Y-Axis ps/2 usb mouse freezes MOUCLASS.SYS & MOUHID.SYS NOT SIGNED

[CAS159]

It all started when I decided to get rid of iTunes and get aTunes from SoftPedia.  Immediately, the same day my daily Avast Full scan revealed 7 AddLyrics viruses.  Two of which were not captured and sent to the chest.

C:\Program Files\LyricsPal\125.crx|>contentscript.js   JS:AddLyrics-E [Adw] Error the system cannot find the file specified
C:\Program Files\LyricsPal\125.crx|>manifest.json     JS:AddLyrics-B [Adw] Error the system cannot find the file specified

So I did a boot scan and came up empty.  Then my mouse started freezing on the Y-axis and I thought it was dirty but it was happening after every couple of hours of use.   
I tried changing the pointers on the mouse when I noticed the drivers MOUCLASS.SYS & MOUHID.SYS "Not digitally signed".  I uninstalled the drivers and rebooted my XPSp3 32bit system with a boot scan and went to work.
When I came home my system would not boot up into Windows and left me a message that the copy of windows xp was not valid.  So I went to the library after a couple of days trying to fix things in safe mode.  I contacted MS and had to input about 50 numbers to validate Windows and get past the windows boot.
I tried the Recovery Console Expand and Extract commands to overwrite these files when I noticed they are SP2 versions and I have SP3 versions on my system.  However, these commands would not work and I used the Copy command without any change.  I've had passwords on my CMOS and Avast and changed the CMOS user access and password when it looked like settings had been changed when I could not boot up.
I started researching the y-axis freeze but mostly found game forum troubles.  Lately I noticed that four of my security updates will not work for windows.  So I guessed this bug is stopping the updates.  Yesterday I did a search and found an MS page, "You cannot install some updates or programs" on http://support.microsoft.com/kb/822798.
There are 11 separate "Manual methods" listed to fix the update program and I did Method 1 to Method 6 and skipped Method 7 & 8 because I got lost in it's referral to other MS pages and went to Method 9 with no success with the command "ren %systemroot%\System32\Catroot2 oldcatroot2"
In Method 9 I was given a message that the file is being used by another process.

Method 9: Clear the temporary file and restart the hotfix installation or the service pack installation
To clear the temporary file and restart the hotfix installation or the service pack installation, follow these steps:

    Click Start, click Run, type cmd, and then click OK.
    At the command prompt, type the following commands. Press Enter after each command.
    net stop cryptsvc
    ren %systemroot%\System32\Catroot2 oldcatroot2
    net start cryptsvc
    exit

Yesterday I lost all access to the internet with my browsers and Avast even though the connection was active.  Before this happened I set Avast to put mouclass.sys and mouhid.sys as virtual processes and restrict their access from the internet.  However, next my access was restricted until I released control of those settings.  I restricted that access because I come home to find the six tabs open but FireFox using 1,000,000 kbs in "Task Manager".  I only see that much memory being used if I have 30 or more tabs open.
When my mouse looses the Y-axis control I fix it temporarily by unplugging the dual mouse keyboard ps/2 usb adapter and after I hear the system usb sound I plug it back in five or ten times waiting for the sound again and the keyboard to light up to get back mouse control.
I wanted to take my computer to the shop but they would just wipe the drives.  I've got a TB USB external drive that I sent all of my documents over.  Except for about 20gb of documents most of the files are movies, music, and pictures.  My usb has 903gb of used space and 28.3 free space.
I can't assume that the usb is not also infected. On top of all this I have to move tomorrow.
I need a silver bullet before I go to work tonight. 
SOS ASAP

[Pondus]

follow instructions here and attach logs ....not copy and paste.    http://forum.avast.com/index.php?topic=53253.0

run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR

when done, removal specialists will be notified and help you
when fininsh, all tools used will be removed

[essexboy]

Before you even consider using the USB do the following

Download McShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

Then run the OTL fix and follow with a fresh scan

[CAS159]

MCShield happened so fast I thought it didn't work.  It did find something.  Below is the
AllScans.test log.  My pointer is not giving me problems on my re-boot as it always does but
mouclass.sys and mouhid.sys are still listed as unsigned.

>>> MCShield AllScans.txt <<<



MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 2.7.4.23 / DB: 2013.9.8.1 / Windows XP <<<


9/13/2013 8:07:14 PM > Drive C: - scan started (Local Disk ~149 GB, NTFS HDD )...



=> The drive is clean.


9/13/2013 8:07:16 PM > Drive E: - scan started (DRIVE_J ~298 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 2.7.4.23 / DB: 2013.9.8.1 / Windows XP <<<


9/13/2013 8:08:05 PM > Drive F: - scan started (DRIVE_K ~932 GB, NTFS HDD )...


> F:\Recycled
> F:\Recycled\desktop.ini (MD5: ad0b0b4416f06af436328a3c12dc491b)

>>> F:\Recycled - Malware (folder) > Deleted. (13.09.13. 20.08 Recycled.70645)


=> Malicious files   : 1/1 deleted.
=> Malicious folders : 1/1 deleted.

____________________________________________

::::: Scan duration: 3sec ::::::::::::::::::
____________________________________________

[CAS159]

OLE could not run FIX because the file on F USB drive was deleted.  When I started MCShield it go hung up on the USB which was entering sleep mode after 3 minutes.  I uninstalled it a re-installed MCShield and re-ran the scan after I shut down sleep mode on the external USB TB drive..I guess one of the settings was delete.
I ran a scan which did not find anything

[essexboy]

Could you run this OTL scan please and attach the log

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post  both logs

[CAS159]

I copied the text to do the Custom Scan, but I noticed CREATERESTOREPOINT was not there after execution even though it was still highlighted when I copied it from your post.  Only the OLE.txt was created.  i did not want to run the scan again to ensure this was a mistake and thereby make another mistake.
I will await your instructions.  My Avast daily 3am Full System Scan found a Trojan OLE:ScriptBridge-inf on my external usb F drive.  OLE.txt is below.  The maximum characters allowed per post is 10000 but the OLE.Txt has approx 50,000.  Therefore I must make multiple post per max characters allowed.

OTL logfile created on: 9/14/2013 6:59:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.95% Memory free
5.85 Gb Paging File | 5.34 Gb Available in Paging File | 91.21% Paging File free
Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 113.04 Gb Free Space | 75.84% Space Free | Partition Type: NTFS
Drive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 298.09 Gb Total Space | 290.65 Gb Free Space | 97.50% Space Free | Partition Type: NTFS
Drive F: | 931.50 Gb Total Space | 28.34 Gb Free Space | 3.04% Space Free | Partition Type: NTFS
 
Computer Name: USER-16B3CF4E85 | User Name: Carman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/09/14 06:52:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2013/08/30 03:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/30 03:47:31 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/08/17 17:20:03 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/15 16:07:06 | 000,607,744 | ---- | M] (MyCity) -- C:\Program Files\MCShield\MCShieldRTM.exe
PRC - [2011/01/11 05:42:29 | 000,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/01/11 05:42:21 | 001,797,880 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/07/04 19:07:40 | 000,238,952 | R--- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/09/08 17:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/12 11:12:30 | 000,278,528 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe
PRC - [2006/02/23 09:50:26 | 000,069,632 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\HDManage\HDManage.exe
PRC - [2005/07/19 18:32:18 | 000,221,184 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2004/09/29 13:14:36 | 000,069,632 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/13 19:25:11 | 002,099,200 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13091303\algo.dll
MOD - [2013/09/13 13:24:36 | 002,099,200 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13091302\algo.dll
MOD - [2013/08/17 17:19:59 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/11 14:55:40 | 000,088,656 | R--- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | R--- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2011/01/11 05:42:33 | 000,147,192 | R--- | M] () -- C:\WINDOWS\system32\guard32.dll
MOD - [2011/01/11 05:42:32 | 000,283,896 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\Themes\cfp.theme
MOD - [2011/01/11 05:42:29 | 000,618,232 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
MOD - [2011/01/11 05:42:29 | 000,196,344 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\framework.dll
MOD - [2011/01/11 05:42:21 | 001,797,880 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
MOD - [2009/09/08 17:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2002/05/18 12:00:00 | 002,375,767 | R--- | M] () -- C:\Program Files\VDMSound\LaunchPad.dll
MOD - [2000/09/29 00:58:38 | 000,012,800 | R--- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WFXPNT40.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\program files\common files\akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/08/30 03:47:31 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/07/23 05:00:05 | 000,257,416 | R--- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/19 00:44:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/01/11 05:42:29 | 000,618,232 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/07/04 19:07:40 | 000,238,952 | R--- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/09/08 17:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/01/12 11:12:30 | 000,278,528 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe -- (SecureLockWare_InputPassword)
SRV - [2004/09/29 13:14:36 | 000,069,632 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2000/09/29 00:58:42 | 000,129,536 | R--- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

[CAS159]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C467016A-8469-420C-8812-D732F653D533}\MpKsle85926ca.sys -- (MpKsle85926ca)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A510004-16FA-4144-9B60-13856D7C702D}\MpKsldec31b4a.sys -- (MpKsldec31b4a)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2EA90AF8-A64F-436C-B1FB-5205479D46D0}\MpKslb0b551f9.sys -- (MpKslb0b551f9)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ECFC16C8-00FA-4353-B0F3-C523E4CECC81}\MpKsl9eef162f.sys -- (MpKsl9eef162f)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67380884-2C9F-4958-956B-3ED245441E61}\MpKsl622db044.sys -- (MpKsl622db044)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC95535B-E1C7-4BD8-A365-7D35461E6304}\MpKsl49076b7c.sys -- (MpKsl49076b7c)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0809D19A-F208-41C3-8E7D-A5D538D88A1E}\MpKsl2b2bd350.sys -- (MpKsl2b2bd350)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AF986EC-DA70-4DAE-8FE9-34C058C4BE23}\MpKsl125b0625.sys -- (MpKsl125b0625)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/08/30 03:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 03:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 03:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 03:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 03:48:12 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/08/30 03:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/08/30 03:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 03:48:11 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/08/30 03:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 03:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/08/30 03:48:11 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/07/13 06:47:41 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/01/11 05:42:33 | 000,101,776 | R--- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2011/01/11 05:42:33 | 000,079,504 | R--- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2011/01/11 05:42:33 | 000,031,504 | R--- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/11/09 09:08:04 | 000,026,112 | R--- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/06/14 09:32:54 | 000,036,608 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/26 22:25:12 | 000,123,776 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010/04/26 22:25:12 | 000,098,560 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2010/04/26 22:25:12 | 000,014,848 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2009/08/19 09:13:24 | 000,173,056 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/08/10 00:45:32 | 000,044,032 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUCcid.sys -- (RSUSBCCID)
DRV - [2009/03/04 04:45:38 | 000,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUIr.sys -- (RtsUIr)
DRV - [2007/04/27 22:43:24 | 000,015,872 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh)
DRV - [2007/01/04 12:39:24 | 000,723,712 | R--- | M] (BUFFALO INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SLWFIL.SYS -- (SecureLockWare_EncryptFilterDriver2)
DRV - [2007/01/04 12:37:56 | 000,723,584 | R--- | M] (BUFFALO INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ENCRFIL.SYS -- (SecureLockWare_EncryptFilterDriver)
DRV - [2005/05/27 10:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/01/10 00:17:02 | 000,601,100 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2003/12/12 00:54:14 | 000,391,424 | R--- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/10/23 07:28:00 | 000,174,336 | R--- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2003/04/22 16:47:00 | 000,016,509 | R--- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1659004503-839522115-725345543-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1659004503-839522115-725345543-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://www.bing.com/search?FORM=U039DF&PC=U039&dt=072513&q={searchTerms}&src=IE-SearchBox

[essexboy]

You should be able to attach the otl file

[CAS159]

Okay I'm attaching the OLE.txt

[essexboy]

The two drivers cited are generic ones and generally will not have a signature attached

On completion of this can you let me know what problems you are experiencing

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
O3 - HKU\S-1-5-21-1659004503-839522115-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2011/04/14 02:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carman\Application Data\WhiteSmoke

:Files
C:\WINDOWS\tasks\At*.job

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[CAS159]

Good morning, I just got up.
OTL txt is attached  I'm not having any more problems with the y-axis of the mouse but I still can't update
windows xp with service packs.

[essexboy]

OK lets now check out the services

Download and run farbar service scanner



Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

[CAS159]

Sorry I just got home from moving two truckloads of stuff into a house.  I should be moved by
Sunday or Monday.
I attached FSS.txt.  I have to go to work but I will check back in 1 hour to see if you respond.
I'll be back from work 6am EST.

Thank you essexboy

[essexboy]

Hmm windows updates should be working, do you get an error code when you try to update