Your first action that could solve the entire problem would be to initiate System Restore to a point before all this happened.
It's listed in the Start Menu under All Programs > Accessories > System Tools or simply go to Start/Run and type in rstrui.exe and click Enter. It takes a while to open.
Don't forget to update McAfee and Windows immediately afterwards. I trust this is Windows 7 SP1?
Edit: I see you've also posted on BleepingComputer forum...good for you, they are expert at this sort of thing.
Thanks for the quick response. I don't know why it hadn't occured to me to do a System Restore. Luckily a dell support app was updated a few hours before the apparent time of the infection, so I have a good restore point.
I'm going to head off and try that, thanks.
PS Yes I posted to BleepingComputer after hours of hair pulling. They seemed to be backlogged, so I figured if there was a silver bullet that I could find elsewhere, I could avoid the queue ... and that may be just what you've done for me!
OK good luck. If successful temporarily disable System Restore afterwards in order to delete the infected restore point. Be careful how you surf, what you download or file-share and always keep Windows totally updated, including Internet Explorer, even if you don't use it as other processes do use it.
Moved this one to Top Threats.
The symptoms are those of an infection by Zero Access. If using System Restore does not fix the problem, go to the VirusTotal website and submit the following file for testing : c:\windows\system32\consrv.dll
There are threads about Zero Access in Top Threats, and posters in this one were reporting the same symptoms that you had. Can you let us know if a System Restore manages to remove the infection?
Interesting because after I submitted my original post and before I saw the response, I was trying to turn off and on my Wifi to see if the Mcafee warning of removing DNSChanger!fa only ocurred with an internet connection and if I could see a change in processes that correlated. When the wifi was off for hours, no notifications. When it was on for 5 minutes, they resumed.
After that, I ran a full scan in McAfee again and I got a warning that zeroaccess.e had been found and quarantined. No previous scan after the initial infection turned that up.
I just did a restore to a point before the issues started. Firewall has been up for 30 minutes now without being disabled. I'm running McAfee and MWBAM now. Will update this when it's completed.
I'm sure everyone thinks this, but I'm very cautious about what I download/execute. The only thing downloaded the day of the infection was an auto-update to Dell Support Center (which I thought I had previously uninstalled). No file attachments to emails, no new program installations, etc. I'm concerned that this is related to the Dell thing.
Thanks for the input.
It appears that you are OK now....let's hope so. That is strange regarding the Dell update. I'm not too sure what to say about that!
I'm good guys, thanks for all the help!