I need some help fixing up this computer.
It belongs to a mate of mine that mainly uses it for making his songs as he is an up-coming rap artist.Anyway he was complaining of major slowdowns and asked me to take a look at it for him.

There are many things bothering me about this computer.
The USB ports are very picky on what they pick up and allow to work.
The USB wireless lan card I am using in it now works fine in every USB port but when I try to stick in my external hard drive or any of my memory keys it picks them up the first time only and just disregards them.They don't show up in my computer.And since the first time they don't even get detected anymore.

And when I try to defrag it will never finish.It says it's finished but there were files that could not be defragmented.And the list of those files...is empty.
After repeatedly trying I got it to an exceptional point.But it still needs some serious defragging.I am convinced it's because the drive is nearly full.

When I first got the computer it only had 8gb left.It's an 80gb drive.I lowered the recylce bins capacity to 5% and managed freeing up more space from CCleaning and removing crap he didn't want.His HJT log is a mess and I don't really want to go much further than the regular scanning without help.

I scanned with AVG AS, Ad-Aware and Spybot.
I will post a HJT log and also the AVG AS log below.
Both Ad-Aware and SpyBot removed mostly registry issues.
I can't remember what they were I'm afraid.

Logfile of HijackThis v1.99.1
Scan saved at 20:12:30, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\MAFWTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CE.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\GS30s.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rob\Desktop\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CM] "C:\PROGRA~1\VCM\cm.exe" 212.150.243.4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://D:\IntraLaunch.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140795663046[/url]
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - [url]http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - [url]http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab[/url]
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GS30s - Unknown owner - C:\WINDOWS\SYSTEM32\GS30s.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

This was done before the above log, as were all the scans.

(cookies left out)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:34:37 10/22/2006

+ Scan result:



C:\Documents and Settings\Rob\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned.
C:\Documents and Settings\Rob\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule -> Adware.Altnet : Cleaned.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule. 1 -> Adware.Altnet : Cleaned.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\ CLSID -> Adware.Altnet : Cleaned.
HKLM\SOFTWARE\Classes\SigningModule.SigningModule\ CurVer -> Adware.Altnet : Cleaned.
C:\Program Files\Go!Zilla\eZula\ezTTStub.exe -> Adware.EZula : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{5345A7A1-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5345A7A1-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-117609710-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5345A7A1-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-117609710-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5345A7A9-805A-4923-B505-86B2FEBA3FE0} -> Adware.Generic : Cleaned.
C:\WINDOWS\inet20009\3.00.12.dll -> Adware.Ihbo : Cleaned.
C:\Documents and Settings\Rob\Local Settings\Temp\p2psetup.exe -> Adware.P2PNet : Cleaned.
C:\Documents and Settings\Guest\Application Data\Starware -> Adware.Starware : Cleaned.
C:\Documents and Settings\Guest\Application Data\Starware\MasterOptions.xml -> Adware.Starware : Cleaned.
C:\Documents and Settings\Guest\Application Data\Starware\ProductOptions.xml -> Adware.Starware : Cleaned.
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarOptions.xml -> Adware.Starware : Cleaned.
HKU\S-1-5-21-117609710-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned.
HKU\S-1-5-21-117609710-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned.

C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Du mmy.class-129372c5-55b5f388.class -> Trojan.ClassLoader.Dummy.d : Cleaned.
C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Du mmy.class-f59e624-6f6814a4.class -> Trojan.ClassLoader.Dummy.d : Cleaned.


::Report end

I can't really see much else but the machine still has it's fair share of problems....

The first infection here steals passwords and other financial info... Your friend may be in serious trouble and needs to contact any financial institution he has done business with on this computer and change all such info...

Download haxfix.exe (http://users.telenet.be/marcvn/tools/haxfix.exe).
Save it to your desktop.
Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon".
Click "Next".
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.
Click "Finish".
A red "dos window" (dos box) will open.


Close all other open windows since this step requires a reboot
Select option 2. Run auto fix by typing 2 and then pressing Enter

If an infection is found, you'll get a message to close all other open windows.


Close all open windows except the red dos window from haxfix and then press Enter
The computer will reboot
After reboot a logfile will open > (c:\haxfix.txt)
Post the contents of that logfile along with a new HijackThis log.


Before the new log use HJT to fix if they are still there:

O4 - HKCU\..\Run: [CM] "C:\PROGRA~1\VCM\cm.exe" 212.150.243.4
O16 - DPF: {161A7465-FEEE-4B40-8A85-ED752B93F73E} - file://D:\IntraLaunch.CAB
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)

Reboot and then post the logs...

Will do all the above.
Just have a query, the way this computer boots up and shuts down is set differently to my computer and every other computer I have used.
The welcome screen is turned off and on boot up and shut down a little log in box appears instead of the welcome screen.

Even when you press Ctrl+alt+delete this box comes up and offers to be shut down restarted or open task manager.When I tried to change this under user accounts it said until client services for netware was disabled this can't be changed.

After checking up on netware it is related to networks.
He wants his computer set to the way he seen mine so can you help me change this?

I'll post back with the results.

Ok haxfix found no infections...
Will I bother doing the HJT fixes or will I just wait for your next instructions?

Go ahead with the HJT fixes, but also please post the HaxFix log... Were you using an Admin account to run HaxFix??

He wants his computer set to the way he seen mine so can you help me change this?This might require reinstalling the whole system, but networking is not my forte, so you may need to start another thread after we get through the cleanup...

He is the Admin on the computer.There is only his and the guests account.
When you turn on the computer you can't select accounts as the log in box for his account just appears on boot.I will get the haxfix log and also do the HJT fixes and post the log.I still can't understand the problems with the USB...

It's me, I just made this account so as I don't have to log in on my own one on this computer as I can't transfer the logs with no USB and I wasn't bothered e-mailing them to myself.

HAXFIX logfile - by Marckie
--------------
version 4.27
Tue 10/24/2006 11:45:24.92

--- Auto Haxdoorfix ---


searching for files:

no infections found


--- Goldunfix ---


searching for files:

searching for SSODLkeys:
no SSODLkeys found

searching for notifykeys:
no notifykeys found

searching for services:
no services found

And a fresh HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 14:02:07, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\MAFWTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CE.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\GS30s.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rob\Desktop\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140795663046[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - [url]http://support.f-secure.com/ols3/fscax.cab[/url]
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - [url]http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab[/url]
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: GS30s - Unknown owner - C:\WINDOWS\SYSTEM32\GS30s.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

The log looks okay... I would run the F-Secure scan again and I would still make sure that any financial info is changed... Given the nature of the trojan, if it was me, I would probably wipe and reinstall, but that is up to your friend... Since this one has rootkit properties, that may be the only way to be sure it is really gone...

Since he uses Pro-Tools he wouldn't even consider wiping as he said it would be some ammount of trouble getting them to let him install it again.

As you mentionrd I ran F-secure before.Do you want the log or will I just run it again?

Yes, it would be a good idea to post the log to see if anything else shows up...

I re-scanned with F-secure and nothing extra was found.
The first scan detected 3 spyware traces and 1 virus.
He needed the machine back to finish off his EP and to get some work done for college.

I'm pretty sure we got what was there.I told him to change all of his passwords etc.And he never did any online financial business so thats good.

Thanks for your help Budfred.

Okay... With the infections in question, the security of this computer is always going to be questionable, but hopefully it is enough...

As I'm sure you know you always come across people who are happy once their computer is working.And people who aren't all that scared by infections.
My friend just happens to be one of them.I'm sure a re-install on this machine would be hitting all the birds with one stone but try telling my friend that as I'm blue in the face.

I'm on your side here.I have a 100% malware free computer myself and I will always keep it that way.But unfortunately not everyone thinks the way we do my friend.

Thanks for the help.

Well when he gets the credit card bill for 20 hrs of phones3x billed to some out of the way island, you can do a "I told you so" dance...or when some sleezoid lifts his identity...or he gets cut off by his ISP as a spammer...or some syndicate clears out his bank account...or all his songs get 'eaten' by a worm (hope he has his work in something other format than mp3 or midi)

I think he has them as waves.Not entirely sure.I'll link him to what you said when he comes online next.Who knows maybe he will get a much needed wake up call.