Results show clean, still infected...

[gilbert wham]

Been having trouble the past couple of weeks with IE popups, for quite vanilla companies as it goes, not your usual rag-bag of porn/gambling sites etc, more Dell, UPS, Ebay & the like.

Anyway, I've run Spybot, Ad-Aware, MBAM, scanned w/AVG and avast, which picked up a few bnits & bobs, and the machine now shows clean. However, it's still being plagued with pop-ups and Process Explorer shows two instances of IE that are running invisibly and using ~80% processor capacity. Killing them just results in them restarting & the machine grinding to a halt.

Eset online scan shows no infections, meither does MBAM. MBAM & HTJ logs & HJT uninstall list are attached. ESET didn't offer me the option of a logfile (that I couild see), presumably as it said I was clean.

Any Ideas?

[jholland1964]

Run HiJackThis on a Full System Scan and post that log for me, ok?

[gilbert wham]

Gah! I thought it'd been uploaded. Renamed it from .log to .txt. Here you go.

[jholland1964]

You are running an out of date version of HiJackThis. Delete that one and download and scan with the new version which you can get from HERE
Post back here with that new log.

[gilbert wham]

So I am - pulled it off a stick drive that i keep w/cleaner progs on it. I must not have updated it...
Here you go:

[jholland1964]

Gilbert don't really see much in the logs. You say these are "regular" pop-ups...i.e....not porn or that kind of stuff but things for Dell, e-Bay, etc. Sounds to me like your pop-up blocker is turned off. Have you checked that? Know it sounds simple but could be the problem. Check your IE settings in Tools...there is a pop-up blocker there, also a phishing filter. Also check your cookie settings in Tools, Internet Options, Privacy. At the bottom is a place to set up your Pop up blocker, what to allow and not allow. Some sites you would need to allow them because they are "working pop-ups"...for instance my bank's bill pay is a pop-up that opens to the accounts I pay online. If I have all pop-ups blocked then I cannot use that. Check out those settings there. You can also decide what filter level you want for pop-ups. Check all those settings.

[gilbert wham]

IE7 has the pop-up blocker in place. I couldn't see anything in the HJT log either, not that I'm an expert. Personally, I don't use IE at all, which is what strikes me as odd, as there's still 2 instances of IE running in the background all the time (see screendump). If I kill them, they restart, with a massive performance hit. Any idea what they could be?

[jholland1964]

Obviously something isn't right. Firefox has a pop up blocker also, are you using that?
Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

• Close all open Windows including this one.
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
  Doubleclick the combofix icon on the desktop to run the program.
  
  
  
  

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When all is complete then please post back here with that log.

[gilbert wham]

Here's the log. IE still running tho, and the popups are still happening n.b. popups are occurring even without a browser running.
ComboFix log attached

[jholland1964]

Here's the log. IE still running tho, and the popups are still happening n.b. popups are occurring even without a browser running.
ComboFix log attached

Let me go through this log gilbert and I will get back with you ASAP. It takes awhile to go through them.