Crazy Startup Shiznit
November 12, 2006 5:12 PM Subscribe
I'm checking over the health of a friend's Dell laptop. In System Information -> Software Environment -> Startup Programs, she has thousands of entries, consisting of all the files in the system32 folder. These entries are duplicated under the user names .DEFAULT and NTAUTHORITY\SYSTEM, and are in location "Startup". Is this a problem, why are the entries there, should I delete them, and how?
Response by poster: Thanks. Unfortunately, none of these things are listed in MSCONFIG; all the startup programs there seem to be benign.
posted by Arcaz Ino at 5:44 PM on November 12, 2006
posted by Arcaz Ino at 5:44 PM on November 12, 2006
If they are not in MSCONFIG under startup... I find it bizzare that they are showing up in Sys Info. Can you post a screenshot?
posted by SirStan at 6:07 PM on November 12, 2006
posted by SirStan at 6:07 PM on November 12, 2006
Response by poster: Screenshot
By the way, the C:\Documents and Settings\Default User\Start Menu\Programs\Startup folder is empty (except for desktop.ini).
posted by Arcaz Ino at 6:28 PM on November 12, 2006
By the way, the C:\Documents and Settings\Default User\Start Menu\Programs\Startup folder is empty (except for desktop.ini).
posted by Arcaz Ino at 6:28 PM on November 12, 2006
Did you do a virus scan? It was pretty common for viruses, trojans, bot, etc. to install visible startup items with bizarre or random process names. These days most malware is probably too clever for this but it was quite common.
You can also google for the various process names to figure out what they are. If it's legitimate, someone somewhere has probably already written about it on the web.
posted by chairface at 7:14 PM on November 12, 2006
You can also google for the various process names to figure out what they are. If it's legitimate, someone somewhere has probably already written about it on the web.
posted by chairface at 7:14 PM on November 12, 2006
Can't say I've ever seen that happen before, but two tools that I find absolutely valuable for stuff like this are process explorer and autoruns, formerly by sysinternals, now free from Microsoft:
AutoRuns
Process Explorer
posted by cheaily at 7:17 PM on November 12, 2006
AutoRuns
Process Explorer
posted by cheaily at 7:17 PM on November 12, 2006
Response by poster: The latest Symantec Antivirus is active and updated.
As I say, EVERY file in System32 is listed. Doesn't seem like typical virus behavior. Even things like calc.exe are listed, but they don't seem to load at startup. Or I'd see them.
This is very strange. Spread word unto your leetest friends.
posted by Arcaz Ino at 7:20 PM on November 12, 2006
As I say, EVERY file in System32 is listed. Doesn't seem like typical virus behavior. Even things like calc.exe are listed, but they don't seem to load at startup. Or I'd see them.
This is very strange. Spread word unto your leetest friends.
posted by Arcaz Ino at 7:20 PM on November 12, 2006
Response by poster: AutoRuns doesn't list the stuff, nor does Process Explorer. AutoRuns has lots of System32 entries, but for file associations, not for system startup. Many of the things that System Information claims are startup programs, are not listed in AutoRuns.
Thanks though.
posted by Arcaz Ino at 7:31 PM on November 12, 2006
Thanks though.
posted by Arcaz Ino at 7:31 PM on November 12, 2006
Under the circumstances as described, I'd be concerned about the health of the filesystem. NTFS doesn't succumb to crosslinked directories as easily as FAT did in the bad old days, but it's possible. Perhaps try tackling it from that angle rather than assuming the files are something you want to delete?
posted by majick at 9:10 PM on November 12, 2006
posted by majick at 9:10 PM on November 12, 2006
Which tool are you using in that screenshot? That's not a default XP tool...
posted by Dunwitty at 3:42 AM on November 13, 2006
posted by Dunwitty at 3:42 AM on November 13, 2006
Ah, the Microsoft Office System Info tool... hadn't seen that in a while. Never mind!
posted by Dunwitty at 3:44 AM on November 13, 2006
posted by Dunwitty at 3:44 AM on November 13, 2006
What's in C:\Documents and Settings\All Users\Start Menu\Programs\Startup?
Also, can you please run HijackThis and StartupList, save the scan logs, and post links to them?
posted by flabdablet at 4:11 AM on November 13, 2006
Also, can you please run HijackThis and StartupList, save the scan logs, and post links to them?
posted by flabdablet at 4:11 AM on November 13, 2006
Best answer: So there's this Dell desktop at work, and it has the same thing. It must be some strange Dell-specific bug. Doesn't seem to be a major problem.
Disk checks out fine.
posted by Arcaz Ino at 4:21 PM on November 14, 2006
Disk checks out fine.
posted by Arcaz Ino at 4:21 PM on November 14, 2006
This thread is closed to new comments.
Try using msconfig and disabling all of the applications (NOT SERVICES) under the startup tab. You can then enable the ones you need one by one.
posted by SirStan at 5:35 PM on November 12, 2006