Solved Initial Loading of Destktop Invokes 8 Instances of Notepad

I reformatted my Windows 8 partition this week and reinstalled Windows 8 and then Windows 8.1 beta due to a no sound and unexpected shutdown issue I had been having. All is well now with the new install, I have sound and it is no longer shutting down randomly. However, when the desktop view is first accessed after boot (whether from the desktop tile or by starting "control panel") I get 8 separate instances of Notepad that pop up, each with a dialog box containing a little yellow triangle with an exclamation mark and proclaiming "Access denied". All instances of Notepad are blank, and once I dismiss the 8 dialog boxes and close the 8 Notepad windows, I can freely go back and forth between the metro and desktop interfaces without them launching again.
Note: Full disclosure, during the reinstall of Windows 8, the machine still experienced unexpected shutdowns (3 or 4 times) during the early stages of getting updates. Once a certain point was passed in the update process, it has been rock solid, and has run continuously for the past 48 hours. The unexpected shutdowns could have certainly introduced some problems as above, but I don't know where to look.
This is a homebuilt AMD quadcore desktop dual booting Windows 7. No problems whatsoever on the Win 7 side.
Thanks!

You got the latest 8.1 Preview? Because the earlier ones had all kinds of bugs.

I would say, this sounds like a virus. Fresh install right? Check your Startup items in Task Manager, see if there are any files that are set to open on boot - Also check your Task Manager and see if anything is scheduled. An "Access Denied" message would be present if the system is trying to open any files located in Program Files or Windows folders.

Yes, it was the latest version obtained through the App Store process. I will check Task Manager and see what gives.

Check Task Scheduler as well.

It ALWAYS shows these notepad instances? Something has to be calling it up. Maybe even a driver trying to install but opening up the files in Notepad instead.

You should report this at Technet too.

It only does this the first time the desktop is called after boot.

Hmm, started Trend Micro Housecall in Windows 8, came back and found it shutdown (i'm on another laptop now). restarted into Windows 7 and will rerun scan to see what happens. Not sure what to make of this, because this is our livingroom media PC. Report later, thanks.

You may want to try TDSSKILLER:

TDSSKiller Rootkit Removal Utility Free Download | Kaspersky Lab US

And Malwarebytes Anti-Rootkit, which does a more comprehensive scan:

Malwarebytes : Malwarebytes Anti-Rootkit

and GMER which is a lot more advanced then either. All run Automatically.

GMER - Rootkit Detector and Remover

You MUST run all of those on the Primary Partition using the OS which is affected, so ya gotta scan inside of Windows 8.1

You may wanna do it for Windows 7 as well though.

Ran a Housecall scan in Windows 7, had a shutdown. Ran a quickscan of GMER in Windows 7, no problems. Now running a detailed scan of the two partitions (C and G in my case) and will see what happens. Thanks for all the suggestions.

Then you should try TDSSkiller asap! Run it on both 7 and 8.1

Ran TDSSKiller in Windows 7, and it found nothing. Rebooted into Windows 8 and ran TDSSKiller. It finds one suspicious object, medium risk threat each time; Hidden Service, Service: 16293819, service type: file system driver, service start: boot (0x0). File: C:\windows\system32\drivers\00857141.sys. If you delete and reboot, it generates a new suspicious object, different numbers but same location and risk level. Now scanning with malwarebytes. More to follow.

Ran GMER in Windows 8 and got warnings; found 2 highlighted entries: C:\ Windows\System32\Drivers\MBAMChameleon.sys and also same path \MBAMSwissarmy.sys. Stopped both processes and rebooted. Ran GMER scan again and it found the same file found in my previous post. Stopped its process. Rebooted, clean scan with all three malware programs suggested. (Checked for MBAM files after running malwarebytes, found none). Went in to Windows\System32|Drivers\ and deleted those files. At this point, when booting into Windows 8, after a brief pause at the Metro interface, one could hear the multiple Windows exception(?) audible alerts as Notepad launched, and then there they were when you got to the desktop. Ran Task Manager and checked the Startup tab. Found 8 (!) gibberish.txt files along with legitimate startup entries. Deleted the .txt files and the problem is gone, so I will mark this thread as solved. The only thing I don't understand is why running Trend Micro's Housecall scan caused an uncommanded shutdown in both Windows 8 and Windows 7. A subject for a different thread perhaps.
Again, thanks for everyones suggestions, I seem to have a happy computer again.

Those two entries are part of Malwarebytes - They act like rootkits to be able to run IF rootkits are in there. The Swiss Army Knife is how MBAM finds and stops malicious processes. The Chameleon process runs ONLY if Malwarebytes is locked out by a virus.

Malwarebytes is a very good Antimalware program, so I doubt if it was part of the problem, still it sounds like you had an older version of the program (withe the red icon? new one has a blue icon) - It was the 8 Gibberish entries that were coming up. - They may have been hidden which was why you didn't see them earlier.

These were in Windows 8.1 - And you downloaded it from the Store? That's very very odd.