Hello--

Earlier today, I found an issue where all google search result pages were being redirected through businesssite.net when I clicked on them, instead taking me to various "search result" pages unrelated to my original search.  Seeing this, I assumed spyware/malware/viruses of some sort, so I ran a couple programs to try to clean things out.  I ran (so far) SpyBot , Malwarebytes, SUPERAntiSpyware, and ComboFix.  Spybot detected and removed 26 items I believe and Malaware I think caught 11 more which all looked to be Trojan related.  Due to this, I at that point turned off System Restore and rebooted to remove any corrupt backup points.  I then ran SUPERAntispyware, but it didn't find anything new.  

The problem with Norton began when I then went to run ComboFix.  It directed me to disable any spyware/virus programs before running the scan.  It notifed me that Norton Internet Security was running and that I needed to disable it.  When I went to Start -> Programs, I'd click on Norton Internet Security, I'd get a cursor with an hourglass, but then nothing would open.  I then tried to open it through My Computer -> Programs, but the same result.  I can see that a new instance of uiStub2.exe would be created in Task Manager each time I tried to open NIS.  I'd try to kill extra instances of this program, but was getting an access denied message.

If I started my computer up in SafeMode, I did get a dialog box when I went to NIS from the start menu that said that there would be limited functionality, but asked if I'd like to run a full scan.  If I said yes, it seemed to be scanning OK.

I then tried to uninstall NIS so that I could do a clean install afterwards.  I first tried to uninstall through the integrated uninstall program at Start -> Programs.  Again, I'd get the cursor with the hourglass, but nothing would happen.  I then tried to uninstall through Add/Remove Programs in Control Panel, but had the same result.  In Safe Mode, when I went to do the Uninstall exe from the Start Menu, I was told that I needed to run it while my computer was in Normal mode.  I finally tried downloading the Norton_Removal_Tool from your website, but it also won't seem to run.  I can see that it's starting, as I see many instances of Norton_Removal_Tool.exe in my Task Manager, but I cannot kill any of them either and am getting the same access denied message.

I finally tried to put in my Norton Internet Security 2008 CD that came with my laptop to see if it might try to do an install once inserted.  Nothing ever opened.  I tried to do Add Programs through the Control Panel and pointed to the setup.exe file on the disk, but nothing happened again.

Note: Before today, I haven't had any issues with Norton.  It usually appears at the bottom right of my screen and my regular weekly scan ran without issue Monday night.

I'm unfortunately running out of ideas.  I'm wondering if the trojan that Malwarebytes detected has somehow attached itself to my antivirus program?  Any ideas to fix this situation would be appreciated.  

-Heather-

As I've noted in the subject of this thread, I'm using NIS 2008.  I downloaded the version of the removal tool that said it was compatible with 2008.  In case you also need my operating system, it's Windows XP.

I actually do have the logs of what was removed by Malwarebytes, which was the only one that detected Trojan files.  I didn't intially post it because I didn't know if it was needed yet.  Please see below:

Malwarebytes' Anti-Malware 1.44
Database version: 3527
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/9/2010 12:51:57 PM
mbam-log-2010-01-09 (12-51-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 211582
Time elapsed: 1 hour(s), 51 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e8wecrkkmv (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP327\A0066449.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP327\A0066450.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP327\A0066451.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

I also have my ComboFix log, which is the last scan that I ran, but I can’t post it as it exceeds 20,000 characters.  But if there’s a section in it that’d be helpful to post, please let me know and I’ll extract it.  I tried doing “add attachments” to this message, but for some reason it isn’t working for me.

I ran HijackThis.  Here's the results of my scan:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:32:59 AM, on 1/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security\osCheck.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080408
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = att.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = att.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = att.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11472 bytes

Please let me know if you'd also like me to run the tool that lists what starts at boot up.

Thanks!

wattshr:

When adding attachments, you need to save the log to Notepad, and add it as a .txt file.

Right, but unfortunately when I hit “Browse” to go look for that text file, no browser window is popping up.  It won’t let me physically type in the file path either.  When I try to type or to push the browse button, I just get an hourlass cursor like it’s trying to load something, but then it soon goes back to a regular cursor, much like what’s happening when I’m trying to run or uninstall NIS.  Not quite sure why it isn’t working :o(  Hopefully the other logs I posted might give someone an idea.

wattshr:

Without more information, it is necessary to make a best guess.  If you had 26 items removed by Spybot, and 11 more by MBAM, it would seem likely that you have a rootkit on your system. 

The use of Combofix just complicates the matter further, because it is an advanced program that can have unexpected effects on the operating system.  It is not the kind of program where you run it and fix what it says, without some kind of knowledge as to what it is doing.

I would recommend visiting one of the following malware removal sites for assistance.

www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

Hello--

Earlier today, I found an issue where all google search result pages were being redirected through businesssite.net when I clicked on them, instead taking me to various "search result" pages unrelated to my original search.  Seeing this, I assumed spyware/malware/viruses of some sort, so I ran a couple programs to try to clean things out.  I ran (so far) SpyBot , Malwarebytes, SUPERAntiSpyware, and ComboFix.  Spybot detected and removed 26 items I believe and Malaware I think caught 11 more which all looked to be Trojan related.  Due to this, I at that point turned off System Restore and rebooted to remove any corrupt backup points.  I then ran SUPERAntispyware, but it didn't find anything new.  

The problem with Norton began when I then went to run ComboFix.  It directed me to disable any spyware/virus programs before running the scan.  It notifed me that Norton Internet Security was running and that I needed to disable it.  When I went to Start -> Programs, I'd click on Norton Internet Security, I'd get a cursor with an hourglass, but then nothing would open.  I then tried to open it through My Computer -> Programs, but the same result.  I can see that a new instance of uiStub2.exe would be created in Task Manager each time I tried to open NIS.  I'd try to kill extra instances of this program, but was getting an access denied message.

If I started my computer up in SafeMode, I did get a dialog box when I went to NIS from the start menu that said that there would be limited functionality, but asked if I'd like to run a full scan.  If I said yes, it seemed to be scanning OK.

I then tried to uninstall NIS so that I could do a clean install afterwards.  I first tried to uninstall through the integrated uninstall program at Start -> Programs.  Again, I'd get the cursor with the hourglass, but nothing would happen.  I then tried to uninstall through Add/Remove Programs in Control Panel, but had the same result.  In Safe Mode, when I went to do the Uninstall exe from the Start Menu, I was told that I needed to run it while my computer was in Normal mode.  I finally tried downloading the Norton_Removal_Tool from your website, but it also won't seem to run.  I can see that it's starting, as I see many instances of Norton_Removal_Tool.exe in my Task Manager, but I cannot kill any of them either and am getting the same access denied message.

I finally tried to put in my Norton Internet Security 2008 CD that came with my laptop to see if it might try to do an install once inserted.  Nothing ever opened.  I tried to do Add Programs through the Control Panel and pointed to the setup.exe file on the disk, but nothing happened again.

Note: Before today, I haven't had any issues with Norton.  It usually appears at the bottom right of my screen and my regular weekly scan ran without issue Monday night.

I'm unfortunately running out of ideas.  I'm wondering if the trojan that Malwarebytes detected has somehow attached itself to my antivirus program?  Any ideas to fix this situation would be appreciated.  

-Heather-