We help IT Professionals succeed at work.

unknown popup appearing at startup of Windows 7 Ultimate Service Pack 1

GMartin
GMartin asked
on
402 Views
Last Modified: 2014-12-19
Hello and Good Evening Everyone

            I am getting a popup of unknown origin at startup of Windows 7 Ultimate with SP1.  The popup reads as follows:  You have 164 tracks in cache to play right now with options of Remind Me Later and Play Fresh Music.  I did run the following utilities earlier which found and removed some Trojans, spyware, and some other types of malware: ComboFix, Malwarebytes, and Panda Cloud Anti-Virus.  Despite of the successful cleanup, the popup still remains which brings me to this post requesting advise.  

           Any shared suggestions or tips for resolving the popup that stays on the screen until closed will be deeply appreciated.  

          Thank you

          George
Comment
Watch Question

10023Web site maintenance and design
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Most Valuable Expert 2015
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Hello and Good Afternoon Everyone,

            I just want to take a moment and provide some updates.  First of all, I did notice the offending entry HitsBlender within Applications of Task Manager.  I did uncheck it and saved the changes.   While it did temporarily remove the popup, it did reappear following reboot.  I did a further follow up by unchecking the offending entry of HitsBlender within msconfig, clicked Apply, clicked OK, and restarted the pc.  I am happy and very pleased to say the desktop popup is gone.  

           At this point, I do have a follow up question which is in need of resolution in order to provide full closure of this post.  Whenever I type in a web site address within IE or Google Chrome which request login credentials, the page redirects to an unknown page full of ads.  Should I use HiJackThis to resolve this issue?  If so, could someone provide a direct download link to that latest free version of it?  I believe there is a website, http://www.hijackthis.de/ which can be used to analyze the saved log file created from HiJackThis.  Based upon my personal recollections of using HiJackThis, I believe I upload the saved log file to the mentioned website address for analysis.  Each offending entry is marked with a red X and is termed a "nasty" entry which needs removal.  Seeing that the problem pc is having issues, can I possibly carry out any further troubleshooting procedures within Safe Mode with Networking?

          In closing, I apologize for these follow up questions.  I am optimistic any further shared insights will result in a comprehensive resolution to my concerns.

          Many thanks once again.

          George
10023Web site maintenance and design

Commented:
Just a thought...
Did you follow through with John's advice and rerun malwarebytes??
10023Web site maintenance and design

Commented:
I mean after you stopped the offending .exe from running??
CERTIFIED EXPERT
Most Valuable Expert 2015
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
10023Web site maintenance and design
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Hello and Good Evening Everyone

            The only problem I am having at this point is with my browsers, both, IE and Google Chrome.  Everything else is fine.  Since the browsers work just fine in Safe Mode with Networking and not in Normal Mode, I believe I need a program specialized in removing malicious embedded code within browsers like HiJackThis.  I have downloaded and installed the latest HiJackThis within Safe Mode and found the link of http://sourceforge.net/p/hjt/support-requests/ as a support page.  At this point, I am wondering how I might can uploaded my saved HiJackThis log file to this site for analysis.  

            Any shared ideas for accomplishing this goal will be greatly appreciated.

            Thank you

            George
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Hello

           Yes, I carried out a full IE Reset and restarted both the browser and Windows 7.  Unfortunately, it did not resolve the issue.  I am not exactly sure I carried out the steps that you have in mind though.  If you would, can you outline the steps as you would do it?  

           By the way, I am uploading a saved log file generated by HiJackThis to be used for future analysis by the site which isolates the entries to correctly delete.   The popups which happen are only noticed when surfing the web within Normal Mode and not Safe Mode.   The desktop popup originally reported is now gone.

           Thanks

           George
hijackthis120714.txt
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
10023Web site maintenance and design

Commented:
Logfile-of-Trend-Micro-HijackThis-v2.docGeorge,
You have a lot of add-ons the browser and from the analysis trendmicro did you browser needs updating.  When deal with browsers I shut down all extensions and addons....
You have some directory problems according to trend micro...see the attached analysisLogfile-of-Trend-Micro-HijackThis-v2.doc

Author

Commented:
Hello

          Unfortunately, when the log file opens in Notepad, it consist of what appears to be machine code filled with symbols.  Can you possibly send me a link you uploaded the log file to when doing the analysis?  Will it be able to show which entries need to be deleted within HiJackThis?

          Thanks

          George
10023Web site maintenance and design

Commented:
George, it only gives recommendation...it's an iffy process...i kinda agree with John on this
One thing you can do is selectively or disable all of the extensions and addon's and make sure the directories are right per recommendations...you can generate the same report with your file by going to:
http://www.hijackthis.de/#anl
and pasting in your file for the same report.
Sorry about that office file but could not get it to render all the glitz any other way

Author

Commented:
Hello and Good Afternoon Everyone,

             I was able to resolve the original posted problem by simply going into msconfig and unchecking the offending loading entry within the Startup tab which resulted in the desktop popup.  However, there were unexpected and further popups which revealed themselves whenever any of my browsers were opened.  Despite of a battery of anti-malware utilities being run in addition to resetting the browsers IE and Google Chrome back to their default settings, the popups remained.  At any rate, I was able to fully resolve all of my issues by fully wiping and reloading Windows 7 with SP1.  Under the circumstances and seeing that I had all of my end user files backed up, I felt it would be the best option.

             In closing, I want to sincerely thank everyone for their shared insights and resourceful links. All feedback given was certainly found germane to the original concern posted.  

             George
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
George - you are very welcome and I was happy to help.
CERTIFIED EXPERT
Most Valuable Expert 2015

Commented:
I suggest for the future whenever you install software, to carefully read the installation screens and make sure you don't select any of the useless addons that are often included too. Also make sure that you always use the PC as a standard user, and not as a user with admin rights.
10023Web site maintenance and design

Commented:
GMartin,
thanks for the excellent feedback...it helps everyone!!

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.