task.3
Value : = C:\Program Files\QuickTime\qttask.exe -atboottime
Parsed : C:\Program Files\QuickTime\qttask.exe

DEEP - 11
Location: HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\Startup\QuickTime Task.3
Value : = C:\Program Files\QuickTime\qttask.exe -atboottime
Parsed : C:\Program Files\QuickTime\qttask.exe

DEEP - 12
Location: HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\Startup\UpdReg.3
Value : = C:\WINNT\Updreg.exe
Parsed : C:\WINNT\Updreg.exe

DEEP - 13
Location: HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\Startup\UpdReg.3
Value : = C:\WINNT\Updreg.exe
Parsed : C:\WINNT\Updreg.exe

DEEP - 14
Location: HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\StartupCur\iTunesHelper.3
Value : = C:\Program Files\iTunes\iTunesHelper.exe
Parsed : C:\Program Files\iTunes\iTunesHelper.exe

DEEP - 15
Location: HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\StartupCur\iTunesHelper.3
Value : = C:\Program Files\iTunes\iTunesHelper.exe
Parsed : C:\Program Files\iTunes\iTunesHelper.exe

DEEP - 16
Location: HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\StartupCur\QuickTime Task.3
Value : = C:\Program Files\QuickTime\qttask.exe -atboottime
Parsed : C:\Program Files\QuickTime\qttask.exe

DEEP - 17
Location: HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\StartupCur\QuickTime Task.3
Value : = C:\Program Files\QuickTime\qttask.exe -atboottime
Parsed : C:\Program Files\QuickTime\qttask.exe

DEEP - 18
Location: HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\StartupCur\SchedulingAgent.8
Value : = C:\WINNT\system32\mstask.exe
Parsed : C:\WINNT\system32\mstask.exe

DEEP - 19
Location: HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\StartupCur\SchedulingAgent.8
Value : = C:\WINNT\system32\mstask.exe
Parsed : C:\WINNT\system32\mstask.exe

DEEP - 20
Location: HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\StartupCur\UpdReg.3
Value : = C:\WINNT\Updreg.exe
Parsed : C:\WINNT\Updreg.exe

DEEP - 21
Location: HKEY_LOCAL_MACHINE\SOFTWARE\PC MightyMax\StartupCur\UpdReg.3
Value : = C:\WINNT\Updreg.exe
Parsed : C:\WINNT\Updreg.exe

----------------------------------------------------------------------------------------------------
Registry Mechanic 5.2.0.310
----------------------------------------------------------------------------------------------------
End of Scan
8/25/2006 10:45:35
Your System Information :
CPU: Intel Pentium
IE: Internet Explorer 6.0.2900
MEMORY FREE: 507704
MEMORY TOTAL: 1048048
VIRTUAL FREE: 2013992
VIRTUAL TOTAL: 2097024
WINDOWS VER: Windows XP 5.1 (Build 2600)

System Restore Point created


Logfile of HijackThis v1.99.1
Scan saved at 12:16:49, on 8/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\System32\alg.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Mini Oddie\MiniOddie.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINNT\explorer.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
D:\MY DOWNLOAD FILES\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINNT\system32\mstask.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mini Oddie] C:\Program Files\Mini Oddie\MiniOddie.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [ZSScheduler] RunDll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll ", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/S...dObjSigned.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122498084242
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C85F059B-384B-4BF9-B653-3A99CCD05B11}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Can you help?

Best regards

[nightowl]

c:\programfiles\FBMsoftware\zerospyware\zss scheduler.dll

Do you have this program on your computer? It may be a bad Spyware Program. If you did not install it its probably bad. I never heard of it. Uninstall with Add/Remove Programs. Your HijackThis log looks ok.........Jim

[labman]

Hi JIm
Sorry, I forgot to mention I did have Zero Spyware loaded on my pc but I removed it cos it never found any spyware!!! I also tried deleting it through msconfig but no.
regards John

[nightowl]

Try Ewido, It may pick up something.
Follow the directions below, Post your Ewido and HijackThis logs on your next post........Jim

First download ewido anti-spyware from HERE and save that file to your
desktop.
This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop
   and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition
   files.
3. On the main screen select the icon "Update" then select the "
   Update now" link.
   • Next select the "Start Update" button, the update will start and a
     progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of
   the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then
   select "Quarantine".
6. Under "Reports"
   • Select "Automatically generate report after every scan"
   • Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting
   your computer and continually tapping the F8 key until a menu appears.
   
   Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or
   programs while ewido is scanning, it may interfere with the scanning proccess:
2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab
   then click on "Complete System Scan".
4. ewido will now begin the scanning process, be patient this may take a little
   time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all
   actions"
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower left hand of the
   screen and save it to a text file on your system (make sure to remember where
   you saved that file, this is important).
8. Close ewido and reboot your system back into Normal Mode and post the
   results of the ewido report scan.

[labman]

Hi Jim
Done as you said but ewido found nothing. Anyway, here are the reports.
What is the reason for scanning in SafeMode?
regards John


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 09:29:16 26/08/2006

+ Scan result:



Nothing found.


::Report end



------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 09:49:06, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Mini Oddie\MiniOddie.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINNT\System32\alg.exe
C:\WINNT\System32\wbem\wmiprvse.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
D:\MY DOWNLOAD FILES\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINNT\system32\mstask.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mini Oddie] C:\Program Files\Mini Oddie\MiniOddie.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [ZSScheduler] RunDll32.exe "C:\PROGRA~1\FBMSOF~1\ZEROSP~1\ZSScheduler.dll ", runScheduler C:\PROGRA~1\FBMSOF~1\ZEROSP~1\
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/S...dObjSigned.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122498084242
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C85F059B-384B-4BF9-B653-3A99CCD05B11}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[nightowl]

Your machine looks clean. Are there any other symptoms? How long has this been going on?..........Jim

[labman]

Hi Jim
I've been getting the error message for over a week now. I was away for a month and came back to it. My pc was used by others while I was away (an open house by all accounts) and I did find a fair amount of spyware and adware which I removed with one or other of my anti-spyware programmes.
AVG AV is set to run on start up and scans reveal nothing, though there are 2 files in the virus vault which seem to have been picked up while someone was surfing. I've also run a couple of online virus scanners which have come up clean.
System was a bit unstable at first and crashed once but after sorting that out, has been ok.
What I don't understand is why I cannot manually stop any startup programmes in msconfig, on rebooting everything remains the same. In fact any changes I make in msconfig are not saved. Also, as I mentioned before, Registry Mechanic picks up problems, says it has repaired them, then when I run the scan again the same problems come up.
It's all very peculiar!!!!!!
regards John

[nightowl]

Sounds strange, You may want to ask someone in the Software or hardware section of this website, they may have some ideas. It may have been caused by Spyware in the past but right now its clean. I rarely see Ewido reports saying Nothing found. So as far as spyware Keep up the good work...........Jim

[labman]

Jim, thanks a million for your help and advice. I'll go over to the the software boys as you suggested.
Nice to know I've got a clean machine!!!
Thanks again
John

[nightowl]

Good luck over there.........Jim