21 Days ago, while browsing the local paper, there was a flash and something appeared on my Desktop. Norton ignored it. I scanned it manually, nothing was found. I deleted it and emptied trash. Ran full scan. No problems found.

Over the next weeks, I got a couple of those annoying popups "your computer is infected" but no other issues. I did see more spam email.

Today, Norton stopped. Live Update failed. I contacted Tech Support and ended up having Norton Reintalled (free) and a rootkit removed by remote assistance ($$$). He found no other issues but that. No other spyware/malware.

1 - How do I know the rootkit and all components are gone? It seems more complicated than what I watched him do. A couple of reg edits. Delete a file. He worked fast.

2 - What do I have to do now? What should I watch for? I have 7 days to contact them if problem persists.

It's not that I don't trust the technician but this computer is my bread and butter. Anyone have suggestions?

Thank you

-Amy

lazykins, hang in there. Someone will be along to evaluate your Sysprot log and advise you further.

---

lazykins wrote:
Here is my root scan. Thank you!

---

From your original post it would seem very unlikely that you originally had a rootkit infection.

Since your Sysprot log has been verified clean by mdturner, this would seem to indicate that if there was a rootkit it is gone. Just to make sure there is no other malware on your PC download, install, update, and run a full scan with Malwarebytes Antimalware. MBAM

This is what the Malwarebytes scan found today:

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Should I allow the program to remove those last two?

Thanks in advance for your advice.

-A

21 Days ago, while browsing the local paper, there was a flash and something appeared on my Desktop. Norton ignored it. I scanned it manually, nothing was found. I deleted it and emptied trash. Ran full scan. No problems found.

Over the next weeks, I got a couple of those annoying popups "your computer is infected" but no other issues. I did see more spam email.

Today, Norton stopped. Live Update failed. I contacted Tech Support and ended up having Norton Reintalled (free) and a rootkit removed by remote assistance ($$$). He found no other issues but that. No other spyware/malware.

1 - How do I know the rootkit and all components are gone? It seems more complicated than what I watched him do. A couple of reg edits. Delete a file. He worked fast.

2 - What do I have to do now? What should I watch for? I have 7 days to contact them if problem persists.

It's not that I don't trust the technician but this computer is my bread and butter. Anyone have suggestions?

Thank you

-Amy

Lazykins:

Those are just the registry entries made when Norton turns of the Windows firewall and notification.  There is no problem with those entries.

If you tell MBAM to fix, you will just have to go back and turn off the same items to prevent conflict.

For info, what rootkit did tech support say that you had?

He only used the word rootkit to describe it. He used a cmd prompt to copy a hidden? file to another file, then copied the name of that file into our chat session. 

I should have written it down but I thought it would be in the transcript... frankly, it looked like he was typing gibberish. When I looked at my saved transcript, nothing was there.

I have emailed Norton to ask for more specific information, maybe they keep records. I need to pursue the events of 9-19 a little further.

I really appreciate everyone's help on here. I'm glad to know that my machine is somewhat healthy right now.That was my main concern.

-A

Lazykins:

Go ahead and get MBAM to take out the two popcaploader files if you haven't already.  I had the log rolled up too far.

Done. I left the Windows Security ones alone. Thank you again for your work on this forum.

-A. Lazykins