Odd Popup

Anybody recognize this popup? It appears at startup on a win 7 64 bit laptop.

No telling what the owner has installed on it in the past, but the computer is apparently malware free now.

Avast & MBAM find nothing. ADWcleaner, Junkware Removal Tool, and ZHP Cleaner found & deleted some PUPS.

It looks very McAfee-ish, so I manually deleted all references to McAfee from the registry.

But it still pops up.

Edit: If you "Click to Renew" nothing happens.

I have googled, ixquicked, and duckducked, for both info and images. No luck.

It is not malware, so you could offer advice without getting in trouble (I think). ;)

Thanks for any suggestions.

Open CCleaner--tools--startup, look in scheduled tasks and see if anything jumps out at you.

Also try Control Panel, Admin tools and look in Task Scheduler.

Also open control panel --notification area and see if it gives anymore info there for it.

When you know what it is (was) then just use Ccleaner tray notification cache tickbox to clean it, reboot and you should be done.

If the above doesn't work please let us know.

If CCleaner doesn't find it, here's all the "run" places I know of in the registry:

Run:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

RunOnce:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

RunServices:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Although depending upon what it is it could be started from elsewhere such as system files that start with the system, i.e.;

*.NT, *.INI

If it's actually antivirus related I've seen some of them modify for whatever reason:

autoexec.NT, boot.ini, system.ini, win.ini

All good ideas.

I'll be back at the computer soon and try them.

It belongs to a family member, and I know it had McAfee on it for a while.

I'll post back whatever happens.

Thanks very much.

I forgot to say, CCleaner found a few leftover items and deleted them.

Ran it twice, after everything else, to errr, well, clean up.

I just didn't think about checking the startup list or the task items. Duhh.

found this from 3yrs ago; http://www.bleepingcomputer.com/forums/t/455070/pc-power-speed-system-optimizer-infection/?p=2717234

seemed to be resolved by the OP following the malware removal advice.

@ mta: Oh dear. :o

That seems right on target, especially looking at post #17 even though my problem is on win 7.

If it is that complicated I probably will just go over to Bleeping and let them guide me thru it.

I'll be back at the computer today, will try everything starting with the easiest stuff and report back.

Thank you again.

If you're suspicious it's a file (and not a task or registry) and have some clue as to the name, Search Everything: http://www.voidtools.com/

indexes all the files on a computer and will sort through them in real time

OK. Thanks, winapp.

No luck yet.

Ran ADW, JRT, ZHP, HitmanPro, MBAM, Avast scan & Avast boot scan.

All found bits & pieces but eventually came clean.

Manually removed old Norton & Symantec entries.

I fear this is more invasive than I thought, and will eventually get into genuine malware removal, so will not pursue it here.

I suppose I'll go over to Bleeping and ask them to have a look, or just do a reinstall.

Thanks to all for the help and suggestions, it's very nice to have friends who will help.

All your suggestions helped, made the computer a bit faster, but the popup still pops.

Try doing the manual route. Boot with any external liveCD and check the file structure yourself for suspicious executables. Check the Documents and settings folder contents (users folder if you are running Vista and onwards). You could even try running an AV check from there. Some AV companies provide you with a "rescue" bootcd which enables you running their av from a livecd (commonly any Linux flavour).

EDIT. Just to be safe, run a FULL SCAN (scan all files). it will take a lot of time more though.

I'm starting to get uncomfortable with the direction of this thread, it's verging on Malware advice. If you are unsure the source of the pop-up you really need to seek out professionals via the forum's rule #10

I fear this is more invasive than I thought, and will eventually get into genuine malware removal, so will not pursue it here.

Done. :)

I am still going after it with a "surgical" approach, but may show up on bleeping any minute if that fails.

But no more here, don't want to cause discomfort.

Actually I fear that some gentle reader might try some of the steps suggested here and gum up his computer.

Actually I fear that some gentle reader might try some of the steps suggested here and gum up his computer.
Yup that's why we rule 10