Infected with Rogue-Anti Spyware 'Security System version 4.51'

monday apr 6th i was infected with a Rogue Anti-Spy/Adware/virus program called Security System version 4.51 -- i went through my control panel to remove the program-which didn't remove the program, just the icon from the tray -- i then did some research online about how to go about removing it -- i have downloaded Malwarebytes, Spyware Doctor, & HijackThis as instructed, however it allows me to download but not access to install -- my system is running extremely slow & i've tried to make sure that i have my system updated as Geekpolice has instucted (i.e. Java, Adobe Reader & updating windows) i have done so, but i can't access to make sure its gone through properly -- i was able to download Bright House's CAISS properly, & have performed a scan & removal -- however, it locates the rogue system, but cant remove it -- i contacted Bright House & they have informed me that the rogue system contains a trojan that has attatched itself to my registry & no software can remove this - they said now my only option is to reformat -- my computer is a Dell & my operating system is Windows XP -- the Bright House Representative gave me a number for Dell to contact for the reformatting, but i wanted to contact Geekpolice first to see if you can help me -- please help!! thank you!!

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 15:33:07.18 on Thu 04/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.48 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
AV: Windows Live OneCare *On-access scanning enabled* (Outdated)
FW: CA Personal Firewall *enabled*
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
C:\WINNT\system32\svchost -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k NetworkService
C:\WINNT\system32\svchost.exe -k LocalService
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Documents and Settings\Administrator\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe
C:\Documents and Settings\Administrator\My Documents\RCA EasyRip\EZDock.exe
C:\Documents and Settings\Administrator\My Documents\RCA EasyRip\PlayerLoader.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINNT\system32\Defrag.exe
C:\WINNT\system32\DfrgNtfs.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Pop-Up-Blocker]
uRun: [Tweak-XP]
uRun: [TransparentIcons]
uRun: [BlockAds]
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeper.exe" /0
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Drag'n'Drop_Autolaunch] "c:\program files\iomega hotburn\Autolaunch.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMJPMIG8.1] "c:\winnt\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\winnt\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\winnt\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Easy Dock]
mRun: [74479115] c:\documents and settings\all users.winnt\application data\74479115\74479115.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: []
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [00287823] c:\documents and settings\all users.winnt\application data\00287823\00287823.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\administrator\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\vcastm~1.lnk - c:\program files\verizon wireless\v cast music\V CAST Music Monitor.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\photag~1.lnk - c:\program files\photags express\Photags AutoDetect.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\winnt\system32\VetRedir.dll
Trusted Zone: identi-tape.com\www
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214968484475
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219851827154
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39532.836875
DPF: {D27CDB6E-AE6D-11CF-96B8-444552680000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\winnt\system32\drivers\ikfilesec.sys [2009-4-6 40840]
R0 KmxStart;KmxStart;c:\winnt\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 IKSysFlt;System Filter Driver;c:\winnt\system32\drivers\iksysflt.sys [2009-4-6 66952]
R1 IKSysSec;System Security Driver;c:\winnt\system32\drivers\iksyssec.sys [2009-4-6 81288]
R1 KmxAgent;KmxAgent;c:\winnt\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\winnt\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\winnt\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;c:\winnt\system32\drivers\vet-filt.sys [2009-4-7 26376]
R1 VET-REC;VET File System Recognizer;c:\winnt\system32\drivers\vet-rec.sys [2009-4-7 21128]
R1 VETEFILE;VET File Scan Engine;c:\winnt\system32\drivers\vetefile.sys [2009-4-7 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\winnt\system32\drivers\vetfddnt.sys [2009-4-7 21512]
R1 VETMONNT;VET File Monitor;c:\winnt\system32\drivers\vetmonnt.sys [2009-4-7 32264]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-4-7 144960]
R2 KmxCF;KmxCF;c:\winnt\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\winnt\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-8-8 28200]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-6 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-6 1079176]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-4-7 242952]
R3 KmxCfg;KmxCfg;c:\winnt\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 VETEBOOT;VET Boot Scan Engine;c:\winnt\system32\drivers\veteboot.sys [2009-4-7 108368]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2008-3-25 66591]
S3 hpoid407;IEEE-1284.4 Driver hpoid407;c:\winnt\system32\drivers\hpoid407.sys [2008-4-30 50480]
S3 hpoius07;USB to IEEE-1284.4 Translation Driver hpoius07;c:\winnt\system32\drivers\hpoius07.sys [2008-4-30 18960]

=============== Created Last 30 ================

2009-04-09 10:56 22 a------- c:\winnt\system32\access.tmp
2009-04-07 19:38 --d----- c:\docume~1\alluse~1.win\applic~1\00287823
2009-04-07 18:45 --d----- c:\docume~1\alluse~1.win\applic~1\00335602
2009-04-07 17:21 --d----- c:\docume~1\alluse~1.win\applic~1\00358745
2009-04-07 07:53 --d----- c:\docume~1\alluse~1.win\applic~1\00470306
2009-04-07 04:56 --d----- c:\docume~1\alluse~1.win\applic~1\00302565
2009-04-07 02:21 --d----- c:\docume~1\alluse~1.win\applic~1\00486289
2009-04-07 02:02 --d----- c:\winnt\CAVTemp
2009-04-07 01:30 108,368 a------- c:\winnt\system32\drivers\veteboot.sys
2009-04-07 01:30 880,560 a------- c:\winnt\system32\drivers\vetefile.sys
2009-04-07 01:18 32,264 a------- c:\winnt\system32\drivers\vetmonnt.sys
2009-04-07 01:18 21,512 a------- c:\winnt\system32\drivers\vetfddnt.sys
2009-04-07 01:18 26,376 a------- c:\winnt\system32\drivers\vet-filt.sys
2009-04-07 01:18 21,128 a------- c:\winnt\system32\drivers\vet-rec.sys
2009-04-07 01:18 79,424 a------- c:\winnt\system32\vetredir.dll
2009-04-07 01:18 75,016 a------- c:\winnt\system32\isafprod.dll
2009-04-07 01:18 99,592 a------- c:\winnt\system32\isafeif.dll
2009-04-07 01:14 --d----- c:\program files\common files\Scanner
2009-04-07 01:12 --d----- c:\docume~1\alluse~1.win\applic~1\CA
2009-04-07 01:11 --d----- c:\program files\CA
2009-04-06 21:26 81,288 a------- c:\winnt\system32\drivers\iksyssec.sys
2009-04-06 21:26 66,952 a------- c:\winnt\system32\drivers\iksysflt.sys
2009-04-06 21:26 40,840 a------- c:\winnt\system32\drivers\ikfilesec.sys
2009-04-06 21:26 29,576 a------- c:\winnt\system32\drivers\kcom.sys
2009-04-06 21:26 --d----- c:\program files\Spyware Doctor
2009-04-06 21:26 --d----- c:\docume~1\admini~1\applic~1\PC Tools
2009-04-06 20:44 --d----- c:\docume~1\admini~1\applic~1\GetRightToGo
2009-04-06 19:48 --d----- c:\docume~1\alluse~1.win\applic~1\00057903
2009-04-06 19:24 324,608 a------- c:\winnt\unSpySweeper.exe
2009-04-06 19:24 --d----- c:\program files\Webroot
2009-04-06 18:44 --d----- c:\docume~1\alluse~1.win\applic~1\74479115
2009-03-12 11:10 --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-02-09 06:13 1,846,784 a------- c:\winnt\system32\win32k.sys
2008-03-26 01:30 21,952 a---h--- c:\program files\folder.htt
2008-03-26 01:30 271 ---sh--- c:\program files\desktop.ini
2008-11-02 23:11 32,768 a--sh--- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110220081103\index.dat

============= FINISH: 15:40:06.72 ===============

Quite honestly, this infection is easy to remove. Formatting is NOT an option until I say otherwise.

Have you managed to install Hijack This? because I need an uninstall list before we do anything.

From your first post, the malware won't allow you to install it? is this still happening?

ok i downloaded HijackThis again and got it to run!

Hello.
Good, lets start with an uninstall log.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Bonjour
BroadJump Client Foundation
CA Internet Security Suite
Google Toolbar for Internet Explorer
GTOneCare
HijackThis 2.0.2
Hotfix for MDAC 2.53 (KB927779)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Iomega HotBurn
iTunes
LG USB Drivers
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Protection Service
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Live OneCare Resources v2.5.2900.15
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.0.2500.32 Idcrl Install
Microsoft Windows OneCare Live v2.5.2900.15
MUSICMATCH Jukebox
PCI SoftV92 Modem
PhoTags Express
PX Engine
QuickTime
RCA Detective 1.0.0.96
RCA EasyRip 1.4.2.0
Rhapsody
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Spy Sweeper
Spyware Doctor 6.0
Tweak-XP
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
V CAST Music
V CAST Music Essentials Manager
Winamp
Windows Live OneCare
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Service Pack 3

Hello.

You are running two AV's, this is a bad idea as they can conflict and cause problems. I see Windows one care and CA.
I would recommend that you remove CA to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• CA Internet Security Suite
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

ok - trial version of windows one care is currently expired - should i uninstall both windows one care and CAISS?

No, uninstall Windows one care if trial is over. Keep CA.

After that, run MBAM.

so sorry for delay -- spilled wine on keyboard -- copy/paste is only option --
followed instructions -- working better -- much more to report -- will get back asap w/new keyboard
much thanks!