This is what the Malwarebytes scan found today:

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Should I allow the program to remove those last two?

Thanks in advance for your advice.

-A

Lazykins:

Those are just the registry entries made when Norton turns of the Windows firewall and notification.  There is no problem with those entries.

If you tell MBAM to fix, you will just have to go back and turn off the same items to prevent conflict.

For info, what rootkit did tech support say that you had?

He only used the word rootkit to describe it. He used a cmd prompt to copy a hidden? file to another file, then copied the name of that file into our chat session. 

I should have written it down but I thought it would be in the transcript... frankly, it looked like he was typing gibberish. When I looked at my saved transcript, nothing was there.

I have emailed Norton to ask for more specific information, maybe they keep records. I need to pursue the events of 9-19 a little further.

I really appreciate everyone's help on here. I'm glad to know that my machine is somewhat healthy right now.That was my main concern.

-A

Lazykins:

Go ahead and get MBAM to take out the two popcaploader files if you haven't already.  I had the log rolled up too far.

Done. I left the Windows Security ones alone. Thank you again for your work on this forum.

-A. Lazykins