On Saturday, my IE suddenly froze and then closed, but then restarted but instead of my homepage normally coming up, I had this screen that said "Insecure Internet Activity: Threat of Virus Attack" and it was telling me I should register my antivirus software, etc, to be safe. So I went to that link that was provided on there (can't remember the name of the software though), and in a panic, I clicked to try to fix it. But my IE kept closing down, and everytime I tried to open it up, I'd get that same Insecure Activity page. So I did a system restore to the last restore point, and that seemed to solve the problem. However, I am very paranoid that this thing could still be on my computer hidden in the background, with keyloggers, spyware, etc. :fear: So if anyone here can help me to determine if my computer is ok, I would really appreciate it. Thanks.

I am using AVG Antivirus, and Windows Vista. AVG hasn't found anything.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:20 PM, on 12/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Laurie\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Laurie\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10513 bytes

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

I'm not seeing anything in the HJT log, let start the investigation like this.

1) Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/mbam/mbam-setup.exe <<< here

http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

2) Post an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks

Thanks for helping me out! Ok, I did the things that you asked, and I'm posting the three requested lists below. Malwarebyte's Anti-Malware didn't find anything though. :sad: I really hope we can get this resolved.

Malwarebyte log:
Malwarebytes' Anti-Malware 1.31
Database version: 1500
Windows 6.0.6000

12/14/2008 3:58:42 PM
mbam-log-2008-12-14 (15-58-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 110302
Time elapsed: 42 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:41 PM, on 12/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Laurie\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Laurie\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10370 bytes



HJT Uninstall List:

Acer Arcade Deluxe
Acer Assist
Acer Crystal Eye webcam
Acer Crystal Eye Webcam Video Class Camera
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acer Tour
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player
AIM 6
ALPS Touch Pad Driver
AppCore
AV
AVG Free 8.0
Big Kahuna Reef 2
Cake Mania
ccCommon
Dynasty
Galapago
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Launch Manager
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Luxor 2
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2005 Redistributable
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Mystery Case Files - Prime Suspects
Mystery Case Files Ravenhearst
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
PowerProducer 3.72
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SPBBC 32bit
Star Defender 3
Treasures of the Deep
Viewpoint Media Player
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Yahoo! Toolbar
Zuma Deluxe

Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.

Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Reader 8.1.3 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows
http://www.foxitsoftware.com/pdf/rd_intro.php

Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Old versions that can be exploited, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php

Viewpoint Media Player
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546

C:\Users\Laurie\Desktop\HiJackThis.exe <<< located unsafely, appears the directions were not read, follow these directions:
Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log. <<< close HJT until I ask for a log.

This is out next problem:
You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp

Look at the uninstall list, Norton AntiVirus, Norton Internet Security/Symantec is all over, also running in the HJT log along with AVG Free 8.0. Please decide what antivirus program you wish to run and uninstall the other one. Once that is done, post a new HJT log, describe any malware issues at that point.

Thanks

Ah, yeah, the Adobe Reader issue makes a lot of sense now! The night that I started having that "Insecure Internet Activity" issue and things started getting a bit funky with my computer, such as Norton not opening up--right before IE froze on me and all that happened, I noticed in my IE status bar that it was downloading some pdf. I had also had some issues with Adobe error windows and IE closing down in the recent past.

I've done the things that you suggested:

--I downloaded Adobe Reader 9.

--I removed Java Updates 3, 5, and 7.

--For some reason when I first downloaded HJT the first time, it didn't automatically install into my Program Files, but this time, it did...strange. It should be ok now.

--I had to use the help of the Norton Removal Tool from their website to uninstall Norton. It's gone now.

--I removed Viewpoint Media Player.

I believe that was everything that you asked for--let me know if I missed anything. Since you were not seeing anything in my log, and the Malwarebyte didn't catch anything, I am wondering what could be going on, since Norton still wasn't opening up. Could there still be a virus on my computer somewhere in the background?

Lastly, here's my new HJT log. Thanks again very much for working with me on this!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:54 PM, on 12/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Laurie\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8022 bytes

I am wondering what could be going on, since Norton still wasn't opening up. Could there still be a virus on my computer somewhere in the background?
It could be Norton was corrupted, you keep an eye open for anything tangible to tell me, watch for any error messages as we proceed with some cleaning.

I do not own Vista, but this information may help you:
http://windowshelp.microsoft.com/windows/en-us/Help/596FB57F-CC9D-4AC5-A813-5C0830E9156A1033.mspx

1) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

2) Run DISK CLEANUP: ALL PROGRAMS > ACCESSORIES > SYSTEM TOOLS > DISK CLEANUP

3) I will post this tutorial for you if you can use it.
How to Install Free version AVG 8.0 without LinkScanner feature
http://russelltexas.com/tutorials/avg8install.htm

4) Let's have AVG 8 take a look like this:
*Right click the icon for AVG in System Tray and choose Open AVG User Interface.

*Click on Update now, allow AVG to download and install any new updates.

* Click on Computer Scanner then choose "Scan whole computer", this takes a round one hour on the computer I am using now.

* Near the bottom above the words "The scan is complete" choose "Export overview to file"

* Choose Desktop and give it a name you will recognize like AVG Scan Results, then choose SAVE.

* Close results and close the Interface.

* Copy and paste the contents of that file to this topic unless it is clean.

Thanks

Hmm. Norton seemed to be working ok before the incident though. But is it possible for a system restore to remove a virus? Because when I did that, the "Insecure Internet Activity" window stopped coming up. But Norton quit working.

I clicked and fixed all those line items that you said to click. But the SearchAssistant and CustomizeSearch items are still there when I run a new scan. The other two seem to be gone, though.

Here is my log from the AVG Scan. These are the warnings that I always get, but for some reason, I can't force removal.

"Scan ""Scan whole computer"" was finished."
"Infections found:";"0"
"Infected objects removed or healed:";"0"
"Not removed or healed:";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"131"
"Information count:";"0"
"Scan started:";"Sunday, December 14, 2008, 9:12:00 PM"
"Scan finished:";"Sunday, December 14, 2008, 9:50:01 PM (38 minute(s) 1 second(s))"
"Total object scanned:";"885139"
"User who launched the scan:";"Laurie"

"Warnings"
"File";"Infection";"Result"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt:\adopt.euroclick.com.17044b51";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt:\adopt.euroclick.com.6d7740f7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt:\adopt.euroclick.com.8b1bd7bc";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt:\adopt.euroclick.com.891542da";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt:\adopt.euroclick.com.fb764ef7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@adopt.euroclick[1].txt:\adopt.euroclick.com.ffe11db7";"Found Tracking cookie.Euroclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@advertising[2].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@bs.serving-sys[2].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[2].txt";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[2].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[2].txt:\casalemedia.com.3a28db8d";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[2].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[2].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@casalemedia[2].txt:\casalemedia.com.f31be13a";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[1].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[1].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt:\fastclick.net.57e8da10";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt:\fastclick.net.6fd479aa";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt:\fastclick.net.9b41aa53";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt:\fastclick.net.bb8bcae";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[2].txt:\fastclick.net.fac3d6f0";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@m.webtrends[1].txt";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@m.webtrends[1].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@mediaplex[1].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@mediaplex[1].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@revsci[1].txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@revsci[1].txt:\revsci.net.1635d65f";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@revsci[1].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@revsci[1].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@revsci[1].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.255d6f2f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.400f83f";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.4b416ef8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.606c3d3b";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.6a1cf9e8";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@serving-sys[1].txt:\serving-sys.com.c9034af6";"Found Tracking cookie.Serving-sys";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.27341d57";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.5935e89";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.a3218a37";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.c4fe2ebb";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.cd7ce44f";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.e9f57f8";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tacoda[1].txt:\tacoda.net.ed9c50d1";"Found Tracking cookie.Tacoda";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tradedoubler[2].txt";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tradedoubler[2].txt:\tradedoubler.com.dc3c9994";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tradedoubler[2].txt:\tradedoubler.com.eab0972e";"Found Tracking cookie.Tradedoubler";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@trafficmp[2].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tribalfusion[2].txt";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@tribalfusion[2].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@zedo[1].txt";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@zedo[1].txt:\zedo.com.775ee79c";"Found Tracking cookie.Zedo";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@atdmt[1].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@atdmt[1].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@mediaplex[2].txt";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@mediaplex[2].txt:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\laurie@mediaplex[2].txt:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e762f029";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adbrite[1].txt";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adbrite[1].txt:\adbrite.com.44f92a69";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adbrite[1].txt:\adbrite.com.557c9f74";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adbrite[1].txt:\adbrite.com.71beeff9";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adbrite[1].txt:\adbrite.com.d5e309c2";"Found Tracking cookie.Adbrite";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adrevolver[1].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adrevolver[1].txt:\adrevolver.com.61b5dd52";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adrevolver[1].txt:\adrevolver.com.9b9d670a";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@adrevolver[1].txt:\adrevolver.com.f6cfcad4";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@advertising[1].txt:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@atdmt[2].txt";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@atdmt[2].txt:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@casalemedia[2].txt";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@casalemedia[2].txt:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@casalemedia[2].txt:\casalemedia.com.6a12b080";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@casalemedia[2].txt:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@casalemedia[2].txt:\casalemedia.com.837115b5";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@casalemedia[2].txt:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@doubleclick[2].txt";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@doubleclick[2].txt:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@m.webtrends[2].txt";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0";"Found Tracking cookie.Webtrends";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@media.adrevolver[1].txt";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@media.adrevolver[1].txt:\media.adrevolver.com.5fed601d";"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@msnportal.112.2o7[1].txt";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@questionmarket[1].txt";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@questionmarket[1].txt:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@questionmarket[1].txt:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@realmedia[1].txt";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@realmedia[1].txt:\realmedia.com.68087763";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@revsci[1].txt";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@revsci[1].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@revsci[1].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@revsci[1].txt:\revsci.net.e9dbeb91";"Found Tracking cookie.Revsci";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@trafficmp[1].txt";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@trafficmp[1].txt:\trafficmp.com.37644bdb";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@trafficmp[1].txt:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@trafficmp[1].txt:\trafficmp.com.ae53b8b";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@trafficmp[1].txt:\trafficmp.com.e2e71e33";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"
"C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\Low\laurie@trafficmp[1].txt:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Potentially dangerous object"

But is it possible for a system restore to remove a virus?
When you have looked at as many infected computers as I have, you begin to believe anything is possible. Hackers follow no rules and the malware could have corrupted Norton files, that is the first program they try to disable. The System Restore to a clean restore point could very well have removed the infection. I am not 100% sure of how System Restore works on this operating system, here is information:
Windows Vista System Restore Guide
http://www.bleepingcomputer.com/tutorials/tutorial143.html

These are the warnings that I always get, but for some reason, I can't force removal
What does that mean? Are you talking about the items in Add Remove program? It is likely malware programs removed the stuff and just the entry in Add Remove is all that remains. I suggest you use Search Companion (or the Vista version of it) to search for the programs and if SC can't locate them, don't concern yourself.

I hope you had AVG delete or quarantine all of those junk cookies? Here is information to help you control cookies:
http://www.mvps.org/winhelp2002/cookies.htm
http://www.microsoft.com/windows/ie/using/howto/privacy/config.mspx

If there is nothing else, here is some good information:

(all information will not apply to Vista)
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html

I understand about Norton now--thanks!

Thanks for all of that information--I will look through it later when I get home. The links about the cookies look quite helpful.

As for the AVG warnings about the tracking cookies--what I meant was, when I tried to have AVG delete them, it froze up my computer. And I tried looking for this stuff manually when I allowed it to show hidden files, but couldn't find it. :sad: Deleting files and cookies via IE doesn't help either...these 100+ cookies in that AppData folder are always found whenever AVG runs a scan. Are cookies even supposed to be stored in that location?

Is there anything else that I can do to try to ensure that there's not a virus hidden on my computer from the incident?

Open that folder and delete the cookies manually, I have do idea why AVG is not removing them? I know with Vista, tools must be run as administrator.
C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Cookies\ <<< that folder, delete the contents, not the folder.

I can post additional scan if you want:

Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here.

I was able to remove the tracking cookies with AVG after running it as administrator. Hopefully that's clean now. I then ran Kaspersky, and it didn't find anything. I haven't noticed anything strange on my computer since removing Norton. Is it safe now to say that my computer may be clean and that virus is gone?

I'll take a look at the links that you provided. Thanks again so much! :santa:

Is it safe now to say that my computer may be clean and that virus is gone?
Yes...I believe we removed the malware.

Safe surfing and Happy Hollidays:santa: