Greetings, Ian !

Reboot in Safe Mode* and run HiJackThis. (note: If any items do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.)
O4 - HKLM\..\Run: [useful-soft] C:\WINDOWS\SYSTEM\svchst.exe
O4 - Startup: PowerReg Scheduler.exe

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - »207.82.221.103/2471afd708fa0e83c615/ne..

Close all windows except HijackThis and click Fix checked.

While still in Safe Mode*, delete the following: (you may need to show hidden files**)
(Files specified without a full path will be located in C:\Windows\ or C:\Windows\System32\)
C:\WINDOWS\SYSTEM\svchst.exe

*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406
**Show Hidden and System files and folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

http://www.broadbandreports.com/forum/remark,14299832

 Wuauclt.exe is a process managing automatic updates for Windows. This process continuously checks for the latest updates by going online. This process should not be removed if you want to get informed about new updates.

If the above hasn't fixed the problem, then try the following:

(1) Free version of Ewido from: http://www.ewido.net/en/ and scan your system with that.

If still no luck then:

(2) Get Autoruns from: http://www.sysinternals.com/Utilities/Autoruns.html
and scan your system. Use the "Hide Signed Microsoft Entries" option to reduce the display, then ave to a text file and cut-and-paste it here.

Thanks for the responses.  So far war1's tips have not worked, it is still there (thanks for the info about Wuauclt.exe !)
I will try r-k's two links on Monday and let you know.

Cheers!
Ian

What is "still there"?  A file that you cannot delete?  Symptoms of Raze spyware?

Ewido got rid of a couple of other that SpyBot S&D and Ad-Aware didn't catch!  But, the Razeware banner is still on the desktop, which brings me to war1's latest comment.  The only thing I can see that is wrong is the desktop.  I have a feeling the Razeware problem is gone but this is the left over affect.  I cannot change the desktop bitmap and cannot right click on the desktop.  Do you think that the Razeware problem iis fixed and that this is just one of the affects of having a Razeware infection?  I will try and get the sysinternals to you on Monday or Tuesday (Sept. 12 or 13th)

Thanks for the good feedback.  We are making progress.

To remove this, shutdown computer and boot to safe mode command prompt. Once you have made it to a dos prompt it will help if you know dos commands type in cd\ to change to the root directory. Type in cd windows (I assume you are using Windows XP). You need to search the directory for files that were add on the date the red screen appeared. To do this type dir /t/p
This command will fill one screen and pause (press enter to continue). The file I found in here was desktop.html. To delete this file type del desktop.html. Next move into winnt\system32 directory (type cd system32 and press enter).
There are two files to delete in this directory (svcnt32.exe and zybigui.dll) To verify the date on these files type dir svcnt32.dll /t (do the same for the other one then delete both files. You may want to search all of system32 directory for other files added at the same time dir /t/p (there are many many files in this directory). Once you are finish type exit and press enter. Then press alt-ctrl-delete and select shutdown. After the system reboots you still have more work to do. Click start-settings-controlpanel Click display on the web tab deselect showweb content and you should be back to normal.

Reference: http://www.dslreports.com/forum/remark,13413938~reverse=0;days=10;root=security;mode=nest

I have no  idea of the date the system was infected (not my PC, a clients)...but...the good news is, with everyones tips, the Razeware banner is gone!  I went to a website called http://www.kellys-korner-xp.com/xp.htm and got the registry fix for missing display tabs.  Then followed war1's hint  "Click display on the web tab deselect showweb content"
I rebooted and voila!

Thanks for all your help!
Ian
 

Ian, glad you got rid of RazorSpyware banner.